+++ ca-certificates/sbin/update-ca-certificates 2008-11-03 14:27:18.000000000 +0100
@@ -90,9 +90,9 @@
# only run if set of files has changed
-
- if [ "$verbose" = 0 ]; then
-- c_rehash . > /dev/null 2>&1
-+ c_rehash.sh . > /dev/null 2>&1
+ if [ "$verbose" = 0 ]
+ then
+- c_rehash . > /dev/null
++ c_rehash.sh . > /dev/null
else
- c_rehash .
+ c_rehash.sh .
fi
- echo "done."
- else
+ fi
+
--- ca-certificates/sbin/update-ca-certificates 2008-11-01 18:39:19.000000000 +0100
+++ ca-certificates/sbin/update-ca-certificates-local 2008-11-01 19:17:39.138384960 +0100
-@@ -37,6 +37,7 @@
+@@ -37,7 +37,7 @@
CERTSCONF=/etc/ca-certificates.conf
CERTSDIR=/usr/share/ca-certificates
+-LOCALCERTSDIR=/usr/local/share/ca-certificates
+LOCALCERTSDIR=/etc/certs
CERTBUNDLE=/etc/openssl/ca-certificates.crt
ETCCERTSDIR=/etc/openssl/certs
cd $ETCCERTSDIR
-@@ -46,6 +47,7 @@
- do
- case $(readlink $symlink) in
- $CERTSDIR*) rm -f $symlink;;
-+ $LOCALCERTSDIR*) rm -f $symlink;;
- esac
- done
- find . -type l -print | while read symlink
-@@ -60,7 +62,7 @@
- removed="$(sed -ne 's/^!//p' $CERTSCONF | while read crt
- do
- if test "$crt" = ""; then continue; fi
-- pem=$(basename "$crt" .crt).pem
-+ pem=$(basename "$crt" | sed 's/.crt$/.pem/')
- if test -e "$pem"; then
- rm -f "$pem"
- echo "-$ETCCERTSDIR/$pem"
-@@ -70,11 +72,16 @@
- added="$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
+@@ -62,7 +62,7 @@
+ # bundle.
+ add() {
+ CERT="$1"
+- PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
++ PEM="$ETCCERTSDIR/$(basename "$CERT" | sed -e 's/.crt$/.pem/' -e 's/ /_/g' \
+ -e 's/[()]/=/g' \
+ -e 's/,/_/g').pem"
+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
+@@ -74,7 +74,7 @@
+
+ remove() {
+ CERT="$1"
+- PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem"
++ PEM="$ETCCERTSDIR/$(basename "$CERT" | sed 's/.crt$/.pem/')"
+ if test -L "$PEM"
+ then
+ rm -f "$PEM"
+@@ -110,24 +110,17 @@
+
+ sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
do
- if test "$crt" = ""; then continue; fi
-- if ! test -f "$CERTSDIR/$crt"; then continue; fi
-- pem=$(basename "$crt" .crt).pem
-+ if ! test -f "$CERTSDIR/$crt" && ! test -f "$LOCALCERTSDIR/$crt" ; then continue; fi
-+ pem=$(basename "$crt" | sed 's/.crt$/.pem/')
- if ! test -e "$pem"; then echo "+$ETCCERTSDIR/$pem"; fi
-- ln -sf "$CERTSDIR/$crt" "$pem"
-- cat "$CERTSDIR/$crt" >> "$bundletmp"
-+ if test -f "$CERTSDIR/$crt" ; then
-+ ln -sf "$CERTSDIR/$crt" "$pem"
-+ cat "$CERTSDIR/$crt" >> "$bundletmp"
-+ elif test -f "$LOCALCERTSDIR/$crt" ; then
-+ ln -sf "$LOCALCERTSDIR/$crt" "$pem"
-+ cat "$LOCALCERTSDIR/$crt" >> "$bundletmp"
-+ fi
- done)"
- chmod 0644 "$bundletmp"
- mv -f "$bundletmp" "$CERTBUNDLE"
+- if ! test -f "$CERTSDIR/$crt"
++ if test -f "$CERTSDIR/$crt"
+ then
++ add "$CERTSDIR/$crt"
++ elif test -f "$LOCALCERTSDIR/$crt"
++ add "$LOCALCERTSDIR/$crt"
++ else
+- echo "W: $CERTSDIR/$crt not found, but listed in $CERTSCONF." >&2
++ echo "W: $CERTSDIR/$crt or $LOCALCERTSDIR/$crt not found, but listed in $CERTSCONF." >&2
+ continue
+ fi
+- add "$CERTSDIR/$crt"
+ done
+
+-# Now process certificate authorities installed by the local system
+-# administrator.
+-if [ -d "$LOCALCERTSDIR" ]
+-then
+- find -L "$LOCALCERTSDIR" -type f -name '*.crt' | while read crt
+- do
+- add "$crt"
+- done
+-fi
+-
+ chmod 0644 "$TEMPBUNDLE"
+ mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
+
--- ca-certificates/Makefile~ 2008-06-23 20:57:45.000000000 +0200
+++ ca-certificates/Makefile 2008-11-01 13:10:32.000000000 +0100
@@ -5,7 +5,7 @@
+ #
+
CERTSDIR = /usr/share/ca-certificates
- SUBDIRS = spi-inc.org debconf.org mozilla \
- cacert.org brasil.gov.br signet.pl quovadis.bm \
-- telesec.de gouv.fr
-+ telesec.de gouv.fr thawte certum
+-SUBDIRS = spi-inc.org debconf.org mozilla cacert.org brasil.gov.br signet.pl telesec.de gouv.fr
++SUBDIRS = spi-inc.org debconf.org mozilla cacert.org brasil.gov.br signet.pl telesec.de gouv.fr thawte certum
all:
for dir in $(SUBDIRS); do \
@@ -38,7 +38,7 @@
CERTSCONF=/etc/ca-certificates.conf
CERTSDIR=/usr/share/ca-certificates
+ LOCALCERTSDIR=/usr/local/share/ca-certificates
-CERTBUNDLE=ca-certificates.crt
-ETCCERTSDIR=/etc/ssl/certs
+CERTBUNDLE=/etc/openssl/ca-certificates.crt
+ETCCERTSDIR=/etc/openssl/certs
- cd $ETCCERTSDIR
- if [ "$fresh" = 1 ]; then
- echo -n "Clearing symlinks in $ETCCERTSDIR..."
-@@ -88,15 +88,6 @@
- c_rehash .
- fi
- echo "done."
--
-- HOOKSDIR=/etc/ca-certificates/update.d
-- echo -n "Running hooks in $HOOKSDIR...."
-- VERBOSE_ARG=
-- [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
-- eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook; do
-- printf -- "${removed:+$removed\n}${added:+$added\n}" | eval $hook
-- done
-- echo "done."
- else
- echo "done."
+
+ cleanup() {
+ rm -f "$TEMPBUNDLE"
+@@ -88,17 +88,6 @@
fi
+
+ echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
+-
+-HOOKSDIR=/etc/ca-certificates/update.d
+-echo -n "Running hooks in $HOOKSDIR...."
+-VERBOSE_ARG=
+-[ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
+-eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook
+-do
+- ( cat $ADDED
+- cat $REMOVED ) | $hook || echo E: $hook exited with code $?.
+-done
+-echo "done."
+
+ # vim:set et sw=2:
+
diff -ur ca-certificates/sbin/update-ca-certificates.8 ca-certificates-undebianize/sbin/update-ca-certificates.8
--- ca-certificates/sbin/update-ca-certificates.8 2008-04-11 20:47:29.000000000 +0200
+++ ca-certificates-undebianize/sbin/update-ca-certificates.8 2008-11-01 12:18:14.000000000 +0100
.B update-ca-certificates
.RI [ options ]
@@ -26,7 +26,7 @@
- commands.
This manual page was written for the Debian distribution.
.PP
--\fBupdate-ca-certificates\fP is a program that updates /etc/ssl/certs
-+\fBupdate-ca-certificates\fP is a program that updates /etc/openssl/certs
- directory to hold SSL certificates and generates certificates.crt that is
- single-file version of CA certificates.
+ \fBupdate-ca-certificates\fP is a program that updates the directory
+-/etc/ssl/certs to hold SSL certificates and generates certificates.crt,
++/etc/openssl/certs to hold SSL certificates and generates certificates.crt,
+ a concatenated single-file list of certificates.
.PP
+ It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
@@ -34,11 +34,6 @@
- activated CA certificates under /usr/share/ca-certificates.
- Lines that begin with "#" is comment line.
- Lines that begin with "!" is deselect, deactivation of the CA certificates.
+ .PP
+ Furthermore all certificates found below /usr/local/share/ca-certificates
+ are also included as implicitly trusted.
-.PP
-Before terminating, \fBupdate-ca-certificates\fP invokes
-\fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with
Summary: Common CA Certificates PEM files
Summary(pl.UTF-8): Pliki PEM popularnych certyfikatów CA
Name: ca-certificates
-Version: 20081127
+Version: 20090814
Release: 1
License: distributable
Group: Libraries
Source0: ftp://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.gz
-# Source0-md5: 4a4b07e755e1506cab753eec9a2e7157
+# Source0-md5: 307052c985bec7f9a00eb84293eef779
Source1: https://www.verisign.com/support/thawte-roots.zip
-# Source1-md5: a3709cc0279ef3fca4f86ea775066b18
+# Source1-md5: 3e50e5facce6b6bfbf68271d066005fa
Source2: http://www.certum.pl/keys/CA.pem
# Source2-md5: 35610177afc9c64e70f1ce62c1885496
Source3: http://www.certum.pl/keys/level1.pem
Patch2: %{name}-etc-certs.patch
Patch3: %{name}-c_rehash.sh.patch
URL: http://www.cacert.org/
-BuildRequires: ruby
+BuildRequires: coreutils
+BuildRequires: python
BuildRequires: unzip
Obsoletes: certificates
BuildArch: noarch
Skrypt i dane do odświeżania bazy certyfikatów CA.
%prep
-%setup -q -n %{name}
+%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%{__unzip} -qq %{SOURCE1} '*_b64.txt' -d thawte
-for a in thawte/{,*/}*.txt; do
- mv "$a" "${a%_b64.txt}.crt"
+%{__unzip} -qq %{SOURCE1} -d thawte
+# resolve file name clash
+mv 'thawte/Thawte Roots/Thawte Extended Validation/thawte Primary Root CA - G1 (EV)/thawte_Primary_Root_CA.pem' \
+ 'thawte/Thawte Roots/Thawte Extended Validation/thawte Primary Root CA - G1 (EV)/thawte_Primary_Root_CA_CC.pem'
+
+find thawte/ -name *.pem | while read f ; do
+ ff=$(echo $f | sed -e 's|[ ,]|_|g' -e 's|[()]|=|g')
+ fff="thawte/$(basename "$ff" .pem).crt"
+ tr -d '\r' < "$f" > "$fff"
done
install -d certum