From 156426d36ef1b7447e7999d609b356b37bed1f21 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan=20R=C4=99korajski?= Date: Mon, 1 Feb 2010 13:24:59 +0000 Subject: [PATCH] - updated to 20090814 Changed files: ca-certificates-c_rehash.sh.patch -> 1.2 ca-certificates-etc-certs.patch -> 1.2 ca-certificates-more-certs.patch -> 1.2 ca-certificates-undebianize.patch -> 1.3 ca-certificates.spec -> 1.21 --- ca-certificates-c_rehash.sh.patch | 12 ++--- ca-certificates-etc-certs.patch | 88 ++++++++++++++++++------------- ca-certificates-more-certs.patch | 8 +-- ca-certificates-undebianize.patch | 55 ++++++++++--------- ca-certificates.spec | 23 +++++--- 5 files changed, 104 insertions(+), 82 deletions(-) diff --git a/ca-certificates-c_rehash.sh.patch b/ca-certificates-c_rehash.sh.patch index ad8074f..afe1a35 100644 --- a/ca-certificates-c_rehash.sh.patch +++ b/ca-certificates-c_rehash.sh.patch @@ -2,13 +2,13 @@ +++ ca-certificates/sbin/update-ca-certificates 2008-11-03 14:27:18.000000000 +0100 @@ -90,9 +90,9 @@ # only run if set of files has changed - - if [ "$verbose" = 0 ]; then -- c_rehash . > /dev/null 2>&1 -+ c_rehash.sh . > /dev/null 2>&1 + if [ "$verbose" = 0 ] + then +- c_rehash . > /dev/null ++ c_rehash.sh . > /dev/null else - c_rehash . + c_rehash.sh . fi - echo "done." - else + fi + diff --git a/ca-certificates-etc-certs.patch b/ca-certificates-etc-certs.patch index d174375..784bbe1 100644 --- a/ca-certificates-etc-certs.patch +++ b/ca-certificates-etc-certs.patch @@ -1,48 +1,60 @@ --- ca-certificates/sbin/update-ca-certificates 2008-11-01 18:39:19.000000000 +0100 +++ ca-certificates/sbin/update-ca-certificates-local 2008-11-01 19:17:39.138384960 +0100 -@@ -37,6 +37,7 @@ +@@ -37,7 +37,7 @@ CERTSCONF=/etc/ca-certificates.conf CERTSDIR=/usr/share/ca-certificates +-LOCALCERTSDIR=/usr/local/share/ca-certificates +LOCALCERTSDIR=/etc/certs CERTBUNDLE=/etc/openssl/ca-certificates.crt ETCCERTSDIR=/etc/openssl/certs cd $ETCCERTSDIR -@@ -46,6 +47,7 @@ - do - case $(readlink $symlink) in - $CERTSDIR*) rm -f $symlink;; -+ $LOCALCERTSDIR*) rm -f $symlink;; - esac - done - find . -type l -print | while read symlink -@@ -60,7 +62,7 @@ - removed="$(sed -ne 's/^!//p' $CERTSCONF | while read crt - do - if test "$crt" = ""; then continue; fi -- pem=$(basename "$crt" .crt).pem -+ pem=$(basename "$crt" | sed 's/.crt$/.pem/') - if test -e "$pem"; then - rm -f "$pem" - echo "-$ETCCERTSDIR/$pem" -@@ -70,11 +72,16 @@ - added="$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt +@@ -62,7 +62,7 @@ + # bundle. + add() { + CERT="$1" +- PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \ ++ PEM="$ETCCERTSDIR/$(basename "$CERT" | sed -e 's/.crt$/.pem/' -e 's/ /_/g' \ + -e 's/[()]/=/g' \ + -e 's/,/_/g').pem" + if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] +@@ -74,7 +74,7 @@ + + remove() { + CERT="$1" +- PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem" ++ PEM="$ETCCERTSDIR/$(basename "$CERT" | sed 's/.crt$/.pem/')" + if test -L "$PEM" + then + rm -f "$PEM" +@@ -110,24 +110,17 @@ + + sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt do - if test "$crt" = ""; then continue; fi -- if ! test -f "$CERTSDIR/$crt"; then continue; fi -- pem=$(basename "$crt" .crt).pem -+ if ! test -f "$CERTSDIR/$crt" && ! test -f "$LOCALCERTSDIR/$crt" ; then continue; fi -+ pem=$(basename "$crt" | sed 's/.crt$/.pem/') - if ! test -e "$pem"; then echo "+$ETCCERTSDIR/$pem"; fi -- ln -sf "$CERTSDIR/$crt" "$pem" -- cat "$CERTSDIR/$crt" >> "$bundletmp" -+ if test -f "$CERTSDIR/$crt" ; then -+ ln -sf "$CERTSDIR/$crt" "$pem" -+ cat "$CERTSDIR/$crt" >> "$bundletmp" -+ elif test -f "$LOCALCERTSDIR/$crt" ; then -+ ln -sf "$LOCALCERTSDIR/$crt" "$pem" -+ cat "$LOCALCERTSDIR/$crt" >> "$bundletmp" -+ fi - done)" - chmod 0644 "$bundletmp" - mv -f "$bundletmp" "$CERTBUNDLE" +- if ! test -f "$CERTSDIR/$crt" ++ if test -f "$CERTSDIR/$crt" + then ++ add "$CERTSDIR/$crt" ++ elif test -f "$LOCALCERTSDIR/$crt" ++ add "$LOCALCERTSDIR/$crt" ++ else +- echo "W: $CERTSDIR/$crt not found, but listed in $CERTSCONF." >&2 ++ echo "W: $CERTSDIR/$crt or $LOCALCERTSDIR/$crt not found, but listed in $CERTSCONF." >&2 + continue + fi +- add "$CERTSDIR/$crt" + done + +-# Now process certificate authorities installed by the local system +-# administrator. +-if [ -d "$LOCALCERTSDIR" ] +-then +- find -L "$LOCALCERTSDIR" -type f -name '*.crt' | while read crt +- do +- add "$crt" +- done +-fi +- + chmod 0644 "$TEMPBUNDLE" + mv -f "$TEMPBUNDLE" "$CERTBUNDLE" + diff --git a/ca-certificates-more-certs.patch b/ca-certificates-more-certs.patch index 7c303d3..17909aa 100644 --- a/ca-certificates-more-certs.patch +++ b/ca-certificates-more-certs.patch @@ -1,11 +1,11 @@ --- ca-certificates/Makefile~ 2008-06-23 20:57:45.000000000 +0200 +++ ca-certificates/Makefile 2008-11-01 13:10:32.000000000 +0100 @@ -5,7 +5,7 @@ + # + CERTSDIR = /usr/share/ca-certificates - SUBDIRS = spi-inc.org debconf.org mozilla \ - cacert.org brasil.gov.br signet.pl quovadis.bm \ -- telesec.de gouv.fr -+ telesec.de gouv.fr thawte certum +-SUBDIRS = spi-inc.org debconf.org mozilla cacert.org brasil.gov.br signet.pl telesec.de gouv.fr ++SUBDIRS = spi-inc.org debconf.org mozilla cacert.org brasil.gov.br signet.pl telesec.de gouv.fr thawte certum all: for dir in $(SUBDIRS); do \ diff --git a/ca-certificates-undebianize.patch b/ca-certificates-undebianize.patch index 43e689d..86ac0b7 100644 --- a/ca-certificates-undebianize.patch +++ b/ca-certificates-undebianize.patch @@ -4,29 +4,32 @@ diff -ur ca-certificates/sbin/update-ca-certificates ca-certificates-undebianize @@ -38,7 +38,7 @@ CERTSCONF=/etc/ca-certificates.conf CERTSDIR=/usr/share/ca-certificates + LOCALCERTSDIR=/usr/local/share/ca-certificates -CERTBUNDLE=ca-certificates.crt -ETCCERTSDIR=/etc/ssl/certs +CERTBUNDLE=/etc/openssl/ca-certificates.crt +ETCCERTSDIR=/etc/openssl/certs - cd $ETCCERTSDIR - if [ "$fresh" = 1 ]; then - echo -n "Clearing symlinks in $ETCCERTSDIR..." -@@ -88,15 +88,6 @@ - c_rehash . - fi - echo "done." -- -- HOOKSDIR=/etc/ca-certificates/update.d -- echo -n "Running hooks in $HOOKSDIR...." -- VERBOSE_ARG= -- [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose -- eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook; do -- printf -- "${removed:+$removed\n}${added:+$added\n}" | eval $hook -- done -- echo "done." - else - echo "done." + + cleanup() { + rm -f "$TEMPBUNDLE" +@@ -88,17 +88,6 @@ fi + + echo "$ADDED_CNT added, $REMOVED_CNT removed; done." +- +-HOOKSDIR=/etc/ca-certificates/update.d +-echo -n "Running hooks in $HOOKSDIR...." +-VERBOSE_ARG= +-[ "$verbose" = 0 ] || VERBOSE_ARG=--verbose +-eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook +-do +- ( cat $ADDED +- cat $REMOVED ) | $hook || echo E: $hook exited with code $?. +-done +-echo "done." + + # vim:set et sw=2: + diff -ur ca-certificates/sbin/update-ca-certificates.8 ca-certificates-undebianize/sbin/update-ca-certificates.8 --- ca-certificates/sbin/update-ca-certificates.8 2008-04-11 20:47:29.000000000 +0200 +++ ca-certificates-undebianize/sbin/update-ca-certificates.8 2008-11-01 12:18:14.000000000 +0100 @@ -40,18 +43,18 @@ diff -ur ca-certificates/sbin/update-ca-certificates.8 ca-certificates-undebiani .B update-ca-certificates .RI [ options ] @@ -26,7 +26,7 @@ - commands. This manual page was written for the Debian distribution. .PP --\fBupdate-ca-certificates\fP is a program that updates /etc/ssl/certs -+\fBupdate-ca-certificates\fP is a program that updates /etc/openssl/certs - directory to hold SSL certificates and generates certificates.crt that is - single-file version of CA certificates. + \fBupdate-ca-certificates\fP is a program that updates the directory +-/etc/ssl/certs to hold SSL certificates and generates certificates.crt, ++/etc/openssl/certs to hold SSL certificates and generates certificates.crt, + a concatenated single-file list of certificates. .PP + It reads the file /etc/ca-certificates.conf. Each line gives a pathname of @@ -34,11 +34,6 @@ - activated CA certificates under /usr/share/ca-certificates. - Lines that begin with "#" is comment line. - Lines that begin with "!" is deselect, deactivation of the CA certificates. + .PP + Furthermore all certificates found below /usr/local/share/ca-certificates + are also included as implicitly trusted. -.PP -Before terminating, \fBupdate-ca-certificates\fP invokes -\fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with diff --git a/ca-certificates.spec b/ca-certificates.spec index 87c5daf..8dca9a6 100644 --- a/ca-certificates.spec +++ b/ca-certificates.spec @@ -3,14 +3,14 @@ Summary: Common CA Certificates PEM files Summary(pl.UTF-8): Pliki PEM popularnych certyfikatów CA Name: ca-certificates -Version: 20081127 +Version: 20090814 Release: 1 License: distributable Group: Libraries Source0: ftp://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.gz -# Source0-md5: 4a4b07e755e1506cab753eec9a2e7157 +# Source0-md5: 307052c985bec7f9a00eb84293eef779 Source1: https://www.verisign.com/support/thawte-roots.zip -# Source1-md5: a3709cc0279ef3fca4f86ea775066b18 +# Source1-md5: 3e50e5facce6b6bfbf68271d066005fa Source2: http://www.certum.pl/keys/CA.pem # Source2-md5: 35610177afc9c64e70f1ce62c1885496 Source3: http://www.certum.pl/keys/level1.pem @@ -40,7 +40,8 @@ Patch1: %{name}-more-certs.patch Patch2: %{name}-etc-certs.patch Patch3: %{name}-c_rehash.sh.patch URL: http://www.cacert.org/ -BuildRequires: ruby +BuildRequires: coreutils +BuildRequires: python BuildRequires: unzip Obsoletes: certificates BuildArch: noarch @@ -69,15 +70,21 @@ Script and data for updating CA Certificates database. Skrypt i dane do odświeżania bazy certyfikatów CA. %prep -%setup -q -n %{name} +%setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 -%{__unzip} -qq %{SOURCE1} '*_b64.txt' -d thawte -for a in thawte/{,*/}*.txt; do - mv "$a" "${a%_b64.txt}.crt" +%{__unzip} -qq %{SOURCE1} -d thawte +# resolve file name clash +mv 'thawte/Thawte Roots/Thawte Extended Validation/thawte Primary Root CA - G1 (EV)/thawte_Primary_Root_CA.pem' \ + 'thawte/Thawte Roots/Thawte Extended Validation/thawte Primary Root CA - G1 (EV)/thawte_Primary_Root_CA_CC.pem' + +find thawte/ -name *.pem | while read f ; do + ff=$(echo $f | sed -e 's|[ ,]|_|g' -e 's|[()]|=|g') + fff="thawte/$(basename "$ff" .pem).crt" + tr -d '\r' < "$f" > "$fff" done install -d certum -- 2.44.0