rpms / ca-certificates

Clone
Source Code
GIT

Blame ca-certificates.spec

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   54fae46d1e9ece9743849cb0bf806d1ff66eddd5
  2.   ca-certificates.spec
Blob History Raw
d01a981 
%define pkidir %{_sysconfdir}/pki
Kai Engert d538ada 
%define catrustdir %{_sysconfdir}/pki/ca-trust
Kai Engert d538ada 
%define classic_tls_bundle ca-bundle.crt
Kai Engert d538ada 
%define trusted_all_bundle ca-bundle.trust.crt
Kai Engert 40d3667 
%define legacy_default_bundle ca-bundle.legacy.default.crt
Kai Engert e24bfeb 
%define legacy_disable_bundle ca-bundle.legacy.disable.crt
Kai Engert 34f352d 
%define neutral_bundle ca-bundle.neutral-trust.crt
Kai Engert 34f352d 
%define bundle_supplement ca-bundle.supplement.p11-kit
Kai Engert d538ada 
%define java_bundle java/cacerts
d01a981
d01a981 
Summary: The Mozilla CA root certificate bundle
d01a981 
Name: ca-certificates
Kai Engert d538ada
Kai Engert d538ada 
# For the package version number, we use: year.{upstream version}
Kai Engert d538ada 
#
Kai Engert 5df4185 
# The {upstream version} can be found as symbol
Kai Engert 5df4185 
# NSS_BUILTINS_LIBRARY_VERSION in file nss/lib/ckfw/builtins/nssckbi.h
Kai Engert 5df4185 
# which corresponds to the data in file nss/lib/ckfw/builtins/certdata.txt.
Kai Engert 5df4185 
#
Kai Engert 5df4185 
# The files should be taken from a released version of NSS, as published
Kai Engert 5df4185 
# at https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/
Kai Engert 5df4185 
#
Kai Engert 5df4185 
# The versions that are used by the latest released version of
Kai Engert 5df4185 
# Mozilla Firefox should be available from:
Kai Engert b2e71a9 
# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
Kai Engert b2e71a9 
# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
Kai Engert d538ada 
#
Kai Engert 5df4185 
# The most recent development versions of the files can be found at
Kai Engert 5df4185 
# http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/nssckbi.h
Kai Engert 5df4185 
# http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt
Kai Engert 5df4185 
# (but these files might have not yet been released).
Kai Engert 5df4185 
#
Kai Engert d538ada 
# (until 2012.87 the version was based on the cvs revision ID of certdata.txt,
Kai Engert d538ada 
# but in 2013 the NSS projected was migrated to HG. Old version 2012.87 is
Kai Engert d538ada 
# equivalent to new version 2012.1.93, which would break the requirement
Kai Engert d538ada 
# to have increasing version numbers. However, the new scheme will work,
Kai Engert d538ada 
# because all future versions will start with 2013 or larger.)
Kai Engert d538ada
Kai Engert 54fae46 
Version: 2016.2.8
Kai Engert 18eedda 
# for Rawhide, please always use release >= 2
Kai Engert 18eedda 
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
Kai Engert 54fae46 
Release: 2%{?dist}
d01a981 
License: Public Domain
Kai Engert d538ada
d01a981 
Group: System Environment/Base
Kai Engert a1c2aec 
URL: https://fedoraproject.org/wiki/CA-Certificates
Kai Engert d538ada
Kai Engert b2e71a9 
#Please always update both certdata.txt and nssckbi.h
5f392b3 
Source0: certdata.txt
Kai Engert b2e71a9 
Source1: nssckbi.h
Kai Engert b2e71a9 
Source2: update-ca-trust
Kai Engert b2e71a9 
Source3: trust-fixes
Kai Engert b2e71a9 
Source4: certdata2pem.py
Kai Engert e24bfeb 
Source5: ca-legacy.conf
Kai Engert e24bfeb 
Source6: ca-legacy
Kai Engert 40d3667 
Source9: ca-legacy.8.txt
Kai Engert 9ac574b 
Source10: update-ca-trust.8.txt
Kai Engert d538ada 
Source11: README.usr
Kai Engert d538ada 
Source12: README.etc
Kai Engert d538ada 
Source13: README.extr
Kai Engert d538ada 
Source14: README.java
Kai Engert d538ada 
Source15: README.openssl
Kai Engert d538ada 
Source16: README.pem
Kai Engert d538ada 
Source17: README.src
Kai Engert d538ada
d01a981 
BuildArch: noarch
d01a981
Kai Engert 10e748b 
Requires: p11-kit >= 0.19.2
Kai Engert 10e748b 
Requires: p11-kit-trust >= 0.19.2
Kai Engert d538ada 
BuildRequires: perl
Kai Engert d538ada 
BuildRequires: python
Kai Engert d538ada 
BuildRequires: openssl
Kai Engert 9ac574b 
BuildRequires: asciidoc
Kai Engert 9ac574b 
BuildRequires: libxslt
Kai Engert d538ada
d01a981 
%description
d01a981 
This package contains the set of CA certificates chosen by the
d01a981 
Mozilla Foundation for use with the Internet PKI.
d01a981
d01a981 
%prep
d01a981 
rm -rf %{name}
Kai Engert d538ada 
mkdir %{name}
Kai Engert d538ada 
mkdir %{name}/certs
Kai Engert 40d3667 
mkdir %{name}/certs/legacy-default
Kai Engert e24bfeb 
mkdir %{name}/certs/legacy-disable
Kai Engert d538ada 
mkdir %{name}/java
d01a981
d01a981 
%build
5f392b3 
pushd %{name}/certs
Kai Engert 34f352d 
 pwd
Kai Engert d538ada 
 cp %{SOURCE0} .
Kai Engert b2e71a9 
 python %{SOURCE4} >c2p.log 2>c2p.err
5f392b3 
popd
d01a981 
pushd %{name}
5f392b3 
 (
5f392b3 
   cat <
5f392b3 
# This is a bundle of X.509 certificates of public Certificate
5f392b3 
# Authorities.  It was generated from the Mozilla root CA list.
708646c 
# These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
708646c 
# format and have trust bits set accordingly.
Kai Engert 18eedda 
# An exception are auxiliary certificates, without positive or negative
Kai Engert 18eedda 
# trust, but are used to assist in finding a preferred trust path.
Kai Engert 18eedda 
# Those neutral certificates use the plain BEGIN CERTIFICATE format.
708646c 
#
Kai Engert b2e71a9 
# Source: nss/lib/ckfw/builtins/certdata.txt
Kai Engert b2e71a9 
# Source: nss/lib/ckfw/builtins/nssckbi.h
708646c 
#
708646c 
# Generated from:
708646c 
EOF
Kai Engert b2e71a9 
   cat %{SOURCE1}  |grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}';
708646c 
   echo '#';
Kai Engert d538ada 
 ) > %{trusted_all_bundle}
Kai Engert e24bfeb 
 touch %{neutral_bundle}
708646c 
 for f in certs/*.crt; do
Kai Engert 34f352d 
   echo "processing $f"
708646c 
   tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
Kai Engert d538ada 
   distbits=`sed -n '/^# openssl-distrust/{s/^.*=//;p;}' $f`
Kai Engert 9ac574b 
   alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
Kai Engert d538ada 
   targs=""
708646c 
   if [ -n "$tbits" ]; then
708646c 
      for t in $tbits; do
708646c 
         targs="${targs} -addtrust $t"
708646c 
      done
Kai Engert d538ada 
   fi
Kai Engert d538ada 
   if [ -n "$distbits" ]; then
Kai Engert d538ada 
      for t in $distbits; do
Kai Engert d538ada 
         targs="${targs} -addreject $t"
Kai Engert d538ada 
      done
Kai Engert d538ada 
   fi
Kai Engert d538ada 
   if [ -n "$targs" ]; then
Kai Engert 34f352d 
      echo "trust flags $targs for $f" >> info.trust
Kai Engert 9ac574b 
      openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{trusted_all_bundle}
Kai Engert 34f352d 
   else
Kai Engert 34f352d 
      echo "no trust flags for $f" >> info.notrust
Kai Engert 18eedda 
      # p11-kit-trust defines empty trust lists as "rejected for all purposes".
Kai Engert 18eedda 
      # That's why we use the simple file format
Kai Engert 18eedda 
      #   (BEGIN CERTIFICATE, no trust information)
Kai Engert 18eedda 
      # because p11-kit-trust will treat it as a certificate with neutral trust.
Kai Engert 18eedda 
      # This means we cannot use the -setalias feature for neutral trust certs.
Kai Engert 18eedda 
      openssl x509 -text -in "$f" >> %{neutral_bundle}
708646c 
   fi
708646c 
 done
Kai Engert e24bfeb
Kai Engert 40d3667 
 for f in certs/legacy-default/*.crt; do
Kai Engert e24bfeb 
   echo "processing $f"
Kai Engert e24bfeb 
   tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
Kai Engert e24bfeb 
   alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
Kai Engert e24bfeb 
   targs=""
Kai Engert e24bfeb 
   if [ -n "$tbits" ]; then
Kai Engert e24bfeb 
      for t in $tbits; do
Kai Engert e24bfeb 
         targs="${targs} -addtrust $t"
Kai Engert e24bfeb 
      done
Kai Engert e24bfeb 
   fi
Kai Engert e24bfeb 
   if [ -n "$targs" ]; then
Kai Engert 40d3667 
      echo "legacy default flags $targs for $f" >> info.trust
Kai Engert 40d3667 
      openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_default_bundle}
Kai Engert e24bfeb 
   fi
Kai Engert 34f352d 
 done
Kai Engert e24bfeb
Kai Engert e24bfeb 
 for f in certs/legacy-disable/*.crt; do
Kai Engert e24bfeb 
   echo "processing $f"
Kai Engert e24bfeb 
   tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
Kai Engert e24bfeb 
   alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
Kai Engert e24bfeb 
   targs=""
Kai Engert e24bfeb 
   if [ -n "$tbits" ]; then
Kai Engert e24bfeb 
      for t in $tbits; do
Kai Engert e24bfeb 
         targs="${targs} -addtrust $t"
Kai Engert e24bfeb 
      done
Kai Engert e24bfeb 
   fi
Kai Engert e24bfeb 
   if [ -n "$targs" ]; then
Kai Engert e24bfeb 
      echo "legacy disable flags $targs for $f" >> info.trust
Kai Engert e24bfeb 
      openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_disable_bundle}
Kai Engert e24bfeb 
   fi
Kai Engert e24bfeb 
 done
Kai Engert e24bfeb
Kai Engert e24bfeb 
 P11FILES=`find certs -name *.p11-kit | wc -l`
Kai Engert e24bfeb 
 if [ $P11FILES -ne 0 ]; then
Kai Engert e24bfeb 
   for p in certs/*.p11-kit; do
Kai Engert e24bfeb 
     cat "$p" >> %{bundle_supplement}
Kai Engert e24bfeb 
   done
Kai Engert e24bfeb 
 fi
Kai Engert 34f352d 
 # Append our trust fixes
Kai Engert b2e71a9 
 cat %{SOURCE3} >> %{bundle_supplement}
56a6866 
popd
Kai Engert d538ada
Kai Engert 9ac574b 
#manpage
Kai Engert 9ac574b 
cp %{SOURCE10} %{name}/update-ca-trust.8.txt
Kai Engert 9ac574b 
asciidoc.py -v -d manpage -b docbook %{name}/update-ca-trust.8.txt
Kai Engert 9ac574b 
xsltproc --nonet -o %{name}/update-ca-trust.8 /usr/share/asciidoc/docbook-xsl/manpage.xsl %{name}/update-ca-trust.8.xml
Kai Engert 9ac574b
Kai Engert 40d3667 
cp %{SOURCE9} %{name}/ca-legacy.8.txt
Kai Engert 40d3667 
asciidoc.py -v -d manpage -b docbook %{name}/ca-legacy.8.txt
Kai Engert 40d3667 
xsltproc --nonet -o %{name}/ca-legacy.8 /usr/share/asciidoc/docbook-xsl/manpage.xsl %{name}/ca-legacy.8.xml
Kai Engert 40d3667
d01a981
d01a981 
%install
d01a981 
rm -rf $RPM_BUILD_ROOT
Kai Engert d538ada 
mkdir -p -m 755 $RPM_BUILD_ROOT%{pkidir}/tls/certs
Kai Engert d538ada 
mkdir -p -m 755 $RPM_BUILD_ROOT%{pkidir}/java
Kai Engert d538ada 
mkdir -p -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/ssl
Kai Engert d538ada 
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source
Kai Engert 34f352d 
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/anchors
Kai Engert 34f352d 
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/blacklist
Kai Engert d538ada 
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted
Kai Engert d538ada 
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem
Kai Engert d538ada 
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl
Kai Engert d538ada 
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/java
Kai Engert d538ada 
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source
Kai Engert 34f352d 
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/anchors
Kai Engert 34f352d 
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/blacklist
Kai Engert e24bfeb 
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy
Kai Engert d538ada 
mkdir -p -m 755 $RPM_BUILD_ROOT%{_bindir}
Kai Engert 9ac574b 
mkdir -p -m 755 $RPM_BUILD_ROOT%{_mandir}/man8
d01a981
Kai Engert 9ac574b 
install -p -m 644 %{name}/update-ca-trust.8 $RPM_BUILD_ROOT%{_mandir}/man8
Kai Engert 40d3667 
install -p -m 644 %{name}/ca-legacy.8 $RPM_BUILD_ROOT%{_mandir}/man8
Kai Engert d538ada 
install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/README
Kai Engert d538ada 
install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT%{catrustdir}/README
Kai Engert d538ada 
install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT%{catrustdir}/extracted/README
Kai Engert d538ada 
install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{catrustdir}/extracted/java/README
Kai Engert d538ada 
install -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl/README
Kai Engert d538ada 
install -p -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/README
Kai Engert d538ada 
install -p -m 644 %{SOURCE17} $RPM_BUILD_ROOT%{catrustdir}/source/README
Kai Engert 0ecb427
Kai Engert d538ada 
install -p -m 644 %{name}/%{trusted_all_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{trusted_all_bundle}
Kai Engert 34f352d 
install -p -m 644 %{name}/%{neutral_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{neutral_bundle}
Kai Engert 34f352d 
install -p -m 644 %{name}/%{bundle_supplement} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{bundle_supplement}
Kai Engert e24bfeb
Kai Engert 40d3667 
install -p -m 644 %{name}/%{legacy_default_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%{legacy_default_bundle}
Kai Engert e24bfeb 
install -p -m 644 %{name}/%{legacy_disable_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_bundle}
Kai Engert e24bfeb
Kai Engert e24bfeb 
install -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{catrustdir}/ca-legacy.conf
Kai Engert e24bfeb
Kai Engert d538ada 
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{trusted_all_bundle}
Kai Engert 34f352d 
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{neutral_bundle}
Kai Engert 34f352d 
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{bundle_supplement}
Kai Engert 0ecb427
Kai Engert 40d3667 
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%{legacy_default_bundle}
Kai Engert e24bfeb 
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_bundle}
Kai Engert e24bfeb
Kai Engert d538ada 
# TODO: consider to dynamically create the update-ca-trust script from within
Kai Engert d538ada 
#       this .spec file, in order to have the output file+directory names at once place only.
Kai Engert b2e71a9 
install -p -m 755 %{SOURCE2} $RPM_BUILD_ROOT%{_bindir}/update-ca-trust
d01a981
Kai Engert e24bfeb 
install -p -m 755 %{SOURCE6} $RPM_BUILD_ROOT%{_bindir}/ca-legacy
Kai Engert e24bfeb
Kai Engert d538ada 
# touch ghosted files that will be extracted dynamically
Kai Engert d538ada 
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/tls-ca-bundle.pem
Kai Engert d538ada 
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/email-ca-bundle.pem
Kai Engert d538ada 
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/objsign-ca-bundle.pem
Kai Engert d538ada 
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl/%{trusted_all_bundle}
Kai Engert d538ada 
touch $RPM_BUILD_ROOT%{catrustdir}/extracted/%{java_bundle}
d01a981
c9fb114 
# /etc/ssl/certs symlink for 3rd-party tools
Kai Engert 5300aa7 
sln ../pki/tls/certs \
Kai Engert 5300aa7 
    $RPM_BUILD_ROOT%{_sysconfdir}/ssl/certs
Kai Engert d538ada 
# legacy filenames
Kai Engert 5300aa7 
sln %{catrustdir}/extracted/pem/tls-ca-bundle.pem \
Kai Engert 5300aa7 
    $RPM_BUILD_ROOT%{pkidir}/tls/cert.pem
Kai Engert 5300aa7 
sln %{catrustdir}/extracted/pem/tls-ca-bundle.pem \
Kai Engert 5300aa7 
    $RPM_BUILD_ROOT%{pkidir}/tls/certs/%{classic_tls_bundle}
Kai Engert 5300aa7 
sln %{catrustdir}/extracted/openssl/%{trusted_all_bundle} \
Kai Engert 5300aa7 
    $RPM_BUILD_ROOT%{pkidir}/tls/certs/%{trusted_all_bundle}
Kai Engert 5300aa7 
sln %{catrustdir}/extracted/%{java_bundle} \
Kai Engert 5300aa7 
    $RPM_BUILD_ROOT%{pkidir}/%{java_bundle}
c9fb114
d01a981 
%clean
d01a981 
rm -rf $RPM_BUILD_ROOT
d01a981
Kai Engert d538ada
Kai Engert d538ada 
%pre
Kai Engert d538ada 
if [ $1 -gt 1 ] ; then
Kai Engert d538ada 
  # Upgrade or Downgrade.
Kai Engert d538ada 
  # If the classic filename is a regular file, then we are upgrading
Kai Engert d538ada 
  # from an old package and we will move it to an .rpmsave backup file.
Kai Engert d538ada 
  # If the filename is a symbolic link, then we are good already.
Kai Engert d538ada 
  # If the system will later be downgraded to an old package with regular
Kai Engert d538ada 
  # files, and afterwards updated again to a newer package with symlinks,
Kai Engert d538ada 
  # and the old .rpmsave backup file didn't get cleaned up,
Kai Engert d538ada 
  # then we don't backup again. We keep the older backup file.
Kai Engert d538ada 
  # In other words, if an .rpmsave file already exists, we don't overwrite it.
Kai Engert d538ada 
  #
Kai Engert d538ada 
  if ! test -e %{pkidir}/%{java_bundle}.rpmsave; then
Kai Engert d538ada 
    # no backup yet
Kai Engert 8867a18 
    if test -e %{pkidir}/%{java_bundle}; then
Kai Engert 8867a18 
      # a file exists
Kai Engert 8867a18 
        if ! test -L %{pkidir}/%{java_bundle}; then
Kai Engert 8867a18 
        # it's an old regular file, not a link
Kai Engert 8867a18 
        mv -f %{pkidir}/%{java_bundle} %{pkidir}/%{java_bundle}.rpmsave
Kai Engert 8867a18 
      fi
Kai Engert d538ada 
    fi
Kai Engert d538ada 
  fi
Kai Engert d538ada
Kai Engert d538ada 
  if ! test -e %{pkidir}/tls/certs/%{classic_tls_bundle}.rpmsave; then
Kai Engert d538ada 
    # no backup yet
Kai Engert 8867a18 
    if test -e %{pkidir}/tls/certs/%{classic_tls_bundle}; then
Kai Engert 8867a18 
      # a file exists
Kai Engert 8867a18 
      if ! test -L %{pkidir}/tls/certs/%{classic_tls_bundle}; then
Kai Engert 8867a18 
        # it's an old regular file, not a link
Kai Engert 8867a18 
        mv -f %{pkidir}/tls/certs/%{classic_tls_bundle} %{pkidir}/tls/certs/%{classic_tls_bundle}.rpmsave
Kai Engert 8867a18 
      fi
Kai Engert d538ada 
    fi
Kai Engert d538ada 
  fi
Kai Engert d538ada
Kai Engert d538ada 
  if ! test -e %{pkidir}/tls/certs/%{trusted_all_bundle}.rpmsave; then
Kai Engert d538ada 
    # no backup yet
Kai Engert 8867a18 
    if test -e %{pkidir}/tls/certs/%{trusted_all_bundle}; then
Kai Engert 8867a18 
      # a file exists
Kai Engert 8867a18 
      if ! test -L %{pkidir}/tls/certs/%{trusted_all_bundle}; then
Kai Engert 8867a18 
        # it's an old regular file, not a link
Kai Engert 8867a18 
        mv -f %{pkidir}/tls/certs/%{trusted_all_bundle} %{pkidir}/tls/certs/%{trusted_all_bundle}.rpmsave
Kai Engert 8867a18 
      fi
Kai Engert d538ada 
    fi
Kai Engert d538ada 
  fi
Kai Engert d538ada 
fi
Kai Engert d538ada
Kai Engert d538ada
Kai Engert d538ada 
%post
Kai Engert d538ada 
#if [ $1 -gt 1 ] ; then
Kai Engert d538ada 
#  # when upgrading or downgrading
Kai Engert d538ada 
#fi
Kai Engert e24bfeb 
%{_bindir}/ca-legacy install
Kai Engert d538ada 
%{_bindir}/update-ca-trust
Kai Engert d538ada
Kai Engert d538ada
d01a981 
%files
d01a981 
%defattr(-,root,root,-)
Kai Engert d538ada
Kai Engert d538ada 
%dir %{_sysconfdir}/ssl
d01a981 
%dir %{pkidir}/tls
d01a981 
%dir %{pkidir}/tls/certs
Kai Engert d538ada 
%dir %{pkidir}/java
Kai Engert d538ada 
%dir %{catrustdir}
Kai Engert d538ada 
%dir %{catrustdir}/source
Kai Engert 34f352d 
%dir %{catrustdir}/source/anchors
Kai Engert 34f352d 
%dir %{catrustdir}/source/blacklist
Kai Engert d538ada 
%dir %{catrustdir}/extracted
Kai Engert d538ada 
%dir %{catrustdir}/extracted/pem
Kai Engert d538ada 
%dir %{catrustdir}/extracted/openssl
Kai Engert d538ada 
%dir %{catrustdir}/extracted/java
a14dcb4 
%dir %{_datadir}/pki
Kai Engert 34f352d 
%dir %{_datadir}/pki/ca-trust-source
Kai Engert 34f352d 
%dir %{_datadir}/pki/ca-trust-source/anchors
Kai Engert 34f352d 
%dir %{_datadir}/pki/ca-trust-source/blacklist
Kai Engert e24bfeb 
%dir %{_datadir}/pki/ca-trust-legacy
Kai Engert e24bfeb
Kai Engert e24bfeb 
%config(noreplace) %{catrustdir}/ca-legacy.conf
Kai Engert d538ada
Kai Engert 9ac574b 
%{_mandir}/man8/update-ca-trust.8.gz
Kai Engert 40d3667 
%{_mandir}/man8/ca-legacy.8.gz
Kai Engert d538ada 
%{_datadir}/pki/ca-trust-source/README
Kai Engert d538ada 
%{catrustdir}/README
Kai Engert d538ada 
%{catrustdir}/extracted/README
Kai Engert d538ada 
%{catrustdir}/extracted/java/README
Kai Engert d538ada 
%{catrustdir}/extracted/openssl/README
Kai Engert d538ada 
%{catrustdir}/extracted/pem/README
Kai Engert d538ada 
%{catrustdir}/source/README
Kai Engert d538ada
Kai Engert d538ada 
# symlinks for old locations
866d688 
%{pkidir}/tls/cert.pem
Kai Engert d538ada 
%{pkidir}/tls/certs/%{classic_tls_bundle}
Kai Engert d538ada 
%{pkidir}/tls/certs/%{trusted_all_bundle}
Kai Engert d538ada 
%{pkidir}/%{java_bundle}
Kai Engert d538ada 
# symlink directory
c9fb114 
%{_sysconfdir}/ssl/certs
Kai Engert d538ada 
# master bundle file with trust
Kai Engert d538ada 
%{_datadir}/pki/ca-trust-source/%{trusted_all_bundle}
Kai Engert 34f352d 
%{_datadir}/pki/ca-trust-source/%{neutral_bundle}
Kai Engert 34f352d 
%{_datadir}/pki/ca-trust-source/%{bundle_supplement}
Kai Engert 40d3667 
%{_datadir}/pki/ca-trust-legacy/%{legacy_default_bundle}
Kai Engert e24bfeb 
%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_bundle}
Kai Engert d538ada 
# update/extract tool
Kai Engert d538ada 
%{_bindir}/update-ca-trust
Kai Engert e24bfeb 
%{_bindir}/ca-legacy
Kai Engert e24bfeb 
%ghost %{catrustdir}/source/ca-bundle.legacy.crt
Kai Engert d538ada 
# files extracted files
Kai Engert d538ada 
%ghost %{catrustdir}/extracted/pem/tls-ca-bundle.pem
Kai Engert d538ada 
%ghost %{catrustdir}/extracted/pem/email-ca-bundle.pem
Kai Engert d538ada 
%ghost %{catrustdir}/extracted/pem/objsign-ca-bundle.pem
Kai Engert d538ada 
%ghost %{catrustdir}/extracted/openssl/%{trusted_all_bundle}
Kai Engert d538ada 
%ghost %{catrustdir}/extracted/%{java_bundle}
Kai Engert d538ada
d01a981
d01a981 
%changelog
Kai Engert 54fae46 
* Fri Jul 15 2016 Kai Engert <kaie@redhat.com> - 2016.2.8-2
Kai Engert 54fae46 
- Update to CKBI 2.8 from NSS 3.25 with legacy modifications
Kai Engert 54fae46
Kai Engert 8867a18 
* Tue May 10 2016 Kai Engert <kaie@redhat.com> - 2016.2.7-5
Kai Engert 8867a18 
- Only create backup files if there is an original file (bug 999017).
Kai Engert 8867a18
Kai Engert 5300aa7 
* Tue May 10 2016 Kai Engert <kaie@redhat.com> - 2016.2.7-4
Kai Engert 5300aa7 
- Use sln, not ln, to avoid the dependency on coreutils.
Kai Engert 5300aa7
Kai Engert de9cf5d 
* Mon Apr 25 2016 Kai Engert <kaie@redhat.com> - 2016.2.7-3
Kai Engert de9cf5d 
- Fix typos in a manual page and in a README file.
Kai Engert de9cf5d
Kai Engert 5367492 
* Wed Mar 16 2016 Kai Engert <kaie@redhat.com> - 2016.2.7-2
Kai Engert 5367492 
- Update to CKBI 2.7 from NSS 3.23 with legacy modifications
Kai Engert 5367492
199d06c 
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2015.2.6-3
199d06c 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
199d06c
Kai Engert da979a1 
* Mon Nov 23 2015 Kai Engert <kaie@redhat.com> - 2015.2.6-2
Kai Engert da979a1 
- Update to CKBI 2.6 from NSS 3.21 with legacy modifications
Kai Engert da979a1
Kai Engert 87f9238 
* Thu Aug 13 2015 Kai Engert <kaie@redhat.com> - 2015.2.5-2
Kai Engert 87f9238 
- Update to CKBI 2.5 from NSS 3.19.3 with legacy modifications
Kai Engert 87f9238
298b407 
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2015.2.4-3
298b407 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
298b407
Kai Engert b2076a0 
* Tue May 05 2015 Kai Engert <kaie@redhat.com> - 2015.2.4-2
Kai Engert b2076a0 
- Update to CKBI 2.4 from NSS 3.18.1 with legacy modifications
Kai Engert b2076a0
Kai Engert 4111120 
* Tue May 05 2015 Kai Engert <kaie@redhat.com> - 2015.2.3-4
Kai Engert 4111120 
- Fixed a typo in the ca-legacy manual page.
Kai Engert 4111120
Kai Engert 40d3667 
* Tue Mar 31 2015 Kai Engert <kaie@redhat.com> - 2015.2.3-3
Kai Engert 40d3667 
- Don't use "enable" as a value for the legacy configuration, instead
Kai Engert 40d3667 
  of the value "default", to make it clear that this preference isn't
Kai Engert 40d3667 
  a promise to keep certificates enabled, but rather that we only
Kai Engert 40d3667 
  keep them enabled as long as it's considered necessary.
Kai Engert 40d3667 
- Changed the configuration file, the ca-legacy utility and filenames
Kai Engert 40d3667 
  to use the term "default" (instead of the term "enable").
Kai Engert 40d3667 
- Added a manual page for the ca-legacy utility.
Kai Engert 40d3667 
- Fixed the ca-legacy utility to handle absence of the configuration
Kai Engert 40d3667 
  setting and treat absence as the default setting.
Kai Engert 40d3667
Kai Engert b18dd49 
* Fri Mar 20 2015 Kai Engert <kaie@redhat.com> - 2015.2.3-2
Kai Engert b18dd49 
- Update to CKBI 2.3 from NSS 3.18 with legacy modifications
Kai Engert b1d00ef 
- Fixed a mistake in the legacy handling of the upstream 2.2 release:
Kai Engert b1d00ef 
  Removed two AOL certificates from the legacy group, because
Kai Engert b1d00ef 
  upstream didn't remove them as part of phasing out 1024-bit
Kai Engert b1d00ef 
  certificates, which means it isn't necessary to keep them.
Kai Engert b1d00ef 
- Fixed a mistake in the legacy handling of the upstream 2.1 release:
Kai Engert b1d00ef 
  Moved two NetLock certificates into the legacy group.
Kai Engert b1d00ef
Kai Engert 053dde8 
* Tue Dec 16 2014 Kai Engert <kaie@redhat.com> - 2014.2.2-2
Kai Engert 053dde8 
- Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications
Kai Engert a1c2aec 
- Update project URL
Kai Engert a1c2aec 
- Cleanup
Kai Engert a1c2aec
0c19add 
* Sat Nov 15 2014 Peter Lemenkov <lemenkov@gmail.com> - 2014.2.1-7
0c19add 
- Restore Requires: coreutils
0c19add
d8e353c 
* Fri Nov 14 2014 Peter Lemenkov <lemenkov@gmail.com> - 2014.2.1-6
d8e353c 
- A proper fix for rhbz#1158343
d8e353c
Kai Engert d7defef 
* Wed Oct 29 2014 Kai Engert <kaie@redhat.com> - 2014.2.1-5
Kai Engert d7defef 
- add Requires: coreutils (rhbz#1158343)
Kai Engert d7defef
Kai Engert e24bfeb 
* Tue Oct 28 2014 Kai Engert <kaie@redhat.com> - 2014.2.1-4
Kai Engert e24bfeb 
- Introduce the ca-legacy utility and a ca-legacy.conf configuration file.
Kai Engert e24bfeb 
  By default, legacy roots required for OpenSSL/GnuTLS compatibility
Kai Engert e24bfeb 
  are kept enabled. Using the ca-legacy utility, the legacy roots can be
Kai Engert e24bfeb 
  disabled. If disabled, the system will use the trust set as provided
Kai Engert e24bfeb 
  by the upstream Mozilla CA list. (See also: rhbz#1158197)
Kai Engert e24bfeb
Kai Engert f81c301 
* Sun Sep 21 2014 Kai Engert <kaie@redhat.com> - 2014.2.1-3
Kai Engert f81c301 
- Temporarily re-enable several legacy root CA certificates because of
Kai Engert f81c301 
  compatibility issues with software based on OpenSSL/GnuTLS,
Kai Engert f81c301 
  see rhbz#1144808
Kai Engert f81c301
Kai Engert 18eedda 
* Thu Aug 14 2014 Kai Engert <kaie@redhat.com> - 2014.2.1-2
Kai Engert 18eedda 
- Update to CKBI 2.1 from NSS 3.16.4
Kai Engert 18eedda 
- Fix rhbz#1130226
Kai Engert 18eedda
b0943c5 
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2013.1.97-3
b0943c5 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
b0943c5
Kai Engert f176bca 
* Wed Mar 19 2014 Kai Engert <kaie@redhat.com> - 2013.1.97-2
Kai Engert f176bca 
- Update to CKBI 1.97 from NSS 3.16
Kai Engert f176bca
Kai Engert 4a1396f 
* Mon Feb 10 2014 Kai Engert <kaie@redhat.com> - 2013.1.96-3
Kai Engert 278ac24 
- Remove openjdk build dependency
Kai Engert 278ac24
a14dcb4 
* Sat Jan 25 2014 Ville Skyttä <ville.skytta@iki.fi> - 2013.1.96-2
a14dcb4 
- Own the %%{_datadir}/pki dir.
a14dcb4
Kai Engert 5df4185 
* Thu Jan 09 2014 Kai Engert <kaie@redhat.com> - 2013.1.96-1
Kai Engert 5df4185 
- Update to CKBI 1.96 from NSS 3.15.4
Kai Engert 5df4185
Kai Engert 9a4d41a 
* Tue Dec 17 2013 Kai Engert <kaie@redhat.com> - 2013.1.95-1
Kai Engert 9a4d41a 
- Update to CKBI 1.95 from NSS 3.15.3.1
Kai Engert 9a4d41a
Kai Engert 10e748b 
* Fri Sep 06 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-18
Kai Engert 10e748b 
- Update the Entrust root stapled extension for compatibility with
Kai Engert 10e748b 
  p11-kit version 0.19.2, patch by Stef Walter, rhbz#988745
Kai Engert 10e748b
Kai Engert e3e96c2 
* Tue Sep 03 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-17
Kai Engert e3e96c2 
- merge manual improvement from f19
Kai Engert e3e96c2
04d3dc5 
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2013.1.94-16
04d3dc5 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
04d3dc5
Kai Engert 540618e 
* Tue Jul 09 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-15
Kai Engert 540618e 
- clarification updates to manual page
Kai Engert 540618e
Kai Engert 9ac574b 
* Mon Jul 08 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-14
Kai Engert 9ac574b 
- added a manual page and related build requirements
Kai Engert 9ac574b 
- simplify the README files now that we have a manual page
Kai Engert 9ac574b 
- set a certificate alias in trusted bundle (thanks to Ludwig Nussel)
Kai Engert 9ac574b
Kai Engert 6c5dbfb 
* Mon May 27 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-13
Kai Engert 6c5dbfb 
- use correct command in README files, rhbz#961809
Kai Engert 6c5dbfb
Kai Engert 6c5dbfb 
* Mon May 27 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-12
Kai Engert 2dc4526 
- update to version 1.94 provided by NSS 3.15 (beta)
Kai Engert 2dc4526
Kai Engert b2e71a9 
* Mon Apr 22 2013 Kai Engert <kaie@redhat.com> - 2012.87-12
Kai Engert b2e71a9 
- Use both label and serial to identify cert during conversion, rhbz#927601
Kai Engert b2e71a9 
- Add myself as contributor to certdata2.pem.py and remove use of rcs/ident.
Kai Engert b2e71a9 
  (thanks to Michael Shuler for suggesting to do so)
Kai Engert b2e71a9 
- Update source URLs and comments, add source file for version information.
Kai Engert b2e71a9
Kai Engert 34f352d 
* Tue Mar 19 2013 Kai Engert <kaie@redhat.com> - 2012.87-11
Kai Engert 34f352d 
- adjust to changed and new functionality provided by p11-kit 0.17.3
Kai Engert 34f352d 
- updated READMEs to describe the new directory-specific treatment of files
Kai Engert 34f352d 
- ship a new file that contains certificates with neutral trust
Kai Engert 34f352d 
- ship a new file that contains distrust objects, and also staple a
Kai Engert 34f352d 
  basic constraint extension to one legacy root contained in the
Kai Engert 34f352d 
  Mozilla CA list
Kai Engert 34f352d 
- adjust the build script to dynamically produce most of above files
Kai Engert 34f352d 
- add and own the anchors and blacklist subdirectories
Kai Engert 34f352d 
- file generate-cacerts.pl is no longer required
Kai Engert 34f352d
Kai Engert d538ada 
* Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 2012.87-9
Kai Engert d538ada 
- Major rework for the Fedora SharedSystemCertificates feature.
Kai Engert d538ada 
- Only ship a PEM bundle file using the BEGIN TRUSTED CERTIFICATE file format.
Kai Engert d538ada 
- Require the p11-kit package that contains tools to automatically create
Kai Engert d538ada 
  other file format bundles.
Kai Engert d538ada 
- Convert old file locations to symbolic links that point to dynamically
Kai Engert d538ada 
  generated files.
Kai Engert d538ada 
- Old files, which might have been locally modified, will be saved in backup
Kai Engert d538ada 
  files with .rpmsave extension.
Kai Engert d538ada 
- Added a update-ca-certificates script which can be used to regenerate
Kai Engert d538ada 
  the merged trusted output.
Kai Engert d538ada 
- Refer to the various README files that have been added for more detailed
Kai Engert d538ada 
  explanation of the new system.
Kai Engert d538ada 
- No longer require rsc for building.
Kai Engert d538ada 
- Add explanation for the future version numbering scheme,
Kai Engert d538ada 
  because the old numbering scheme was based on upstream using cvs,
Kai Engert d538ada 
  which is no longer true, and therefore can no longer be used.
Kai Engert d538ada 
- Includes changes from rhbz#873369.
Kai Engert d538ada
Kai Engert 0ecb427 
* Thu Mar 07 2013 Kai Engert <kaie@redhat.com> - 2012.87-2.fc19.1
Kai Engert 0ecb427 
- Ship trust bundle file in /usr/share/pki/ca-trust-source/, temporarily in addition.
Kai Engert 0ecb427 
  This location will soon become the only place containing this file.
Kai Engert 0ecb427
dc13997 
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2012.87-2
dc13997 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
dc13997
73800e1 
* Fri Jan 04 2013 Paul Wouters <pwouters@redhat.com> - 2012.87-1
73800e1 
- Updated to r1.87 to blacklist mis-issued turktrust CA certs
73800e1
829cbef 
* Wed Oct 24 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-2
829cbef 
- Updated blacklist with 20 entries (Diginotar, Trustwave, Comodo(?)
829cbef 
- Fix to certdata2pem.py to also check for CKT_NSS_NOT_TRUSTED
829cbef
b65d8a8 
* Tue Oct 23 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-1
b65d8a8 
- update to r1.86
b65d8a8
bc18e50 
* Mon Jul 23 2012 Joe Orton <jorton@redhat.com> - 2012.85-2
bc18e50 
- add openssl to BuildRequires
bc18e50
df639e3 
* Mon Jul 23 2012 Joe Orton <jorton@redhat.com> - 2012.85-1
df639e3 
- update to r1.85
df639e3
816ae11 
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2012.81-2
816ae11 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
816ae11
229976a 
* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2012.81-1
229976a 
- update to r1.81
229976a
8c27f26 
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2011.80-2
8c27f26 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
8c27f26
229976a 
* Wed Nov  9 2011 Joe Orton <jorton@redhat.com> - 2011.80-1
Joe Orton 5968244 
- update to r1.80
Joe Orton 5968244 
- fix handling of certs with dublicate Subject names (#733032)
Joe Orton 5968244
f098063 
* Thu Sep  1 2011 Joe Orton <jorton@redhat.com> - 2011.78-1
f098063 
- update to r1.78, removing trust from DigiNotar root (#734679)
f098063
fbef645 
* Wed Aug  3 2011 Joe Orton <jorton@redhat.com> - 2011.75-1
fbef645 
- update to r1.75
fbef645
37d25f7 
* Wed Apr 20 2011 Joe Orton <jorton@redhat.com> - 2011.74-1
37d25f7 
- update to r1.74
37d25f7
9ee01c7 
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2011.70-2
9ee01c7 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
9ee01c7
bf4a1f1 
* Wed Jan 12 2011 Joe Orton <jorton@redhat.com> - 2011.70-1
bf4a1f1 
- update to r1.70
bf4a1f1
96465e8 
* Tue Nov  9 2010 Joe Orton <jorton@redhat.com> - 2010.65-3
96465e8 
- update to r1.65
96465e8
c9fb114 
* Wed Apr  7 2010 Joe Orton <jorton@redhat.com> - 2010.63-3
c9fb114 
- package /etc/ssl/certs symlink for third-party apps (#572725)
c9fb114
58bb64f 
* Wed Apr  7 2010 Joe Orton <jorton@redhat.com> - 2010.63-2
58bb64f 
- rebuild
58bb64f
b62ba6e 
* Wed Apr  7 2010 Joe Orton <jorton@redhat.com> - 2010.63-1
b62ba6e 
- update to certdata.txt r1.63
b62ba6e 
- use upstream RCS version in Version
b62ba6e
dc70b1f 
* Fri Mar 19 2010 Joe Orton <jorton@redhat.com> - 2010-4
dc70b1f 
- fix ca-bundle.crt (#575111)
dc70b1f
708646c 
* Thu Mar 18 2010 Joe Orton <jorton@redhat.com> - 2010-3
708646c 
- update to certdata.txt r1.58
708646c 
- add /etc/pki/tls/certs/ca-bundle.trust.crt using 'TRUSTED CERTICATE' format
708646c 
- exclude ECC certs from the Java cacerts database
708646c 
- catch keytool failures
708646c 
- fail parsing certdata.txt on finding untrusted but not blacklisted cert
708646c
56a6866 
* Fri Jan 15 2010 Joe Orton <jorton@redhat.com> - 2010-2
56a6866 
- fix Java cacert database generation: use Subject rather than Issuer
56a6866 
  for alias name; add diagnostics; fix some alias names.
56a6866
5f392b3 
* Mon Jan 11 2010 Joe Orton <jorton@redhat.com> - 2010-1
5f392b3 
- adopt Python certdata.txt parsing script from Debian
5f392b3
0bfc15e 
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2009-2
0bfc15e 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
0bfc15e
5406f40 
* Wed Jul 22 2009 Joe Orton <jorton@redhat.com> 2009-1
5406f40 
- update to certdata.txt r1.53
5406f40
a42172d 
* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2008-8
a42172d 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
a42172d
e908127 
* Tue Oct 14 2008 Joe Orton <jorton@redhat.com> 2008-7
e908127 
- update to certdata.txt r1.49
e908127
Thomas Fitzsimmons 180c47e 
* Wed Jun 25 2008 Thomas Fitzsimmons <fitzsim@redhat.com> - 2008-6
Thomas Fitzsimmons 180c47e 
- Change generate-cacerts.pl to produce pretty aliases.
Thomas Fitzsimmons 180c47e
65c3b04 
* Mon Jun  2 2008 Joe Orton <jorton@redhat.com> 2008-5
65c3b04 
- include /etc/pki/tls/cert.pem symlink to ca-bundle.crt
65c3b04
d01a981 
* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-4
d01a981 
- use package name for temp dir, recreate it in prep
d01a981
d01a981 
* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-3
d01a981 
- fix source script perms
d01a981 
- mark packaged files as config(noreplace)
d01a981
d01a981 
* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-2
d01a981 
- add (but don't use) mkcabundle.pl
d01a981 
- tweak description
d01a981 
- use /usr/bin/keytool directly; BR java-openjdk
d01a981
d01a981 
* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-1
d01a981 
- Initial build (#448497)
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.