[packages/ca-certificates] up to 20240203
atler
atler at pld-linux.org
Sun Feb 4 20:02:35 CET 2024
commit 1fc0c79c6ca13ff12742216f5941b9f7f405fce6
Author: Jan Palus <atler at pld-linux.org>
Date: Sun Feb 4 19:43:21 2024 +0100
up to 20240203
blacklist.patch | 2 +-
ca-certificates-etc-certs.patch | 4 ++--
ca-certificates-undebianize.patch | 27 ++++++++++-----------------
ca-certificates.d.patch | 8 ++++----
ca-certificates.spec | 6 +++---
5 files changed, 20 insertions(+), 27 deletions(-)
---
diff --git a/ca-certificates.spec b/ca-certificates.spec
index 1a8c049..5f8f481 100644
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -11,13 +11,13 @@
Summary: Common CA Certificates PEM files
Summary(pl.UTF-8): Pliki PEM popularnych certyfikatów CA
Name: ca-certificates
-%define ver_date 20230311
+%define ver_date 20240203
Version: %{ver_date}
-Release: 2
+Release: 1
License: GPL v2 (scripts), MPL v2 (mozilla certs), distributable (other certs)
Group: Base
Source0: http://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.xz
-# Source0-md5: fc1c3ec0067385f0be8ac7f6e670a0f8
+# Source0-md5: 228129ccf8cd99b991d771c44dd4052c
Source2: http://www.certum.pl/keys/CA.pem
# Source2-md5: 35610177afc9c64e70f1ce62c1885496
Source14: http://www.certum.pl/CTNCA.pem
diff --git a/blacklist.patch b/blacklist.patch
index 94792ae..8b087f2 100644
--- a/blacklist.patch
+++ b/blacklist.patch
@@ -4,4 +4,4 @@
"Explicitly Distrust DigiNotar Root CA"
# Expired CAs
-+"E-Tugra Certification Authority"
++"Security Communication Root CA"
diff --git a/ca-certificates-etc-certs.patch b/ca-certificates-etc-certs.patch
index 597a163..6e30546 100644
--- a/ca-certificates-etc-certs.patch
+++ b/ca-certificates-etc-certs.patch
@@ -40,7 +40,7 @@
rm -f "$PEM"
@@ -111,24 +111,18 @@
- sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt
+ sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read -r crt
do
- if ! test -f "$CERTSDIR/$crt"
+ if test -f "$CERTSDIR/$crt"
@@ -61,7 +61,7 @@
-# administrator.
-if [ -d "$LOCALCERTSDIR" ]
-then
-- find -L "$LOCALCERTSDIR" -type f -name '*.crt' | sort | while read crt
+- find -L "$LOCALCERTSDIR" -type f -name '*.crt' | sort | while read -r crt
- do
- add "$crt"
- done
diff --git a/ca-certificates-undebianize.patch b/ca-certificates-undebianize.patch
index a7c4212..6013e88 100644
--- a/ca-certificates-undebianize.patch
+++ b/ca-certificates-undebianize.patch
@@ -19,7 +19,7 @@
- echo "Running hooks in $HOOKSDIR..."
- VERBOSE_ARG=
- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
-- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
+- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read -r hook
- do
- ( cat "$ADDED"
- cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."
@@ -40,19 +40,10 @@
.SH SYNOPSIS
.B update-ca-certificates
.RI [ options ]
-@@ -26,7 +26,7 @@ This manual page documents briefly the
- command.
- .PP
- \fBupdate-ca-certificates\fP is a program that updates the directory
--/etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt,
-+ at openssldir@ to hold SSL certificates and generates ca-certificates.crt,
- a concatenated single-file list of certificates.
- .PP
- It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
@@ -38,11 +38,6 @@
- .PP
- Furthermore all certificates with a .crt extension found below
- /usr/local/share/ca-certificates are also included as implicitly trusted.
+ should be one certificate per file, and not multiple certificates in a single
+ file. Then run update-ca-certificates to merge the new certificates into the
+ existing machine store at /etc/ssl/certs.
-.PP
-Before terminating, \fBupdate-ca-certificates\fP invokes
-\fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with
@@ -61,19 +52,21 @@
.SH OPTIONS
A summary of options is included below.
.TP
-@@ -53,13 +48,13 @@
+@@ -61,7 +61,7 @@
Be verbose. Output \fBopenssl rehash\fP.
.TP
.B \-f, \-\-fresh
-Fresh updates. Remove symlinks in /etc/ssl/certs directory.
+Fresh updates. Remove symlinks in @openssldir@ directory.
- .SH FILES
.TP
+ .B \-\-certsconf
+ Change the configuration file. By default, the file
+@@ -84,7 +84,7 @@
.I /etc/ca-certificates.conf
A configuration file.
.TP
-.I /etc/ssl/certs/ca-certificates.crt
+.I /etc/openssl/ca-certificates.crt
- A single-file version of CA certificates. This holds
- all CA certificates that you activated in /etc/ca-certificates.conf.
+ A single-file version of CA certificates. This holds all CA certificates
+ that were activated in /etc/ca-certificates.conf.
.TP
diff --git a/ca-certificates.d.patch b/ca-certificates.d.patch
index 203a92e..2c91adb 100644
--- a/ca-certificates.d.patch
+++ b/ca-certificates.d.patch
@@ -22,7 +22,7 @@
-# Handle certificates that should be removed. This is an explicit act
-# by prefixing lines in the configuration files with exclamation marks (!).
--sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read crt
+-sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read -r crt
-do
- remove "$CERTSDIR/$crt"
-done
@@ -32,12 +32,12 @@
+
+ # Handle certificates that should be removed. This is an explicit act
+ # by prefixing lines in the configuration files with exclamation marks (!).
-+ sed -n -e '/^$/d' -e 's/^!//p' $conf | while read crt
++ sed -n -e '/^$/d' -e 's/^!//p' $conf | while read -r crt
+ do
+ remove "$CERTSDIR/$crt"
+ done
--sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt
+-sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read -r crt
-do
- if test -f "$CERTSDIR/$crt"
- then
@@ -49,7 +49,7 @@
- echo "W: $CERTSDIR/$crt or $LOCALCERTSDIR/$crt not found, but listed in $CERTSCONF." >&2
- continue
- fi
-+ sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $conf | while read crt
++ sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $conf | while read -r crt
+ do
+ if test -f "$CERTSDIR/$crt"
+ then
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/ca-certificates.git/commitdiff/1fc0c79c6ca13ff12742216f5941b9f7f405fce6
More information about the pld-cvs-commit
mailing list