commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2017-08-12 20:01:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ca-certificates" Sat Aug 12 20:01:20 2017 rev:38 rq:515015 version:2+git20170807.10b2785 Changes: -------- --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2015-11-17 14:20:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2017-08-12 20:01:24.132922080 +0200 @@ -1,0 +2,14 @@ +Mon Aug 07 13:58:01 UTC 2017 - lnussel@suse.de + +- Update to version 2+git20170807.10b2785: + * Check TRANSACTIONAL_UPDATE is set (boo#1045942) + * Add systemd units + +------------------------------------------------------------------- +Mon Jun 19 13:31:02 CEST 2017 - kukuk@suse.de + +- Run update-ca-certificate by systemd unit when the content of + one of the paths changes. Needed for read-only root and/or + transactional updates. + +------------------------------------------------------------------- Old: ---- ca-certificates-2+git20151110.c15593c.tar.xz New: ---- ca-certificates-2+git20170807.10b2785.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ca-certificates.spec ++++++ --- /var/tmp/diff_new_pack.oJhPne/_old 2017-08-12 20:01:25.188774181 +0200 +++ /var/tmp/diff_new_pack.oJhPne/_new 2017-08-12 20:01:25.208771380 +0200 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version: 2+git20151110.c15593c +Version: 2+git20170807.10b2785 Release: 0 Summary: Utilities for system wide CA certificate installation License: GPL-2.0+ @@ -53,9 +53,12 @@ Obsoletes: java-ca-certificates = 1 Provides: java-ca-certificates = %version-%release BuildArch: noarch +%{?systemd_requires} %description -Utilities for system wide CA certificate installation +Update-ca-certificates is intended to keep the certificate stores of +SSL libraries like OpenSSL or GnuTLS in sync with the system's CA +certificate store that is managed by p11-kit. %prep %setup -q @@ -67,6 +70,7 @@ rm -f certbundle.run %endif %make_install +ln -s service %{buildroot}%{_sbindir}/rcca-certificates install -d -m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist} install -d -m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist} install -d -m 755 %{buildroot}%{ssletcdir} @@ -74,6 +78,7 @@ install -d -m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d install -d -m 555 %{buildroot}/var/lib/ca-certificates/pem install -d -m 555 %{buildroot}/var/lib/ca-certificates/openssl +install -d -m 755 %{buildroot}/%{_prefix}/lib/systemd/system ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts} %if %{with cabundle} install -D -m 644 /dev/null %{buildroot}/%{cabundle} @@ -119,6 +124,7 @@ done mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} fi +%service_add_pre ca-certificates.path ca-certificates.service %post if [ -s /etc/ca-certificates.conf ]; then @@ -134,11 +140,16 @@ # This also makes sure we update the hash links in /etc/ssl/certs # as openssl changed the hash format between 0.9.8 and 1.0 update-ca-certificates -f || true +%service_add_post ca-certificates.path ca-certificates.service + +%preun +%service_del_preun ca-certificates.path ca-certificates.service %postun if [ "$1" -eq 0 ]; then rm -rf /var/lib/ca-certificates/pem /var/lib/ca-certificates/openssl fi +%service_del_postun ca-certificates.path ca-certificates.service %clean rm -rf %{buildroot} @@ -160,9 +171,11 @@ %dir /etc/ca-certificates/update.d %dir %{_prefix}/lib/ca-certificates %dir %{_prefix}/lib/ca-certificates/update.d + %{_prefix}/lib/systemd/system/* %dir /var/lib/ca-certificates %dir /var/lib/ca-certificates/pem %dir /var/lib/ca-certificates/openssl +%{_sbindir}/rcca-certificates %{_sbindir}/update-ca-certificates %{_mandir}/man8/update-ca-certificates.8* %{_prefix}/lib/ca-certificates/update.d/*java.run ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.oJhPne/_old 2017-08-12 20:01:25.392745609 +0200 +++ /var/tmp/diff_new_pack.oJhPne/_new 2017-08-12 20:01:25.392745609 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">http://github.com/openSUSE/ca-certificates.git</param> - <param name="changesrevision">c15593c0a7022a63dcc723f29327d87d14c6b99e</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">10b278586d2378e25d5cc9463be84c29725aa918</param></service></servicedata> \ No newline at end of file ++++++ ca-certificates-2+git20151110.c15593c.tar.xz -> ca-certificates-2+git20170807.10b2785.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-2+git20151110.c15593c/Makefile new/ca-certificates-2+git20170807.10b2785/Makefile --- old/ca-certificates-2+git20151110.c15593c/Makefile 2015-03-24 11:30:20.000000000 +0100 +++ new/ca-certificates-2+git20170807.10b2785/Makefile 2017-08-07 15:57:31.000000000 +0200 @@ -5,12 +5,15 @@ pkglibdir=$(prefix)/lib/ca-certificates pkgdatadir=$(datadir)/ca-certificates mandir=$(datadir)/man +systemdsystemunitdir=$(prefix)/lib/systemd/system all: install: install -D -m 755 update-ca-certificates $(DESTDIR)$(sbindir)/update-ca-certificates install -D -m 644 update-ca-certificates.8 $(DESTDIR)$(mandir)/man8/update-ca-certificates.8 + install -D -m 644 ca-certificates.path $(DESTDIR)$(systemdsystemunitdir)/ca-certificates.path + install -D -m 644 ca-certificates.service $(DESTDIR)$(systemdsystemunitdir)/ca-certificates.service for i in *.run; do install -D -m 755 $$i $(DESTDIR)$(pkglibdir)/update.d/$$i; done package: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-2+git20151110.c15593c/ca-certificates.path new/ca-certificates-2+git20170807.10b2785/ca-certificates.path --- old/ca-certificates-2+git20151110.c15593c/ca-certificates.path 1970-01-01 01:00:00.000000000 +0100 +++ new/ca-certificates-2+git20170807.10b2785/ca-certificates.path 2017-08-07 15:57:31.000000000 +0200 @@ -0,0 +1,16 @@ +[Unit] +Description=Watch for changes in CA certificates +After=local-fs.target + +[Path] +Unit=ca-certificates.service +PathChanged=/usr/share/pki/trust +PathChanged=/usr/share/pki/trust/anchors +PathChanged=/usr/share/pki/trust/blacklist +PathChanged=/etc/pki/trust +PathChanged=/etc/pki/trust/anchors +PathChanged=/etc/pki/trust/blacklist + +[Install] +WantedBy=default.target + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-2+git20151110.c15593c/ca-certificates.service new/ca-certificates-2+git20170807.10b2785/ca-certificates.service --- old/ca-certificates-2+git20151110.c15593c/ca-certificates.service 1970-01-01 01:00:00.000000000 +0100 +++ new/ca-certificates-2+git20170807.10b2785/ca-certificates.service 2017-08-07 15:57:31.000000000 +0200 @@ -0,0 +1,11 @@ +[Unit] +Description=Update system wide CA certificates +Wants=local-fs.target + +[Service] +Type=oneshot +ExecStart=/usr/sbin/update-ca-certificates + +[Install] +WantedBy=default.target + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-2+git20151110.c15593c/update-ca-certificates new/ca-certificates-2+git20170807.10b2785/update-ca-certificates --- old/ca-certificates-2+git20151110.c15593c/update-ca-certificates 2015-11-11 09:18:47.000000000 +0100 +++ new/ca-certificates-2+git20170807.10b2785/update-ca-certificates 2017-08-07 15:57:31.000000000 +0200 @@ -54,6 +54,11 @@ # set sane umask umask 0222; +if (($ENV{TRANSACTIONAL_UPDATE}//'') =~ /^(?:true|yes|1)/i) { + warn "transactional update in progress, not running any scripts" if $options{verbose}; + exit 0; +} + my @args; push @args, '-f' if $options{fresh}; push @args, '-v' if $options{verbose};
participants (1)
-
root@hilbert.suse.de