Source1001: ca-certificates.manifest
Url: http://gitorious.org/opensuse/ca-certificates
Requires: openssl
+Requires: smack
+Requires: coreutils
Requires(post): /usr/bin/rm
Requires(post): openssl-misc
Recommends: ca-certificates-mozilla
# as openssl changed the hash format between 0.9.8 and 1.0
update-ca-certificates -f || true
+chown root:system %{etccadir}
+chmod 775 %{etccadir}
+chsmack -a "System::Shared" %{etccadir}
+chsmack -t %{etccadir}
%files
%manifest %{name}.manifest
# SSL_CTX_set_default_verify_paths() instead.
#
EOF
-for i in "$cadir"/*.pem; do
+for i in `find $cadir/*`; do
+ fname=`echo $i | cut -f 5 -d '/'`
+ if [[ ! $fname =~ ^[0-9a-z]{8}\.[0-9]$ ]]; then
+ continue
+ fi
+
# only include certificates trusted for server auth
if grep -q "BEGIN TRUSTED CERTIFICATE" "$i"; then
trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"`
openssl x509 -in "$i"
done >> "$cafile.new"
mv "$cafile.new" "$cafile"
+
+chown root:system $cafile
+chmod 664 $cafile
+chsmack -a "System::Shared" $cafile
my $certsconf = '/etc/ca-certificates.conf';
my $hooksdir1 = '/etc/ca-certificates/update.d';
my $hooksdir2 = '/usr/lib/ca-certificates/update.d';
-my $certsdir = "/usr/share/ca-certificates";
+# only search /usr/share/ca-certificates/certs because of code-signing certs
+my $certsdir = "/usr/share/ca-certificates/certs";
my $localcertsdir = "/usr/local/share/ca-certificates";
my $etccertsdir = "/etc/ssl/certs";
{
my $f = $_[0];
my $t = targetfilename($f);
+
return if -e $t;
unlink $t if -l $t; # dangling symlink
if (symlink($f, $t)) {
File::Find::find({
no_chdir => 1,
wanted => sub {
- -f && /\.(?:pem|crt)$/ && push @files, $_;
+ -f && /\.(?:pem|crt|[0-9])$/ && push @files, $_;
}
}, $certsdir);
for my $f (@files) {
addcert($f);
}
-for my $f (glob "$etccertsdir/*.pem") {
+for my $f (glob "$etccertsdir/*.{pem,[0-9]}") {
if (-l $f && !-e $f) {
if (startswith($f, $etccertsdir)
|| startswith($f, $localcertsdir))
chdir $etccertsdir || die "$!";
if (%added || %removed || $opt_fresh) {
print "Updating certificates in $etccertsdir...\n";
- my $redir = ($opt_verbose?'':'> /dev/null');
- system("c_rehash . $redir");
+# tizen ca-certs suffix isn't .pem|.crt|.cer|.crl
+# so c_rehash cannot be used.
+# my $redir = ($opt_verbose?'':'> /dev/null');
+# system("c_rehash . $redir");
printf("%d added, %d removed.\n",
(%added?(scalar keys %added):0),