From 33c409b6bd3f26eb9627bd7424dfdb5e66e560d8 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Fri, 17 Dec 2021 09:23:21 -0800 Subject: [PATCH] [main] Resetting the version of `ca-certificates` to something more meaningful. (#1773) --- .github/workflows/check_entangled_specs.py | 12 ++++++++---- .github/workflows/validate-cg-manifest.sh | 5 +++-- SPECS/ca-certificates/ca-certificates.spec | 13 +++++++++---- .../prebuilt-ca-certificates-base.spec | 12 ++++++++---- .../prebuilt-ca-certificates.spec | 12 ++++++++---- cgmanifest.json | 10 ---------- .../manifests/package/pkggen_core_aarch64.txt | 8 ++++---- .../manifests/package/pkggen_core_x86_64.txt | 8 ++++---- .../manifests/package/toolchain_aarch64.txt | 10 +++++----- .../manifests/package/toolchain_x86_64.txt | 10 +++++----- 10 files changed, 54 insertions(+), 46 deletions(-) mode change 100644 => 100755 .github/workflows/check_entangled_specs.py diff --git a/.github/workflows/check_entangled_specs.py b/.github/workflows/check_entangled_specs.py old mode 100644 new mode 100755 index 1b27736ca7..a4b692f9b8 --- a/.github/workflows/check_entangled_specs.py +++ b/.github/workflows/check_entangled_specs.py @@ -1,3 +1,7 @@ +#!/usr/bin/python3 +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + from typing import FrozenSet, List, Set from pyrpm.spec import Spec @@ -56,11 +60,11 @@ def check_spec_tags(base_path: str, tags: List[str], groups: List[FrozenSet]) -> def check_version_release_match_groups(base_path: str) -> Set[FrozenSet]: - return check_spec_tags(base_path, ['version', 'release'], version_release_matching_groups) + return check_spec_tags(base_path, ['epoch', 'version', 'release'], version_release_matching_groups) def check_version_match_groups(base_path: str) -> Set[FrozenSet]: - return check_spec_tags(base_path, ['version'], version_matching_groups) + return check_spec_tags(base_path, ['epoch', 'version'], version_matching_groups) def check_matches(base_path: str): @@ -75,13 +79,13 @@ def check_matches(base_path: str): if len(version_match_errors): print( - '\nPlease update the following sets of specs to have the same Version tags:') + '\nPlease update the following sets of specs to have the same "Epoch" and "Version" tags:') for e in version_match_errors: printer.pprint(e) if len(version_release_match_errors): print( - '\nPlease update the following sets of specs to have the same Version and Release tags:') + '\nPlease update the following sets of specs to have the same "Epoch", "Version", and "Release" tags:') for e in version_release_match_errors: printer.pprint(e) sys.exit(1) diff --git a/.github/workflows/validate-cg-manifest.sh b/.github/workflows/validate-cg-manifest.sh index 84bf73328d..f03d64520e 100755 --- a/.github/workflows/validate-cg-manifest.sh +++ b/.github/workflows/validate-cg-manifest.sh @@ -14,6 +14,7 @@ # Ignore some specs, mostly those with Source0 files that are not from an external source, or have very odd URLs ignore_list=" \ byacc \ + ca-certificates \ Cython \ grub2-efi-binary-signed-aarch64 \ grub2-efi-binary-signed-x86_64 \ @@ -45,8 +46,8 @@ ignore_list=" \ verity-read-only-root \ xorg-x11-apps \ xorg-x11-font-utils \ - xorg-x11-xkb-utils \ - xorg-x11-server-utils" + xorg-x11-server-utils \ + xorg-x11-xkb-utils" rm -f bad_registrations.txt rm -rf ./cgmanifest_test_dir/ diff --git a/SPECS/ca-certificates/ca-certificates.spec b/SPECS/ca-certificates/ca-certificates.spec index 4ef2638b0f..c1f1a173a1 100644 --- a/SPECS/ca-certificates/ca-certificates.spec +++ b/SPECS/ca-certificates/ca-certificates.spec @@ -42,14 +42,15 @@ touch -r %{SOURCE23} %{buildroot}%{_datadir}/pki/ca-trust-source/%{2} Summary: Certificate Authority certificates Name: ca-certificates -# When updating, "Version" AND "Release" tags must be updated in the "prebuilt-ca-certificates" package as well. -Version: 20200720 -Release: 20%{?dist} +# When updating, "Epoch, "Version", AND "Release" tags must be updated in the "prebuilt-ca-certificates*" packages as well. +Epoch: 1 +Version: 2.0.0 +Release: 1%{?dist} License: MPLv2.0 Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Security -URL: https://hg.mozilla.org +URL: https://docs.microsoft.com/en-us/security/trusted-root/program-requirements Source2: update-ca-trust Source3: trust-fixes Source4: certdata2pem.py @@ -317,6 +318,10 @@ rm -f %{pkidir}/tls/certs/*.{0,pem} %{_bindir}/bundle2pem.sh %changelog +* Wed Dec 15 2021 Pawel Winogrodzki - 1:2.0.0-1 +- Making 'Release' match with 'prebuilt-ca-certificates-base'. +- Updating 'URL' and 'Version' tags for CBL-Mariner 2.0. + * Tue Oct 12 2021 Pawel Winogrodzki - 20200720-20 - Making 'Release' match with 'prebuilt-ca-certificates*'. diff --git a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec index cc8222e5e8..38c18654f2 100644 --- a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec +++ b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec @@ -1,13 +1,14 @@ -# When updating, "Version" AND "Release" tags must be updated in the "ca-certificates" package as well. Summary: Prebuilt version of ca-certificates-base package. Name: prebuilt-ca-certificates-base -Version: 20200720 -Release: 20%{?dist} +# When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well. +Epoch: 1 +Version: 2.0.0 +Release: 1%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Security -URL: https://hg.mozilla.org +URL: https://docs.microsoft.com/en-us/security/trusted-root/program-requirements BuildArch: noarch BuildRequires: ca-certificates-base = %{version}-%{release} @@ -44,6 +45,9 @@ find %{buildroot} -name README -delete %{_sysconfdir}/pki/java/cacerts %changelog +* Wed Dec 15 2021 Pawel Winogrodzki - 1:2.0.0-1 +- Updating 'URL' and 'Version' tags for CBL-Mariner 2.0. + * Tue Oct 12 2021 Pawel Winogrodzki - 20200720-20 - Removing conflicts with 'ca-certificates-shared'. - License verified. diff --git a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec index 6b4075829d..c54492f87e 100644 --- a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec +++ b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec @@ -1,13 +1,14 @@ -# When updating, "Version" AND "Release" tags must be updated in the "ca-certificates" package as well. Summary: Prebuilt version of ca-certificates package. Name: prebuilt-ca-certificates -Version: 20200720 -Release: 20%{?dist} +# When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well. +Epoch: 1 +Version: 2.0.0 +Release: 1%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Security -URL: https://hg.mozilla.org +URL: https://docs.microsoft.com/en-us/security/trusted-root/program-requirements BuildArch: noarch BuildRequires: ca-certificates = %{version}-%{release} @@ -44,6 +45,9 @@ find %{buildroot} -name README -delete %{_sysconfdir}/pki/java/cacerts %changelog +* Wed Dec 15 2021 Pawel Winogrodzki - 1:2.0.0-1 +- Updating 'URL' and 'Version' tags for CBL-Mariner 2.0. + * Tue Oct 12 2021 Pawel Winogrodzki - 20200720-20 - Removing conflicts with 'ca-certificates-shared'. - License verified. diff --git a/cgmanifest.json b/cgmanifest.json index dd00e4633c..0733c4d653 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -642,16 +642,6 @@ } } }, - { - "component": { - "type": "other", - "other": { - "name": "ca-certificates", - "version": "20200720", - "downloadUrl": "https://hg.mozilla.org/releases/mozilla-release/raw-file/712412cb974c0392afe31fd9ce974b26ae3993c3/security/nss/lib/ckfw/builtins/certdata.txt" - } - } - }, { "component": { "type": "other", diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 22e75e3004..4de7c87d8b 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -223,10 +223,10 @@ libffi-devel-3.4.2-1.cm2.aarch64.rpm libtasn1-4.14-3.cm2.aarch64.rpm p11-kit-0.23.22-3.cm2.aarch64.rpm p11-kit-trust-0.23.22-3.cm2.aarch64.rpm -ca-certificates-shared-20200720-20.cm2.noarch.rpm -ca-certificates-tools-20200720-20.cm2.noarch.rpm -ca-certificates-base-20200720-20.cm2.noarch.rpm -ca-certificates-20200720-20.cm2.noarch.rpm +ca-certificates-shared-2.0.0-1.cm2.noarch.rpm +ca-certificates-tools-2.0.0-1.cm2.noarch.rpm +ca-certificates-base-2.0.0-1.cm2.noarch.rpm +ca-certificates-2.0.0-1.cm2.noarch.rpm dwz-0.13-4.cm2.aarch64.rpm unzip-6.0-19.cm2.aarch64.rpm python3-3.9.9-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 267282f070..f34b05d51e 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -223,10 +223,10 @@ libffi-devel-3.4.2-1.cm2.x86_64.rpm libtasn1-4.14-3.cm2.x86_64.rpm p11-kit-0.23.22-3.cm2.x86_64.rpm p11-kit-trust-0.23.22-3.cm2.x86_64.rpm -ca-certificates-shared-20200720-20.cm2.noarch.rpm -ca-certificates-tools-20200720-20.cm2.noarch.rpm -ca-certificates-base-20200720-20.cm2.noarch.rpm -ca-certificates-20200720-20.cm2.noarch.rpm +ca-certificates-shared-2.0.0-1.cm2.noarch.rpm +ca-certificates-tools-2.0.0-1.cm2.noarch.rpm +ca-certificates-base-2.0.0-1.cm2.noarch.rpm +ca-certificates-2.0.0-1.cm2.noarch.rpm dwz-0.13-4.cm2.x86_64.rpm unzip-6.0-19.cm2.x86_64.rpm python3-3.9.9-1.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index f49b91c5a9..abcea95898 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -17,11 +17,11 @@ bzip2-1.0.8-1.cm2.aarch64.rpm bzip2-debuginfo-1.0.8-1.cm2.aarch64.rpm bzip2-devel-1.0.8-1.cm2.aarch64.rpm bzip2-libs-1.0.8-1.cm2.aarch64.rpm -ca-certificates-20200720-20.cm2.noarch.rpm -ca-certificates-base-20200720-20.cm2.noarch.rpm -ca-certificates-legacy-20200720-20.cm2.noarch.rpm -ca-certificates-shared-20200720-20.cm2.noarch.rpm -ca-certificates-tools-20200720-20.cm2.noarch.rpm +ca-certificates-2.0.0-1.cm2.noarch.rpm +ca-certificates-base-2.0.0-1.cm2.noarch.rpm +ca-certificates-legacy-2.0.0-1.cm2.noarch.rpm +ca-certificates-shared-2.0.0-1.cm2.noarch.rpm +ca-certificates-tools-2.0.0-1.cm2.noarch.rpm check-0.15.2-1.cm2.aarch64.rpm check-debuginfo-0.15.2-1.cm2.aarch64.rpm cmake-3.21.4-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 8c230f3f3f..a97f9e4a18 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -17,11 +17,11 @@ bzip2-1.0.8-1.cm2.x86_64.rpm bzip2-debuginfo-1.0.8-1.cm2.x86_64.rpm bzip2-devel-1.0.8-1.cm2.x86_64.rpm bzip2-libs-1.0.8-1.cm2.x86_64.rpm -ca-certificates-20200720-20.cm2.noarch.rpm -ca-certificates-base-20200720-20.cm2.noarch.rpm -ca-certificates-legacy-20200720-20.cm2.noarch.rpm -ca-certificates-shared-20200720-20.cm2.noarch.rpm -ca-certificates-tools-20200720-20.cm2.noarch.rpm +ca-certificates-2.0.0-1.cm2.noarch.rpm +ca-certificates-base-2.0.0-1.cm2.noarch.rpm +ca-certificates-legacy-2.0.0-1.cm2.noarch.rpm +ca-certificates-shared-2.0.0-1.cm2.noarch.rpm +ca-certificates-tools-2.0.0-1.cm2.noarch.rpm check-0.15.2-1.cm2.x86_64.rpm check-debuginfo-0.15.2-1.cm2.x86_64.rpm cmake-3.21.4-2.cm2.x86_64.rpm