[dev] `ca-certificates`: removing Mozilla CAs in favour of Microsoft ones (#1437)
This commit is contained in:
parent
4f550c59ba
commit
514a5fcc54
|
@ -19,6 +19,7 @@ version_release_matching_groups = [
|
|||
]),
|
||||
frozenset([
|
||||
"SPECS/ca-certificates/ca-certificates.spec",
|
||||
"SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec",
|
||||
"SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec"
|
||||
])
|
||||
]
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -316,6 +316,7 @@
|
|||
"perl-Test-Warnings",
|
||||
"perl-Text-Template",
|
||||
"pigz",
|
||||
"prebuilt-ca-certificates",
|
||||
"prebuilt-ca-certificates-base",
|
||||
"python-cachetools",
|
||||
"python-cherrypy",
|
||||
|
|
|
@ -10,15 +10,10 @@
|
|||
"README.src": "86184318d451bec55d70c84e618cbfe10c8adb7dc893964ce4aaecff99d83433",
|
||||
"README.usr": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8",
|
||||
"bundle2pem.sh": "a61e0d9f34e21456cfe175e9a682f56959240e66dfeb75bd2457226226aa413a",
|
||||
"ca-legacy": "de73a03a0cde4aff31ce3d5e27eecd03284a637c102e46b9e47d4369b5152ae0",
|
||||
"ca-legacy.8.txt": "4fef2b8fed41d21ae559803b06074ca61a3f46648f174832542e3223d16dabf4",
|
||||
"ca-legacy.conf": "400b96da374503fa6b6350a867347082d0c90e05ba4d02cc6b51b11229199c4d",
|
||||
"certdata.base.txt": "76c4cd1860b9a6f6ee9c2a0dcddcef46f65950b7ec12d2a7eeabeedca4e379f9",
|
||||
"certdata.microsoft.txt": "37a832a646e56f75cd8a128d40bdb20a23b4e8794692b1b2d9ae243351c4d255",
|
||||
"certdata.txt": "cc6408bd4be7fbfb8699bdb40ccb7f6de5780d681d87785ea362646e4dad5e8e",
|
||||
"certdata2pem.py": "0be02cecc27a6e55e1cad1783033b147f502b26f9fb1bb5a53e7a43bbcb68fa0",
|
||||
"nssckbi.h": "9d916fe1586259d94632f186a736449e8344b8a18f7ac97253f13efc764d77ea",
|
||||
"pem2bundle.sh": "79012e7fabf560c3b950349e500770a314006e5b330621a50147eeda11c633ea",
|
||||
"certdata.microsoft.txt": "68736961bfab066c9e3d0edd23ede65fbe09650489b4cb64878cceb61db0d990",
|
||||
"certdata2pem.py": "4f5848c14210758f19ab9fdc9ffd83733303a48642a3d47c4d682f904fdc0f33",
|
||||
"pem2bundle.sh": "f96a2f0071fb80e30332c0bd95853183f2f49a3c98d5e9fc4716aeeb001e3426",
|
||||
"trust-fixes": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
|
||||
"update-ca-trust": "0c0c0600587db7f59ba5e399666152ea6de6059f37408f3946c43438d607efdd",
|
||||
"update-ca-trust.8.txt": "2470551bd11cc393ddf4cf43cf101c29d9f308c15469ee5e78908cfcf2437579"
|
||||
|
|
|
@ -1,91 +1,58 @@
|
|||
%define pkidir %{_sysconfdir}/pki
|
||||
%define catrustdir %{_sysconfdir}/pki/ca-trust
|
||||
%define catrustdir %{pkidir}/ca-trust
|
||||
%define classic_tls_bundle ca-bundle.crt
|
||||
%define openssl_format_trust_bundle ca-bundle.trust.crt
|
||||
%define legacy_default_bundle ca-bundle.legacy.default.crt
|
||||
%define legacy_disable_bundle ca-bundle.legacy.disable.crt
|
||||
%define java_bundle java/cacerts
|
||||
%define p11_format_mozilla_bundle ca-bundle.trust.mozilla.p11-kit
|
||||
%define legacy_default_mozilla_bundle ca-bundle.legacy.default.mozilla.crt
|
||||
%define legacy_disable_mozilla_bundle ca-bundle.legacy.disable.mozilla.crt
|
||||
|
||||
%define p11_format_base_bundle ca-bundle.trust.base.p11-kit
|
||||
%define legacy_default_base_bundle ca-bundle.legacy.default.base.crt
|
||||
%define legacy_disable_base_bundle ca-bundle.legacy.disable.base.crt
|
||||
|
||||
%define p11_format_microsoft_bundle ca-bundle.trust.microsoft.p11-kit
|
||||
%define legacy_default_microsoft_bundle ca-bundle.legacy.default.microsoft.crt
|
||||
%define legacy_disable_microsoft_bundle ca-bundle.legacy.disable.microsoft.crt
|
||||
|
||||
# List of packages triggering legacy certs generation if 'ca-certificates-legacy'
|
||||
# is installed.
|
||||
%global watched_pkgs %{name}, %{name}-base, %{name}-microsoft
|
||||
%global watched_pkgs %{name}, %{name}-base
|
||||
|
||||
# Rebuilding cert bundles with source certificates.
|
||||
%global refresh_bundles \
|
||||
%{_bindir}/ca-legacy install\
|
||||
%{_bindir}/update-ca-trust
|
||||
|
||||
# Converts certdata.txt files to p11-kit format bundles and legacy crt files.
|
||||
# Converts certdata.txt files to p11-kit format bundles.
|
||||
# Arguments:
|
||||
# %1 - the source certdata.txt file;
|
||||
%define convert_certdata() \
|
||||
WORKDIR=$(basename %{1}.d) \
|
||||
mkdir -p $WORKDIR/certs/legacy-default \
|
||||
mkdir $WORKDIR/certs/legacy-disable \
|
||||
mkdir -p $WORKDIR/certs \
|
||||
mkdir $WORKDIR/java \
|
||||
pushd $WORKDIR/certs \
|
||||
pwd $WORKDIR \
|
||||
cp %{1} certdata.txt \
|
||||
python3 %{SOURCE4} >c2p.log 2>c2p.err \
|
||||
popd \
|
||||
%{SOURCE19} $WORKDIR %{SOURCE1} %{openssl_format_trust_bundle} %{legacy_default_bundle} %{legacy_disable_bundle} %{SOURCE3}
|
||||
%{SOURCE19} $WORKDIR %{openssl_format_trust_bundle} %{SOURCE3}
|
||||
|
||||
# Installs bundle files to the right directories.
|
||||
# Arguments:
|
||||
# %1 - the source certdata.txt file;
|
||||
# %2 - output p11-kit format bundle name;
|
||||
# %3 - output legacy default bundle name;
|
||||
# %4 - output legacy disabled bundle name;
|
||||
%define install_bundles() \
|
||||
WORKDIR=$(basename %{1}.d) \
|
||||
install -p -m 644 $WORKDIR/%{openssl_format_trust_bundle} %{buildroot}%{_datadir}/pki/ca-trust-source/%{2} \
|
||||
install -p -m 644 $WORKDIR/%{legacy_default_bundle} %{buildroot}%{_datadir}/pki/ca-trust-legacy/%{3} \
|
||||
install -p -m 644 $WORKDIR/%{legacy_disable_bundle} %{buildroot}%{_datadir}/pki/ca-trust-legacy/%{4} \
|
||||
touch -r %{SOURCE0} %{buildroot}%{_datadir}/pki/ca-trust-source/%{2} \
|
||||
touch -r %{SOURCE0} %{buildroot}%{_datadir}/pki/ca-trust-legacy/%{3} \
|
||||
touch -r %{SOURCE0} %{buildroot}%{_datadir}/pki/ca-trust-legacy/%{4}
|
||||
touch -r %{SOURCE23} %{buildroot}%{_datadir}/pki/ca-trust-source/%{2}
|
||||
|
||||
Summary: Certificate Authority certificates
|
||||
Name: ca-certificates
|
||||
# The files, certdata.txt and nssckbi.h, should be taken from a released version of NSS, as published
|
||||
# at https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/
|
||||
#
|
||||
# The versions that are used by the latest released version of
|
||||
# Mozilla Firefox should be available from:
|
||||
# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
|
||||
# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
|
||||
#
|
||||
# The most recent development versions of the files can be found at
|
||||
# http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/nssckbi.h
|
||||
# http://hg.mozilla.org/projects/nss/raw-file/default/lib/ckfw/builtins/certdata.txt
|
||||
# (but these files might have not yet been released).
|
||||
|
||||
# When updating, "Version" AND "Release" tags must be updated in the "prebuilt-ca-certificates" package as well.
|
||||
Version: 20200720
|
||||
Release: 15%{?dist}
|
||||
Release: 19%{?dist}
|
||||
License: MPLv2.0
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: System Environment/Security
|
||||
URL: https://hg.mozilla.org
|
||||
# Please always update both certdata.txt and nssckbi.h
|
||||
Source0: https://hg.mozilla.org/releases/mozilla-release/raw-file/712412cb974c0392afe31fd9ce974b26ae3993c3/security/nss/lib/ckfw/builtins/certdata.txt
|
||||
Source1: nssckbi.h
|
||||
Source2: update-ca-trust
|
||||
Source3: trust-fixes
|
||||
Source4: certdata2pem.py
|
||||
Source5: ca-legacy.conf
|
||||
Source6: ca-legacy
|
||||
Source9: ca-legacy.8.txt
|
||||
Source10: update-ca-trust.8.txt
|
||||
Source11: README.usr
|
||||
Source12: README.etc
|
||||
|
@ -99,6 +66,7 @@ Source19: pem2bundle.sh
|
|||
Source20: LICENSE
|
||||
Source21: certdata.base.txt
|
||||
Source22: bundle2pem.sh
|
||||
# The certdata.microsoft.txt is provided by Microsoft's Trusted Root Program.
|
||||
Source23: certdata.microsoft.txt
|
||||
|
||||
BuildRequires: /bin/ln
|
||||
|
@ -116,18 +84,19 @@ Requires(post): %{name}-tools = %{version}-%{release}
|
|||
Requires(post): coreutils
|
||||
Requires(postun): %{name}-tools = %{version}-%{release}
|
||||
|
||||
Provides: ca-certificates-microsoft = %{version}-%{release}
|
||||
Provides: ca-certificates-mozilla = %{version}-%{release}
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
The Public Key Inrastructure is used for many security issues in a
|
||||
Linux system. In order for a certificate to be trusted, it must be
|
||||
signed by a trusted agent called a Certificate Authority (CA). The
|
||||
certificates loaded by this section are from the list on the Mozilla
|
||||
version control system and formats it into a form used by
|
||||
OpenSSL-1.0.1e. The certificates can also be used by other applications
|
||||
either directly of indirectly through openssl.
|
||||
The Public Key Inrastructure is used for many security issues in
|
||||
a Linux system. In order for a certificate to be trusted, it must be
|
||||
signed by a trusted agent called a Certificate Authority (CA).
|
||||
The certificates loaded by this section are from the list of CAs trusted
|
||||
through the Microsoft Trusted Root Program and formats it into a form
|
||||
used by OpenSSL-1.0.1e. The certificates can also be used by other
|
||||
applications either directly of indirectly through OpenSSL.
|
||||
|
||||
%package shared
|
||||
Summary: A set of directories and files required by all certificate packages.
|
||||
|
@ -148,18 +117,6 @@ Requires(postun): %{name}-tools = %{version}-%{release}
|
|||
%description base
|
||||
%{summary}
|
||||
|
||||
%package microsoft
|
||||
Summary: A list of CAs trusted through the Microsoft Trusted Root Program.
|
||||
Group: System Environment/Security
|
||||
|
||||
Requires: %{name}-shared = %{version}-%{release}
|
||||
Requires(post): %{name}-tools = %{version}-%{release}
|
||||
Requires(post): coreutils
|
||||
Requires(postun): %{name}-tools = %{version}-%{release}
|
||||
|
||||
%description microsoft
|
||||
%{summary}
|
||||
|
||||
%package tools
|
||||
Summary: Cert generation tools.
|
||||
Group: System Environment/Security
|
||||
|
@ -178,28 +135,21 @@ Requires: %{name}-shared = %{version}-%{release}
|
|||
|
||||
%description legacy
|
||||
Provides a legacy version of ca-bundle.crt in the format of "[hash].0 -> [hash].pem"
|
||||
pairs under %{_sysconfdir}/pki/tls/certs.
|
||||
pairs under %{pkidir}/tls/certs.
|
||||
|
||||
%prep -q
|
||||
rm -rf %{name}
|
||||
mkdir %{name}
|
||||
|
||||
%build
|
||||
cp -p %{SOURCE20} .
|
||||
|
||||
%convert_certdata %{SOURCE0}
|
||||
%convert_certdata %{SOURCE21}
|
||||
%convert_certdata %{SOURCE23}
|
||||
|
||||
#manpage
|
||||
cp %{SOURCE10} %{name}/update-ca-trust.8.txt
|
||||
asciidoc.py -v -d manpage -b docbook %{name}/update-ca-trust.8.txt
|
||||
xsltproc --nonet -o %{name}/update-ca-trust.8 /etc/asciidoc/docbook-xsl/manpage.xsl %{name}/update-ca-trust.8.xml
|
||||
|
||||
cp %{SOURCE9} %{name}/ca-legacy.8.txt
|
||||
asciidoc.py -v -d manpage -b docbook %{name}/ca-legacy.8.txt
|
||||
xsltproc --nonet -o %{name}/ca-legacy.8 /etc/asciidoc/docbook-xsl/manpage.xsl %{name}/ca-legacy.8.xml
|
||||
|
||||
xsltproc --nonet -o %{name}/update-ca-trust.8 %{_sysconfdir}/asciidoc/docbook-xsl/manpage.xsl %{name}/update-ca-trust.8.xml
|
||||
|
||||
%install
|
||||
mkdir -p -m 755 %{buildroot}%{pkidir}/tls/certs
|
||||
|
@ -216,12 +166,10 @@ mkdir -p -m 755 %{buildroot}%{catrustdir}/extracted/edk2
|
|||
mkdir -p -m 755 %{buildroot}%{_datadir}/pki/ca-trust-source
|
||||
mkdir -p -m 755 %{buildroot}%{_datadir}/pki/ca-trust-source/anchors
|
||||
mkdir -p -m 755 %{buildroot}%{_datadir}/pki/ca-trust-source/blacklist
|
||||
mkdir -p -m 755 %{buildroot}%{_datadir}/pki/ca-trust-legacy
|
||||
mkdir -p -m 755 %{buildroot}%{_bindir}
|
||||
mkdir -p -m 755 %{buildroot}%{_mandir}/man8
|
||||
|
||||
install -p -m 644 %{name}/update-ca-trust.8 %{buildroot}%{_mandir}/man8
|
||||
install -p -m 644 %{name}/ca-legacy.8 %{buildroot}%{_mandir}/man8
|
||||
install -p -m 644 %{SOURCE11} %{buildroot}%{_datadir}/pki/ca-trust-source/README
|
||||
install -p -m 644 %{SOURCE12} %{buildroot}%{catrustdir}/README
|
||||
install -p -m 644 %{SOURCE13} %{buildroot}%{catrustdir}/extracted/README
|
||||
|
@ -231,23 +179,16 @@ install -p -m 644 %{SOURCE16} %{buildroot}%{catrustdir}/extracted/pem/README
|
|||
install -p -m 644 %{SOURCE17} %{buildroot}%{catrustdir}/extracted/edk2/README
|
||||
install -p -m 644 %{SOURCE18} %{buildroot}%{catrustdir}/source/README
|
||||
|
||||
install -p -m 644 %{SOURCE5} %{buildroot}%{catrustdir}/ca-legacy.conf
|
||||
|
||||
# Mozilla certs
|
||||
%install_bundles %{SOURCE0} %{p11_format_mozilla_bundle} %{legacy_default_mozilla_bundle} %{legacy_disable_mozilla_bundle}
|
||||
|
||||
# base certs
|
||||
%install_bundles %{SOURCE21} %{p11_format_base_bundle} %{legacy_default_base_bundle} %{legacy_disable_base_bundle}
|
||||
%install_bundles %{SOURCE21} %{p11_format_base_bundle}
|
||||
|
||||
# Microsoft certs
|
||||
%install_bundles %{SOURCE23} %{p11_format_microsoft_bundle} %{legacy_default_microsoft_bundle} %{legacy_disable_microsoft_bundle}
|
||||
%install_bundles %{SOURCE23} %{p11_format_microsoft_bundle}
|
||||
|
||||
# TODO: consider to dynamically create the update-ca-trust script from within
|
||||
# this .spec file, in order to have the output file+directory names at once place only.
|
||||
install -p -m 755 %{SOURCE2} %{buildroot}%{_bindir}/update-ca-trust
|
||||
|
||||
install -p -m 755 %{SOURCE6} %{buildroot}%{_bindir}/ca-legacy
|
||||
|
||||
install -p -m 755 %{SOURCE22} %{buildroot}%{_bindir}/bundle2pem.sh
|
||||
|
||||
# touch ghosted files that will be extracted dynamically
|
||||
|
@ -264,37 +205,28 @@ touch %{buildroot}%{catrustdir}/extracted/%{java_bundle}
|
|||
chmod 444 %{buildroot}%{catrustdir}/extracted/%{java_bundle}
|
||||
touch %{buildroot}%{catrustdir}/extracted/edk2/cacerts.bin
|
||||
chmod 444 %{buildroot}%{catrustdir}/extracted/edk2/cacerts.bin
|
||||
touch %{buildroot}%{_datadir}/pki/ca-trust-source/%{legacy_default_bundle}
|
||||
chmod 444 %{buildroot}%{_datadir}/pki/ca-trust-source/%{legacy_default_bundle}
|
||||
touch %{buildroot}%{_datadir}/pki/ca-trust-source/%{legacy_disable_bundle}
|
||||
chmod 444 %{buildroot}%{_datadir}/pki/ca-trust-source/%{legacy_disable_bundle}
|
||||
|
||||
# /etc/ssl/certs symlink for 3rd-party tools
|
||||
ln -s ../pki/tls/certs \
|
||||
%{buildroot}%{_sysconfdir}/ssl/certs
|
||||
# legacy filenames
|
||||
# Directory links for compatibility with 3rd-party tools
|
||||
mkdir -p %{buildroot}%{_libdir}/ssl
|
||||
for link in "%{_sysconfdir}/ssl/certs" "%{_libdir}/ssl/certs"; do
|
||||
ln -s %{pkidir}/tls/certs "%{buildroot}$link"
|
||||
done
|
||||
|
||||
# Legacy file names and links for compatibility with 3rd-party tools
|
||||
for link in "%{classic_tls_bundle}" ca-certificates.crt; do
|
||||
ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem "%{buildroot}%{pkidir}/tls/certs/$link"
|
||||
done
|
||||
ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem \
|
||||
%{buildroot}%{pkidir}/tls/cert.pem
|
||||
ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem \
|
||||
%{buildroot}%{pkidir}/tls/certs/%{classic_tls_bundle}
|
||||
ln -s %{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle} \
|
||||
%{buildroot}%{pkidir}/tls/certs/%{openssl_format_trust_bundle}
|
||||
ln -s %{catrustdir}/extracted/%{java_bundle} \
|
||||
%{buildroot}%{pkidir}/%{java_bundle}
|
||||
|
||||
%post
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_default_mozilla_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_default_bundle}
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_disable_mozilla_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_disable_bundle}
|
||||
%{refresh_bundles}
|
||||
|
||||
%post base
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_default_base_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_default_base_bundle}
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_disable_base_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_disable_base_bundle}
|
||||
%{refresh_bundles}
|
||||
|
||||
%post microsoft
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_default_microsoft_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_default_microsoft_bundle}
|
||||
cp -f %{_datadir}/pki/ca-trust-legacy/%{legacy_disable_microsoft_bundle} %{_datadir}/pki/ca-trust-source/%{legacy_disable_microsoft_bundle}
|
||||
%{refresh_bundles}
|
||||
|
||||
%postun
|
||||
|
@ -319,53 +251,26 @@ rm -f %{pkidir}/tls/certs/*.{0,pem}
|
|||
%triggerpostun -n %{name}-legacy -- %{watched_pkgs}
|
||||
%{_bindir}/bundle2pem.sh %{pkidir}/tls/certs/%{classic_tls_bundle}
|
||||
|
||||
%postun microsoft
|
||||
%{refresh_bundles}
|
||||
|
||||
%clean
|
||||
|
||||
|
||||
%files
|
||||
# Mozilla certs bundle file with trust
|
||||
%{_datadir}/pki/ca-trust-source/%{p11_format_mozilla_bundle}
|
||||
%{_datadir}/pki/ca-trust-legacy/%{legacy_default_mozilla_bundle}
|
||||
%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_mozilla_bundle}
|
||||
|
||||
%ghost %{_datadir}/pki/ca-trust-source/%{legacy_default_bundle}
|
||||
%ghost %{_datadir}/pki/ca-trust-source/%{legacy_disable_bundle}
|
||||
# Microsoft certs bundle file with trust
|
||||
%{_datadir}/pki/ca-trust-source/%{p11_format_microsoft_bundle}
|
||||
|
||||
%files base
|
||||
%{_datadir}/pki/ca-trust-source/%{p11_format_base_bundle}
|
||||
%{_datadir}/pki/ca-trust-legacy/%{legacy_default_base_bundle}
|
||||
%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_base_bundle}
|
||||
|
||||
%ghost %{_datadir}/pki/ca-trust-source/%{legacy_default_base_bundle}
|
||||
%ghost %{_datadir}/pki/ca-trust-source/%{legacy_disable_base_bundle}
|
||||
|
||||
%files microsoft
|
||||
%{_datadir}/pki/ca-trust-source/%{p11_format_microsoft_bundle}
|
||||
%{_datadir}/pki/ca-trust-legacy/%{legacy_default_microsoft_bundle}
|
||||
%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_microsoft_bundle}
|
||||
|
||||
%ghost %{_datadir}/pki/ca-trust-source/%{legacy_default_microsoft_bundle}
|
||||
%ghost %{_datadir}/pki/ca-trust-source/%{legacy_disable_microsoft_bundle}
|
||||
|
||||
%files shared
|
||||
%license LICENSE
|
||||
|
||||
%config(noreplace) %{catrustdir}/ca-legacy.conf
|
||||
|
||||
# symlinks for old locations
|
||||
%{pkidir}/tls/cert.pem
|
||||
%{pkidir}/tls/certs/%{classic_tls_bundle}
|
||||
%{pkidir}/tls/certs/%{openssl_format_trust_bundle}
|
||||
%{pkidir}/tls/certs/ca-certificates.crt
|
||||
%{pkidir}/%{java_bundle}
|
||||
|
||||
# symlink directory
|
||||
%{_sysconfdir}/ssl/certs
|
||||
|
||||
# ghost files
|
||||
%ghost %{catrustdir}/source/ca-bundle.legacy.crt
|
||||
%{_libdir}/ssl/certs
|
||||
|
||||
# README files
|
||||
%{_datadir}/pki/ca-trust-source/README
|
||||
|
@ -381,7 +286,6 @@ rm -f %{pkidir}/tls/certs/*.{0,pem}
|
|||
%dir %{_datadir}/pki/ca-trust-source
|
||||
%dir %{_datadir}/pki/ca-trust-source/anchors
|
||||
%dir %{_datadir}/pki/ca-trust-source/blacklist
|
||||
%dir %{_datadir}/pki/ca-trust-legacy
|
||||
%dir %{_sysconfdir}/ssl
|
||||
%dir %{catrustdir}
|
||||
%dir %{catrustdir}/extracted
|
||||
|
@ -406,15 +310,27 @@ rm -f %{pkidir}/tls/certs/*.{0,pem}
|
|||
%files tools
|
||||
# update/extract tool
|
||||
%{_bindir}/update-ca-trust
|
||||
%{_bindir}/ca-legacy
|
||||
|
||||
%{_mandir}/man8/update-ca-trust.8.gz
|
||||
%{_mandir}/man8/ca-legacy.8.gz
|
||||
|
||||
%files legacy
|
||||
%{_bindir}/bundle2pem.sh
|
||||
|
||||
%changelog
|
||||
* Thu Sep 23 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-19
|
||||
- Removing Mozilla certs and making Microsoft's the default ones.
|
||||
- Removed support for legacy certdata.txt fields.
|
||||
- Removed the use of checked-in "nssckbi.h".
|
||||
|
||||
* Mon Sep 13 2021 CBL-Mariner Service Account <cblmargh@microsoft.com> - 20200720-18
|
||||
- Updating Microsoft trusted root CAs.
|
||||
|
||||
* Fri Aug 20 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-17
|
||||
- Adding directory and files links for compatibility reasons.
|
||||
|
||||
* Fri Aug 20 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-16
|
||||
- Removing the 'ca-legacy' script along with the empty files and broken links it generated.
|
||||
|
||||
* Wed Jul 07 2021 CBL-Mariner Service Account <cblmargh@microsoft.com> - 20200720-15
|
||||
- Updating Microsoft trusted root CAs.
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -158,18 +158,6 @@ trust_types = {
|
|||
"CKA_TRUST_STEP_UP_APPROVED": "step-up-approved",
|
||||
}
|
||||
|
||||
legacy_trust_types = {
|
||||
"LEGACY_CKA_TRUST_SERVER_AUTH": "server-auth",
|
||||
"LEGACY_CKA_TRUST_CODE_SIGNING": "code-signing",
|
||||
"LEGACY_CKA_TRUST_EMAIL_PROTECTION": "email-protection",
|
||||
}
|
||||
|
||||
legacy_to_real_trust_types = {
|
||||
"LEGACY_CKA_TRUST_SERVER_AUTH": "CKA_TRUST_SERVER_AUTH",
|
||||
"LEGACY_CKA_TRUST_CODE_SIGNING": "CKA_TRUST_CODE_SIGNING",
|
||||
"LEGACY_CKA_TRUST_EMAIL_PROTECTION": "CKA_TRUST_EMAIL_PROTECTION",
|
||||
}
|
||||
|
||||
openssl_trust = {
|
||||
"CKA_TRUST_SERVER_AUTH": "serverAuth",
|
||||
"CKA_TRUST_CLIENT_AUTH": "clientAuth",
|
||||
|
@ -185,8 +173,6 @@ for tobj in objects:
|
|||
distrustbits = []
|
||||
openssl_trustflags = []
|
||||
openssl_distrustflags = []
|
||||
legacy_trustbits = []
|
||||
legacy_openssl_trustflags = []
|
||||
for t in list(trust_types.keys()):
|
||||
if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||
trustbits.append(t)
|
||||
|
@ -197,15 +183,6 @@ for tobj in objects:
|
|||
if t in openssl_trust:
|
||||
openssl_distrustflags.append(openssl_trust[t])
|
||||
|
||||
for t in list(legacy_trust_types.keys()):
|
||||
if t in tobj and tobj[t] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||
real_t = legacy_to_real_trust_types[t]
|
||||
legacy_trustbits.append(real_t)
|
||||
if real_t in openssl_trust:
|
||||
legacy_openssl_trustflags.append(openssl_trust[real_t])
|
||||
if t in tobj and tobj[t] == 'CKT_NSS_NOT_TRUSTED':
|
||||
raise NotImplementedError('legacy distrust not supported.\n' + line)
|
||||
|
||||
fname = obj_to_filename(tobj)
|
||||
try:
|
||||
obj = certmap[key]
|
||||
|
@ -219,40 +196,6 @@ for tobj in objects:
|
|||
#dumpf.write(str(tobj));
|
||||
#dumpf.close();
|
||||
|
||||
is_legacy = 0
|
||||
if 'LEGACY_CKA_TRUST_SERVER_AUTH' in tobj or 'LEGACY_CKA_TRUST_EMAIL_PROTECTION' in tobj or 'LEGACY_CKA_TRUST_CODE_SIGNING' in tobj:
|
||||
is_legacy = 1
|
||||
if obj == None:
|
||||
raise NotImplementedError('found legacy trust without certificate.\n' + line)
|
||||
|
||||
legacy_fname = "legacy-default/" + fname + ".crt"
|
||||
f = open(legacy_fname, 'w')
|
||||
f.write("# alias=%s\n"%tobj['CKA_LABEL'])
|
||||
f.write("# trust=" + " ".join(legacy_trustbits) + "\n")
|
||||
if legacy_openssl_trustflags:
|
||||
f.write("# openssl-trust=" + " ".join(legacy_openssl_trustflags) + "\n")
|
||||
f.write("-----BEGIN CERTIFICATE-----\n")
|
||||
temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
|
||||
temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)
|
||||
f.write("\n".join(temp_wrapped))
|
||||
f.write("\n-----END CERTIFICATE-----\n")
|
||||
f.close()
|
||||
|
||||
if 'CKA_TRUST_SERVER_AUTH' in tobj or 'CKA_TRUST_EMAIL_PROTECTION' in tobj or 'CKA_TRUST_CODE_SIGNING' in tobj:
|
||||
legacy_fname = "legacy-disable/" + fname + ".crt"
|
||||
f = open(legacy_fname, 'w')
|
||||
f.write("# alias=%s\n"%tobj['CKA_LABEL'])
|
||||
f.write("# trust=" + " ".join(trustbits) + "\n")
|
||||
if openssl_trustflags:
|
||||
f.write("# openssl-trust=" + " ".join(openssl_trustflags) + "\n")
|
||||
f.write("-----BEGIN CERTIFICATE-----\n")
|
||||
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
|
||||
f.write("\n-----END CERTIFICATE-----\n")
|
||||
f.close()
|
||||
|
||||
# don't produce p11-kit output for legacy certificates
|
||||
continue
|
||||
|
||||
pk = ''
|
||||
cert_comment = ''
|
||||
if obj != None:
|
||||
|
|
|
@ -8,70 +8,20 @@ set -x
|
|||
echo Parameters passed: $@
|
||||
|
||||
CERTDIR="$1"
|
||||
NSSCKBI_H="$2"
|
||||
P11_FORMAT_BUNDLE="$3"
|
||||
LEGACY_DEFAULT_BUNDLE="$4"
|
||||
LEGACY_DISABLE_BUNDLE="$5"
|
||||
TRUST_FIXES="$6"
|
||||
P11_FORMAT_BUNDLE="$2"
|
||||
TRUST_FIXES="$3"
|
||||
|
||||
pushd $CERTDIR
|
||||
(
|
||||
cat <<EOF
|
||||
# This is a bundle of X.509 certificates of public Certificate
|
||||
# Authorities. It was generated from a list of root CAs.
|
||||
# This is a bundle of X.509 certificates of Microsoft-trusted Certificate
|
||||
# Authorities. It was generated from a list of root CAs.
|
||||
# These certificates and trust/distrust attributes use the file format accepted
|
||||
# by the p11-kit-trust module.
|
||||
#
|
||||
# Source: nss/lib/ckfw/builtins/certdata.txt
|
||||
# Source: nss/lib/ckfw/builtins/nssckbi.h
|
||||
#
|
||||
# Generated from:
|
||||
EOF
|
||||
cat $NSSCKBI_H |grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}';
|
||||
echo '#';
|
||||
) > $P11_FORMAT_BUNDLE
|
||||
|
||||
touch $LEGACY_DEFAULT_BUNDLE
|
||||
NUM_LEGACY_DEFAULT=`find certs/legacy-default -type f | wc -l`
|
||||
if [ $NUM_LEGACY_DEFAULT -ne 0 ]; then
|
||||
for f in certs/legacy-default/*.crt; do
|
||||
echo "processing $f"
|
||||
tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
|
||||
alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
|
||||
targs=""
|
||||
if [ -n "$tbits" ]; then
|
||||
for t in $tbits; do
|
||||
targs="${targs} -addtrust $t"
|
||||
done
|
||||
fi
|
||||
if [ -n "$targs" ]; then
|
||||
echo "legacy default flags $targs for $f" >> info.trust
|
||||
openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> $LEGACY_DEFAULT_BUNDLE
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
touch $LEGACY_DISABLE_BUNDLE
|
||||
NUM_LEGACY_DISABLE=`find certs/legacy-disable -type f | wc -l`
|
||||
if [ $NUM_LEGACY_DISABLE -ne 0 ]; then
|
||||
for f in certs/legacy-disable/*.crt; do
|
||||
echo "processing $f"
|
||||
tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
|
||||
alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
|
||||
targs=""
|
||||
if [ -n "$tbits" ]; then
|
||||
for t in $tbits; do
|
||||
targs="${targs} -addtrust $t"
|
||||
done
|
||||
fi
|
||||
if [ -n "$targs" ]; then
|
||||
echo "legacy disable flags $targs for $f" >> info.trust
|
||||
openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> $LEGACY_DISABLE_BUNDLE
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
P11FILES=`find certs -name \*.tmp-p11-kit | wc -l`
|
||||
P11FILES=$(find certs -name \*.tmp-p11-kit | wc -l)
|
||||
if [ $P11FILES -ne 0 ]; then
|
||||
for p in certs/*.tmp-p11-kit; do
|
||||
cat "$p" >> $P11_FORMAT_BUNDLE
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
Summary: Prebuilt version of ca-certificates-base package.
|
||||
Name: prebuilt-ca-certificates-base
|
||||
Version: 20200720
|
||||
Release: 15%{?dist}
|
||||
Release: 19%{?dist}
|
||||
License: MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
@ -10,31 +10,26 @@ Group: System Environment/Security
|
|||
URL: https://hg.mozilla.org
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: ca-certificates-base = %{version}-%{release}
|
||||
|
||||
Conflicts: ca-certificates-shared
|
||||
Conflicts: prebuilt-ca-certificates
|
||||
|
||||
%description
|
||||
Prebuilt version of the ca-certificates-base package with no runtime dependencies.
|
||||
|
||||
BuildRequires: ca-certificates-base
|
||||
|
||||
Conflicts: ca-certificates
|
||||
Conflicts: ca-certificates-base
|
||||
Conflicts: ca-certificates-microsoft
|
||||
|
||||
%prep -q
|
||||
|
||||
%build
|
||||
|
||||
%install
|
||||
|
||||
mkdir -p %{buildroot}%{_datadir}/pki/ca-trust-legacy/
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/pki/
|
||||
|
||||
install -p -m 644 %{_datadir}/pki/ca-trust-legacy/* %{buildroot}%{_datadir}/pki/ca-trust-legacy/
|
||||
cp -r %{_sysconfdir}/pki/* %{buildroot}%{_sysconfdir}/pki/
|
||||
|
||||
find %{buildroot} -name README -delete
|
||||
|
||||
rm %{buildroot}%{_sysconfdir}/pki/ca-trust/ca-legacy.conf
|
||||
rm %{buildroot}%{_sysconfdir}/pki/ca-trust/source/ca-bundle.legacy.crt
|
||||
rm %{buildroot}%{_sysconfdir}/pki/tls/*.cnf
|
||||
rm %{buildroot}%{_sysconfdir}/pki/rpm-gpg/*
|
||||
|
||||
|
@ -44,9 +39,23 @@ rm %{buildroot}%{_sysconfdir}/pki/rpm-gpg/*
|
|||
%{_sysconfdir}/pki/tls/certs/*
|
||||
%{_sysconfdir}/pki/ca-trust/extracted/*
|
||||
%{_sysconfdir}/pki/java/cacerts
|
||||
%{_datadir}/pki/ca-trust-legacy/*
|
||||
|
||||
%changelog
|
||||
* Thu Sep 23 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-19
|
||||
- Making 'Release' match with 'ca-certificates'.
|
||||
- Removing legacy components.
|
||||
- Adding a conflict with a new prebuilt set of certs.
|
||||
|
||||
* Mon Sep 13 2021 CBL-Mariner Service Account <cblmargh@microsoft.com> - 20200720-18
|
||||
- Making 'Release' match with 'ca-certificates'.
|
||||
|
||||
* Fri Aug 20 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-17
|
||||
- Making 'Release' match with 'ca-certificates'.
|
||||
|
||||
* Fri Aug 20 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-16
|
||||
- Making 'Release' match with 'ca-certificates'.
|
||||
- No longer have to remove 'ca-bundle.legacy.crt' and 'ca-legacy.conf' - gone from 'ca-certificates'.
|
||||
|
||||
* Wed Jul 07 2021 CBL-Mariner Service Account <cblmargh@microsoft.com> - 20200720-15
|
||||
- Making 'Release' match with 'ca-certificates'.
|
||||
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
# When updating, "Version" AND "Release" tags must be updated in the "ca-certificates" package as well.
|
||||
Summary: Prebuilt version of ca-certificates package.
|
||||
Name: prebuilt-ca-certificates
|
||||
Version: 20200720
|
||||
Release: 19%{?dist}
|
||||
License: MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
Group: System Environment/Security
|
||||
URL: https://hg.mozilla.org
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: ca-certificates = %{version}-%{release}
|
||||
|
||||
Conflicts: ca-certificates-shared
|
||||
Conflicts: prebuilt-ca-certificates-base
|
||||
|
||||
%description
|
||||
Prebuilt version of the ca-certificates package with no runtime dependencies.
|
||||
|
||||
%prep -q
|
||||
|
||||
# We don't want the pre-installed base set of certificates
|
||||
# to get mixed into the bundle provided by 'ca-certificates'.
|
||||
rpm -e ca-certificates-base
|
||||
|
||||
%build
|
||||
|
||||
%install
|
||||
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/pki/
|
||||
|
||||
cp -r %{_sysconfdir}/pki/* %{buildroot}%{_sysconfdir}/pki/
|
||||
|
||||
find %{buildroot} -name README -delete
|
||||
|
||||
rm %{buildroot}%{_sysconfdir}/pki/tls/*.cnf
|
||||
rm %{buildroot}%{_sysconfdir}/pki/rpm-gpg/*
|
||||
|
||||
%files
|
||||
# Certs bundle file with trust
|
||||
%{_sysconfdir}/pki/tls/cert.pem
|
||||
%{_sysconfdir}/pki/tls/certs/*
|
||||
%{_sysconfdir}/pki/ca-trust/extracted/*
|
||||
%{_sysconfdir}/pki/java/cacerts
|
||||
|
||||
%changelog
|
||||
* Thu Sep 23 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 20200720-19
|
||||
- Original version for CBL-Mariner.
|
|
@ -11,7 +11,7 @@
|
|||
This package contains the basic SSL CA certificates available to use on all images. The certificates are split into two sub packages:
|
||||
|
||||
- `ca-certificates-base` - package containing the minimal set of certificates required by the package management tools to authenticate the package repositories.
|
||||
- `ca-certificates` - package containig a collection of Mozilla certificates listed in [Mozzila's certdata.txt file](https://hg.mozilla.org/releases/mozilla-release/file/tip/security/nss/lib/ckfw/builtins/certdata.txt). For exact version information please consult the [`ca-certificates.spec`](../../../SPECS/ca-certificates/ca-certificates.spec). Installing this package will automatically pull in `ca-certificates-base`.
|
||||
- `ca-certificates` - package containing a collection of CAs trusted through the [Microsoft Trusted Root Program](https://docs.microsoft.com/en-us/security/trusted-root/release-notes). For exact version information please consult the [`ca-certificates.spec`](../../../SPECS/ca-certificates/ca-certificates.spec). Installing this package will automatically pull in `ca-certificates-base`.
|
||||
|
||||
In addition to the certificates, the `ca-certificates-tools` package provides tooling for [installation of custom certificates](#custom-configuration-of-the-ca-certificates).
|
||||
|
||||
|
|
|
@ -225,9 +225,9 @@ libffi-devel-3.2.1-12.cm2.aarch64.rpm
|
|||
libtasn1-4.14-3.cm2.aarch64.rpm
|
||||
p11-kit-0.23.22-3.cm2.aarch64.rpm
|
||||
p11-kit-trust-0.23.22-3.cm2.aarch64.rpm
|
||||
ca-certificates-shared-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-tools-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-base-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-shared-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-tools-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-base-20200720-19.cm2.noarch.rpm
|
||||
dwz-0.13-4.cm2.aarch64.rpm
|
||||
unzip-6.0-19.cm2.aarch64.rpm
|
||||
python3-3.7.10-3.cm2.aarch64.rpm
|
||||
|
|
|
@ -225,9 +225,9 @@ libffi-devel-3.2.1-12.cm2.x86_64.rpm
|
|||
libtasn1-4.14-3.cm2.x86_64.rpm
|
||||
p11-kit-0.23.22-3.cm2.x86_64.rpm
|
||||
p11-kit-trust-0.23.22-3.cm2.x86_64.rpm
|
||||
ca-certificates-shared-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-tools-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-base-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-shared-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-tools-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-base-20200720-19.cm2.noarch.rpm
|
||||
dwz-0.13-4.cm2.x86_64.rpm
|
||||
unzip-6.0-19.cm2.x86_64.rpm
|
||||
python3-3.7.10-3.cm2.x86_64.rpm
|
||||
|
|
|
@ -17,12 +17,11 @@ bzip2-1.0.6-16.cm2.aarch64.rpm
|
|||
bzip2-debuginfo-1.0.6-16.cm2.aarch64.rpm
|
||||
bzip2-devel-1.0.6-16.cm2.aarch64.rpm
|
||||
bzip2-libs-1.0.6-16.cm2.aarch64.rpm
|
||||
ca-certificates-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-base-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-legacy-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-microsoft-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-shared-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-tools-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-base-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-legacy-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-shared-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-tools-20200720-19.cm2.noarch.rpm
|
||||
check-0.12.0-5.cm2.aarch64.rpm
|
||||
check-debuginfo-0.12.0-5.cm2.aarch64.rpm
|
||||
cmake-3.17.3-5.cm2.aarch64.rpm
|
||||
|
|
|
@ -17,12 +17,11 @@ bzip2-1.0.6-16.cm2.x86_64.rpm
|
|||
bzip2-debuginfo-1.0.6-16.cm2.x86_64.rpm
|
||||
bzip2-devel-1.0.6-16.cm2.x86_64.rpm
|
||||
bzip2-libs-1.0.6-16.cm2.x86_64.rpm
|
||||
ca-certificates-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-base-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-legacy-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-microsoft-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-shared-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-tools-20200720-15.cm2.noarch.rpm
|
||||
ca-certificates-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-base-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-legacy-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-shared-20200720-19.cm2.noarch.rpm
|
||||
ca-certificates-tools-20200720-19.cm2.noarch.rpm
|
||||
check-0.12.0-5.cm2.x86_64.rpm
|
||||
check-debuginfo-0.12.0-5.cm2.x86_64.rpm
|
||||
cmake-3.17.3-5.cm2.x86_64.rpm
|
||||
|
|
|
@ -44,7 +44,6 @@ remove_packages_for_pkggen_core () {
|
|||
sed -i '/alsa-lib-/d' $TmpPkgGen
|
||||
sed -i '/ca-certificates-[0-9]/d' $TmpPkgGen
|
||||
sed -i '/ca-certificates-legacy/d' $TmpPkgGen
|
||||
sed -i '/ca-certificates-microsoft/d' $TmpPkgGen
|
||||
sed -i '/libtasn1-d/d' $TmpPkgGen
|
||||
sed -i '/libpkgconf-devel/d' $TmpPkgGen
|
||||
sed -i '/lua-static/d' $TmpPkgGen
|
||||
|
|
Loading…
Reference in New Issue