ca-certificates-2+git20170807.10b2785-lp150.5.1 >  A ZӸ/=„N; U^]yE4#HA*1ʀCL Q*돉eɌ)tV 1A0V "^*FeiV(`O:k.iY̳L)7n~iyzɑ`vg{'f(%op7\T`.6LNyBz[AP=3;4=QLa%skχ5|#}¤Chz|2Ĭ2p;Ԝ[tS.j^Yph}iwOdpz6fpi%ǡ9391dd1b744b9dcd959e0992835437f3a5b751aabe30929b4c54ce2901704899dca6a4868661471d95ffff4b626225245cb69b2cjZӸ/=„+DC "N?Tё'Xk"{]Md:Z4D֢ zɎTu=~.ͤ#-vk3qre]'6ƌ<^ɡ"rGK+ H˶Ao+LWßJӅyQ~ Ŵ(r*aR0xfhR {:Bw393qKUͰ3u&LJO`,/_~YhF 5NMa%]\~A w@mPy'9wf>pL:?:d( 2 h $,0CL] w [  p      p    |   <t \ 5( c8 l*9!*:#*=1F>1N?1V@1^B1fF1G1 H2 I2 X2Y2Z3[3 \3 ]3 ^5b6c7Yd7e7f7l7u7 v8\w9 x9 y: z:4:D:H:`:d:h:n:Cca-certificates2+git20170807.10b2785lp150.5.1Utilities for system wide CA certificate installationUpdate-ca-certificates is intended to keep the certificate stores of SSL libraries like OpenSSL or GnuTLS in sync with the system's CA certificate store that is managed by p11-kit.Zlamb52p'openSUSE Leap 15.0openSUSEGPL-2.0-or-laterhttps://bugs.opensuse.orgProductivity/Networking/Securityhttps://github.com/openSUSE/ca-certificateslinuxnoarch# migrate /etc/ssl/certs to a symlink if [ "$1" -ne 0 -a -d /etc/ssl/certs -a ! -L /etc/ssl/certs ]; then # copy custom pem files to new location (bnc#875647) mkdir -p /etc/pki/trust/anchors for cert in /etc/ssl/certs/*.pem; do test -f "$cert" -a ! -L "$cert" || continue read firstline < "$cert" # skip package provided certificates (bnc#875647) if test "${firstline#\# generated by }" != "${firstline}" || rpm -qf "$cert" > /dev/null; then continue fi # create a p11-kit header that set the label of # the certificate to the file name. That ensures # that the certificate gets the same name in # /etc/ssl/certs as before bn="${cert##*/}" ( cat <<-EOF # created by update-ca-certificates from # $cert [p11-kit-object-v1] class: certificate label: "${bn%.pem}" trusted: true EOF cat $cert ) > "/etc/pki/trust/$bn" done mv -T --backup=numbered /etc/ssl/certs /etc/ssl/certs.rpmsave && ln -s /var/lib/ca-certificates/pem /etc/ssl/certs fi test -n "$FIRST_ARG" || FIRST_ARG="$1" # disable migration if initial install under systemd [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$FIRST_ARG" -eq 1 ]; then for service in ca-certificates.path ca-certificates.service ; do sysv_service="${service%.*}" touch "/var/lib/systemd/migrated/$sysv_service" || : done else for service in ca-certificates.path ca-certificates.service ; do # The tag file might have been left by a preceding # update (see 1059627) rm -f "/run/rpm-ca-certificates-update-$service-new-in-upgrade" if [ ! -e "/usr/lib/systemd/system/$service" ]; then touch "/run/rpm-ca-certificates-update-$service-new-in-upgrade" fi done for service in ca-certificates.path ca-certificates.service ; do sysv_service="${service%.*}" if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --save $sysv_service || : done fiif [ -s /etc/ca-certificates.conf ]; then while read line; do [ ${line#\!} != "$line" ] || continue cert="${line#\!*/}" ln -s /usr/share/ca-certificates/anchors/"$cert" /etc/pki/trust/blacklist done < /etc/ca-certificates.conf echo "/etc/ca-certificates.conf converted and saved as /etc/ca-certificates.conf.rpmsave" mv /etc/ca-certificates.conf /etc/ca-certificates.conf.rpmsave fi # force rebuilding all certificate stores. # This also makes sure we update the hash links in /etc/ssl/certs # as openssl changed the hash format between 0.9.8 and 1.0 update-ca-certificates -f || true test -n "$FIRST_ARG" || FIRST_ARG="$1" [ -d /var/lib/systemd/migrated ] || mkdir -p /var/lib/systemd/migrated || : if [ "$YAST_IS_RUNNING" != "instsys" -a -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi if [ "$FIRST_ARG" -eq 1 ]; then if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl preset ca-certificates.path ca-certificates.service || : fi elif [ "$FIRST_ARG" -gt 1 ]; then for service in ca-certificates.path ca-certificates.service ; do if [ ! -e "/run/rpm-ca-certificates-update-$service-new-in-upgrade" ]; then continue fi rm -f "/run/rpm-ca-certificates-update-$service-new-in-upgrade" if [ ! -x /usr/bin/systemctl ]; then continue fi /usr/bin/systemctl preset "$service" || : done for service in ca-certificates.path ca-certificates.service ; do sysv_service=${service%.*} if [ -e /var/lib/systemd/migrated/$sysv_service ]; then continue fi if [ ! -x /usr/sbin/systemd-sysv-convert ]; then continue fi /usr/sbin/systemd-sysv-convert --apply $sysv_service || : touch /var/lib/systemd/migrated/$sysv_service || : done fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -eq 0 -a -x /usr/bin/systemctl ]; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable ca-certificates.path ca-certificates.service || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_STOP_ON_REMOVAL" && . /etc/sysconfig/services test "$DISABLE_STOP_ON_REMOVAL" = yes -o \ "$DISABLE_STOP_ON_REMOVAL" = 1 && exit 0 /usr/bin/systemctl stop ca-certificates.path ca-certificates.service ) || : fiif [ "$1" -eq 0 ]; then rm -rf /var/lib/ca-certificates/pem /var/lib/ca-certificates/openssl fi test -n "$FIRST_ARG" || FIRST_ARG="$1" if [ "$FIRST_ARG" -ge 1 ]; then # Package upgrade, not uninstall if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : ( test "$YAST_IS_RUNNING" = instsys && exit 0 test -f /etc/sysconfig/services -a \ -z "$DISABLE_RESTART_ON_UPDATE" && . /etc/sysconfig/services test "$DISABLE_RESTART_ON_UPDATE" = yes -o \ "$DISABLE_RESTART_ON_UPDATE" = 1 && exit 0 /usr/bin/systemctl try-restart ca-certificates.path ca-certificates.service ) || : fi else # package uninstall for service in ca-certificates.path ca-certificates.service ; do sysv_service="${service%.*}" rm -f "/var/lib/systemd/migrated/$sysv_service" || : done if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi fi&: o FWAAAAAAAA큤A큤A큤AAAAA큤AmAmZZZZZZZZZZZZZZZZZZZYqZYqZZZZZZZZZZ0a0c24619c3f72d9ac29d44afe5d0e55ecfefe9889a40e7f514217d9e264e1bc5b92525fd5dc2243779c2dbc0dc01687febd7f2e017f9e0d2b1002f4601c429fe38f0b5f13389567bb1f4ce6f1e7e6c4dd7e5e62d10c8beff3eef62e1aece4f02b4a3b6f1b75ea475d37786ed379eb7eef16ee713acb886a3e9aa967b342d42ea4293f78ecc95cfc417162b128075f616aedfdc5c636a55175a7b56f9dad94754b8b5e30c2ee4849bc13851a5ee51969e610c5a4482a18849374ea3d3f3fa0c3d3011c5e4c60a7ffa04ae7eed4c70f140b78d4367fc739e23a8bea99befbc302047b7ef52993598ee33fe11ab1999f928a1ba09eb3851e5fa7ad12209eb9782cdcc100d4161cc0b7177545ab6e47216f84857cda3843847c792a25289852dcaa56c8cacbe300a7a2ddd70a1e3a22d4a7dca839616811452852f0b89e4ff04b48/var/lib/ca-certificates/ca-bundle.pem/var/lib/ca-certificates/pemservice@@rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootca-certificates-2+git20170807.10b2785-lp150.5.1.src.rpmca-certificatesjava-ca-certificates@ @     /bin/bash/bin/sh/bin/sh/bin/sh/bin/sh/usr/bin/perlcoreutilsopensslopensslp11-kitp11-kit-toolsp11-kit-toolsrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)0.23.13.0.4-14.6.0-14.0-15.2-14.14.1ZZ2gZ*~Z@YV@YGVC-U@UQT^S@SuS@SǺSS @SkqSB@S>R@R^RRQQ)@Q4Q4QONS@M6@L@KuKKKK@K@K@KKKkukuk@suse.dekukuk@suse.dekukuk@suse.comkukuk@suse.delnussel@suse.dekukuk@suse.delnussel@suse.delnussel@suse.delnussel@suse.deLed lnussel@suse.delnussel@suse.delnussel@suse.demeissner@suse.comlnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.dehrvoje.senjan@gmail.comlnussel@suse.delnussel@suse.delnussel@suse.decoolo@suse.comlnussel@suse.delnussel@suse.demvyskocil@suse.czlnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.delnussel@suse.de- Use %license instead of %doc [bsc#1082318]- Revert last change since we fixed systemd-preset-branding and this requires is no longer needed.- Re-add systemd requires, else package will be installed to early and services never enabled [bsc#1071776].- Don't require systemd, since we could be used in environments like container images, where we don't have systemd. If systemd is installed the systemd units will be used, else they are not needed.- Update to version 2+git20170807.10b2785: * Check TRANSACTIONAL_UPDATE is set (boo#1045942) * Add systemd units- Run update-ca-certificate by systemd unit when the content of one of the paths changes. Needed for read-only root and/or transactional updates.- Update to version 2+git20151110.c15593c: + set proper umask (boo#948724)- require p11-kit-tools >= 0.23.1- Update to version 2+git20150324.e3ee392: + p11-kit 0.23.1 supports pem-directory-hash now - use service file to generate tarball- fix bashism in postun script- use rpm -qf to determine if a ssl cert is owned by some other package and therefore doesn't need to be migrated (related to bnc#890205).- add p11 kit header to set label of migrated certificates to the file name of the previous one (bnc#890205)- removed the version in the Obsoletes. The package in SLE11 got version updated (bnc#887099).- clarify the start order of the generators, as certbundle.run semi-depends on etc_ssl.run via a timestamp. (bnc#883386)- fix directory permissions for real this time (bnc#871639)- don't keep certificates with marker (bnc#875647)- copy custom pem files in /etc/ssl/certs to /etc/pki/anchors on update (bnc#875647)- Fix typo in man page- package correct permissions of generated directories (bnc#871639)- etc_ssl.run: fix typo - turn /etc/ssl/certs into a symlink to /var/lib/ca-certificates/pem- fix typo in README (bnc#845500) - remove old extractcerts.pl- re-enable the CA bundle again for glib-networking (bnc#825903)- make sure we have p11-kit >= 0.19.3 which has the 'trust' command (bnc#836560)- don't remove symlinks to other locations in /etc/ssl/certs - use the trust binary instead of p11-kit to extract trust- disable generating ca-bundle for now again so people don't submit new packages that use this file.- Explicitly require p11-kit, otherwise trusted certificates won't be generated- update manpage- use p11-kit to generate the files- give hint about SSL_CTX_set_default_verify_paths in cert bundle- require coreutils for %post script- fix spurious rpm warning if no java exists (bnc#634793) - move java.run to java-ca-certificates- catch FileNotFoundException (bnc#623365)* Use the gcc-java and fastjar for build to avoid dependency problems * build keystore.class only to allow noarch package- create java bundles- also use hooks from /usr/lib/ca-certificates/update.d - replace bundle file with symlink to file in /var as it's auto generated- force rebuilding all certificate stores in %post This also makes sure we update the hash links in /etc/ssl/certs as openssl changed the hash format between 0.9.8 and 1.0- actually install certbundle.run (bnc#594501)- it's ca-bundle.pem rather than cert.pem- obsolete openssl-certs (bnc#594434) - update manpage (bnc#594501)- include /etc/ca-certificates.conf as %ghost- generate ca-bundle with hook script - don't use trusted certificates in ca-bundle file for compatibility with gnutls- new package/bin/sh/bin/sh/bin/sh/bin/shjava-ca-certificatesopenssl-certslamb52 1522456269  2+git20170807.10b2785-lp150.5.12+git20170807.10b2785-lp150.5.11 ca-certificatesupdate.dpkitrustanchorsblacklistca-bundle.pemcertsca-certificatesupdate.d50java.run70openssl.run80etc_ssl.run99certbundle.runca-certificates.pathca-certificates.servicercca-certificatesupdate-ca-certificatesca-certificatesREADMEca-certificatesCOPYINGupdate-ca-certificates.8.gzpkitrustanchorsblacklistca-certificatesca-bundle.pemjava-cacertsopensslpem/etc//etc/ca-certificates//etc/pki//etc/pki/trust//etc/ssl//usr/lib//usr/lib/ca-certificates//usr/lib/ca-certificates/update.d//usr/lib/systemd/system//usr/sbin//usr/share/doc/packages//usr/share/doc/packages/ca-certificates//usr/share/licenses//usr/share/licenses/ca-certificates//usr/share/man/man8//usr/share//usr/share/pki//usr/share/pki/trust//var/lib//var/lib/ca-certificates/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.0/standard/749d213faee1e86d079e1fce3dc4139d-ca-certificatescpioxz5noarch-suse-linuxdirectoryBourne-Again shell script, ASCII text executablePerl script text executableASCII texttroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)emptyRRRRRe_myr\=Hl:ca-certificates-mozillautf-80af60077a2295e7940f4bb3a1230543ddc8972d9ac434c36a3588251e4855d2b?@7zXZ !t/*] crt:bLL ~F@zKA{2)M(䱦sж%yqܹp(\v% v[1ڽ"%qKzJm2 f@4U۫*f-*9/zWUQjz2s*_je!F@ O޾r-HjKK= S78γ fsc$nkNa<4+ 0qjfM:`/3A(0~=vՆ? /5d<1t5=[6JC5TNj|N SyCX G鑾cYGZSH{xqGwe@bFg6ڡX=b|pE(^'CBQ{a6ʜTZ:c@yQkLO25Jk=;ds1  )潴/Мm(U欠W}ism$o9_*G[! ),):^ݛ\ܜf-᙮|Bt\Sgy9a ҳ =ƶ/2=0juZf`ց/.xBW`ٝD9*S:QraK(§8z eÇy:dJ 4֏յ1ҍn<=Zæ:8AѯՈ- cE:a}yJ*[DB"KF` ]&cF|.O,Y:falݦP²jL~H2O@A&PyO&Udk\U"tmLaU 2Ј^8TC 2IX/#DNmeTL4AҨXPVʐ-\'¬[~g%?zq D&I9-(>k+e6PazvK ^>]!8Pk [ PɑǀZ8Zྡ-6w,I~!p ĘF͠$ta 7#se`\ɀ\'P1R * d]:20ٚ(\n<9ЁmY@/QQI4(I:N S\G{lVgR?א%tBK`,N#DA"feH$QuO*)]/ID±?%؋@n\LS-BW/\Kӝ|7ҝ\hu}_@Dbj 򍦲hOd  n;4B18@UYJhW-Z["zӋw:3 UGW?rbn5 &CLaE>/@/׆y4;U3+a֡Y,W Q(W)SDzvÑ'ip`k4dr.b 3_@329BsT馿qa^mSvx;%y kA$O9m幽~8~ٱx[' s;05cOM D]Kt ʦʆ)T6E:n=,:ιX6q)!c : lպ/XNmI*64L\^0Ll$6݉l҃ [;Qf'=çyaQT.C;ׁ֨ACpe >Nj:["UNʚz4Yl,RF,Ĥ=򋷐_85ᕬk_c@֪3A=`=䂖C&@J(ͬ)j)a܎G32ѧ3VMI8Y$cy3rkuO */4Vи@};RЕ ϙW|ƻ^^_8,q5jC~eē-;ǀΝ9>Uvg`k:B݅^j \#p(h37 3)%aWj+^;mB70!(N]O%:89U++B"љ~69‚z \'}  faD \ÿU5)FQ.f9k#D7J PYgZ 'Lmr#úe}jmO_4M}T[*|87dŜn-,ު]D|۔ soFCLC!I|aĚ{ѵ3=d DuZ.jAbbnܢ@cC/Ѩ6Αѳf!3x+ 놟y()oO w_FދÂCry.{62ȈJQᵓ;nr J $ p1X5lhkc9'ߏKZ!<5P.H2?%(ނȆHeqJ W5a& 0[?tXcna03+2Z cn +l ~:Mğ/R*\O],2b.oɍK,wuJb ~,<ukW ak /TyҪT_î#6M $>BQg?|,^?ZRjM:{(ND;xb_Wś?u.Ƹ]`l8#֏Ka!MHPؕG0"RVJ),B(Em %zp/Ǣdh3P7`VX;;jM; 6B5r!G~`EtwOŶQ{ MjbgăW͛8<(nPNw[7O:,oc*q?dSǪx6ZqtbNaYF ؋IueV%`g Rk3: nGIyE·mRT51/_Htm# W@lq*,&X>_63T}*F{FYؗv d.CN~5L]z]"B&ʬuFb簳7N nm=Ӛ>k0zEIx|92Ԛ}[<=~S3~+ Y%?mLowbRhѩtNCiNBeZ^Fd!v7w~EGu2VI؂y;}eQpۤVdq#ԸIAꔤLP='tϟvHLp1l/d|OP7xo:y Ѩnmohrjt HAՅq!DI,V@Sk~R>%]~-^|>rIc%=%zc{%ȸGD8uK (& X|ϡܬSҪs,hik83/2~&b9unyH,9DfTH;:豛pWadK{VVA&GD2#Hi euՏ 1J "؉C+ݰHK^b:sMgsž" r bg c :֯\7 b`‚w[In?ӂK)0;9J]Zæg{bh2jmlê`6JԧɧdRaN##Lţ3i)tc$dܭv4b槚q}g{2gت.ՆlLJC iԁa1bRatO%%}?}Ai ΀ vRn G|Fw!E*gA1I-7~.etm*@)fk! (2g&ɬfY':`˼KWO-+YEg @2W(n/ͼ(t0˄QU9I9S" ۻ'[ 󍷁{Q]ph55[D ($X 4g@(vt2H-/CزCG ,?0[Pl,g4Msӯ͂ױdCW7n(v4~ӱ{cQqfqPW#.4qA_i{4GTvT`RՇPs=CX$VRF=Wj 0^XePFl.__u¤IBF.]OEb ֎5;G:0z /`ԧ.}x%xWU[g zAYuR0 g8ƎF $EU}Epy /sBTV>( Pw㸦whq/&VN*λm R^(캦* >5 9xŒ9a96H$mטbYnR&:Z#@cGFJ)5Oy|dX)s"A+А47R^rNԛ84Ͱaw[J7T ~d}`γrDjfkސNT^L3 *n7v q5I> xmI{Z\~Ԥa86v?W!ZMףrSB'>-Yc<amR#3T>y#|{#+ υCUqhʽ^iז6Oiy^Np r)80չ /j hNU)vl@RSNj<*^U94o`HgT)';e (Xg iQH&v)Y9 G;1mm4g]9ZR GEHg*F,E`U^F&?^ۏZ,-0&nss.r6$޹(Nr$*L(G6#{X?7\OP9!͡D:>2v8mRD@rP~#jV΃>kbwo;5fҪ-+p[Id:H1SPCqhܽ[pӄ)Ҩ^  (#Q-(yEZhè/Cd &çF\i:I8 6́AA>5 =sVnl :o:/ ʊi0_zu\~9lM W!>Ek--0?/ӧ t|_ m, `ĉvߖ7 fBZзft[uuĞ]0|A]Se2vqHvcb[ -# ?b>>vβ`Q7P,EoX_IG._ +|AX3HbeR}F[ N4["vߧ0':r5nH5.hWuMXޮnV@BWE&k,Ē`2I9dҪ؍0g CJ w~G}s|s<x1FbUhUy|Y#556Ws|3~ | Ԩľ$szt$q {Y1B, F 5Rv;/P5=I`O#EqL|O>8/|n;Fהu4 YfILTK ZM+˖~ c5υS'P(^~'YI=mndT:J=-|tiv@Fۻ`e>ibn">ogEc_• C@q nuĺ'GC\?*?ȫN )V'Șݬz~53˚AkCl`J$-ܼ*87z/B܌$T,YNMx:cecb^* VU1XP?~ QP \O ] Hf8td QЬE!SYeO ײt@MDk|:R_vKE) Ϋ]S ~*VQk}l&uV?Rg3ovÊus>( .5dsI N_=_̟Y-@V<hZpZ#%||%7{V:k HcqPM Ԡ(v]]v񇂼uFa0R\_}uu rR"{ccD`jVaxAM3̗zҠc6fecƏ|JBW4rkhf1l:2Ha)C#}Ȅqgx#/oQ"POsZwt'C #tnzL?=;Jxl "i+wL5\6Z QU.f1>GLoicNEs b A| dXםԻfSbΝ~'Qk~ʺ&RÃ{dyqֵNWxo߸d6'0j%+CO_ _|]YB%8^Jf6q[l˖ [v>  "8081xUX{ь3f[*+p=iUceFimCŝߥr I830}w-b%"HHe" gT+=-[bn>JI)~Nu/+i)Dڼg!NU|6 YZ