Blame SOURCES/0062-sysprep-ca-certificates-request-system-CA-store-upda.patch

d60042
From d78ec54de6b5ba915445d668ebf292bc9ff38a9a Mon Sep 17 00:00:00 2001
d60042
From: Pino Toscano <ptoscano@redhat.com>
d60042
Date: Mon, 4 May 2020 12:15:43 +0200
d60042
Subject: [PATCH] sysprep: ca-certificates: request system CA store update
d60042
d60042
In case any certificate is removed from the guest, regenerate the system
d60042
CA store.
d60042
d60042
(cherry picked from commit b9065fa7adc93123c53f4827e11dad6b210b7d4b)
d60042
---
d60042
 sysprep/sysprep_operation_ca_certificates.ml | 8 +++++++-
d60042
 1 file changed, 7 insertions(+), 1 deletion(-)
d60042
d60042
diff --git a/sysprep/sysprep_operation_ca_certificates.ml b/sysprep/sysprep_operation_ca_certificates.ml
d60042
index e481cebf8..a2b7986c1 100644
d60042
--- a/sysprep/sysprep_operation_ca_certificates.ml
d60042
+++ b/sysprep/sysprep_operation_ca_certificates.ml
d60042
@@ -39,7 +39,11 @@ let ca_certificates_perform (g : Guestfs.guestfs) root side_effects =
d60042
     let set = StringSet.diff set excepts in
d60042
     StringSet.iter (
d60042
       fun filename ->
d60042
-        try g#rm filename with G.Error _ -> ()
d60042
+        try
d60042
+          g#rm filename;
d60042
+          side_effects#update_system_ca_store ()
d60042
+        with
d60042
+          G.Error _ -> ()
d60042
     ) set
d60042
   )
d60042
 
d60042
@@ -48,6 +52,8 @@ let op = {
d60042
     name = "ca-certificates";
d60042
     enabled_by_default = false;
d60042
     heading = s_"Remove CA certificates in the guest";
d60042
+    pod_description = Some (s_"\
d60042
+In case any certificate is removed, the system CA store is updated.");
d60042
     perform_on_filesystems = Some ca_certificates_perform;
d60042
 }
d60042
 
d60042
-- 
b155d0
2.26.2
d60042