Ignore:
Timestamp:
01/02/2019 05:30:48 AM (5 years ago)
Author:
DJ Lucas <dj@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, bdubbs/svn, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
e130fead
Parents:
64be6a1
Message:

Update to make-ca-1.2 and adjust p11-kit configuration for new copy-trust-modifications script.
Correct weekly cron job commands for update-pciids.sh and update-usbids.sh, as well as add update-pki.sh.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20905 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:
1 edited

Legend:

Unmodified
Added
Removed

  • postlfs/security/p11-kit.xml

    r64be6a1 r02e3bbc8  
    9898<screen><userinput>sed '20,$ d' -i trust/trust-extract-compat.in &amp;&amp;
    9999cat &gt;&gt; trust/trust-extract-compat.in &lt;&lt; "EOF"
    100 <literal># LFS uses make-ca to manage certificates
    101 if [ -f /etc/make-ca.conf ]; then
    102     . /etc/make-ca.conf
    103 else
    104     #Use defaults if make-ca.conf does not exist
    105     ANCHORDIR="/etc/pki/anchors"
    106     ANCHORLIST="/etc/pki/anchors.txt"
    107     LOCALDIR="/etc/ssl/local"
    108     CERTLIST=""
    109 fi
    110 
    111 # Create a list of certificates not present at previous run
    112 for ca in `/bin/ls -1 --color=none "${ANCHORDIR}"` ; do
    113     /bin/grep "${ca}" "${ANCHORLIST}" 2>&amp;1>/dev/null || CERTLIST="${CERTLIST} ${ca}"
    114 done
    115 
    116 # Dump to a temporary directory
    117 TEMPDIR=`mktemp -d`
    118 /usr/bin/trust extract --filter=certificates --format=openssl-directory --overwrite \
    119     "${TEMPDIR}"
    120 
    121 # Copy new certificates to LOCALDIR
    122 for certificate in `echo "${CERTLIST}"` ; do
    123     LABEL=`/bin/grep -m 1 "label:" "${ANCHORDIR}/${certificate}"`
    124     LABELNEW=`echo "${LABEL}" | /bin/sed -e 's@^label: @@' -e 's@"@@g' -e 's@ @_@g'`
    125     cp -v "${TEMPDIR}/${LABELNEW}.pem" "${LOCALDIR}"
    126     unset LABEL LABELNEW
    127 done
    128 
    129 # Clean up
    130 rm -rf "${TEMPDIR}"
    131 unset ANCHORDIR ANCHORLIST LOCALDIR CERTLIST TEMPDIR
     100<literal># Copy existing anchor modifications to /etc/ssl/local
     101/usr/libexec/make-ca/copy-trust-modifications
    132102
    133103# Generate a new trust store
    134 /usr/sbin/make-ca -f</literal>
     104/usr/sbin/make-ca -f -g</literal>
    135105EOF</userinput></screen>
    136106
Note: See TracChangeset for help on using the changeset viewer.