Changeset 254e3bf


Ignore:
Timestamp:
04/13/2019 08:06:50 PM (3 years ago)
Author:
DJ Lucas <dj@…>
Branches:
10.0, 10.1, 11.0, 9.0, 9.1, ken/refactor-virt, lazarus, qt5new, trunk, upgradedb, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
f759a25
Parents:
35c18794
Message:

Update to make-ca-1.4.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@21457 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
5 edited

Legend:

Unmodified
Added
Removed
  • general.ent

    r35c18794 r254e3bf  
    11<!-- $LastChangedBy$ $Date$ -->
    22
    3 <!ENTITY day          "11">                   <!-- Always 2 digits -->
     3<!ENTITY day          "13">                   <!-- Always 2 digits -->
    44<!ENTITY month        "04">                   <!-- Always 2 digits -->
    55<!ENTITY year         "2019">
     
    77<!ENTITY copyholder   "The BLFS Development Team">
    88<!ENTITY version      "&year;-&month;-&day;">
    9 <!ENTITY releasedate  "April 11th, &year;">
     9<!ENTITY releasedate  "April 13th, &year;">
    1010<!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
    1111<!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
  • introduction/welcome/changelog.xml

    r35c18794 r254e3bf  
    4242    </listitem>
    4343-->
     44    <listitem>
     45      <para>April 13th, 2019</para>
     46      <itemizedlist>
     47        <listitem>
     48          <para>[dj] - Update to make-ca-1.4.</para>
     49        </listitem>
     50      </itemizedlist>
     51    </listitem>
     52
    4453    <listitem>
    4554      <para>April 11th, 2019</para>
  • packages.ent

    r35c18794 r254e3bf  
    2525<!ENTITY linux-pam-docs-version       "1.2.0">
    2626<!ENTITY libpwquality-version         "1.4.0">
    27 <!ENTITY make-ca-version              "1.2">
     27<!ENTITY make-ca-version              "1.4">
    2828<!ENTITY mitkrb-major-version         "1.17">
    2929<!ENTITY mitkrb-version               "1.17">
  • postlfs/security/make-ca.xml

    r35c18794 r254e3bf  
    1212  <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz">
    1313  <!ENTITY make-ca-size          "28 KB">
    14   <!ENTITY make-ca-md5sum        "5b68cf77b02d5681f8419b8acfd139c0">
     14  <!ENTITY make-ca-md5sum        "995896ca8b4ee1f92a4a8fa46585d59d">
    1515]>
    1616
     
    104104    <filename>/etc/ssl/local</filename> will be imported to both the trust
    105105    anchors and the generated certificate stores (overriding Mozilla's
    106     trust).</para>
     106    trust). Additionally, any modified trust values will be copied from the
     107    trust anchors to <filename>/etc/ssl/local</filename> prior to any updates,
     108    preserving custom trust values that differ from Mozilla when using the
     109    <command>trust</command> utility from <application>p11-kit</application>
     110    to operate on the trust store.</para>
    107111
    108112    <para>To install the various certificate stores, first install the
     
    110114    As the <systemitem class="username">root</systemitem> user:</para>
    111115
    112 <screen role="root"><userinput>make install</userinput></screen>
     116<screen role="root"><userinput>make install &amp;&amp;
     117install -vdm755 /etc/ssl/local</userinput></screen>
    113118
    114119   <para>As the <systemitem class="username">root</systemitem> user, after
     
    136141        /etc/ssl/ca-bundle.crt</userinput></screen>
    137142
    138     <para>You should periodically update the store with the above command
     143    <para>You should periodically update the store with the above command,
    139144    either manually, or via a <phrase revision="sysv">cron job.</phrase>
    140145    <phrase revision="systemd">systemd timer. A timer is installed at
     
    215220    <xref linkend="wget"/> is installed):</para>
    216221
    217 <screen role="nodump"><userinput>install -vdm755 /etc/ssl/local &amp;&amp;
    218 wget http://www.cacert.org/certs/root.crt &amp;&amp;
     222<screen role="nodump"><userinput>wget http://www.cacert.org/certs/root.crt &amp;&amp;
    219223wget http://www.cacert.org/certs/class3.crt &amp;&amp;
    220224openssl x509 -in root.crt -text -fingerprint -setalias "CAcert Class 1 root" \
     
    223227openssl x509 -in class3.crt -text -fingerprint -setalias "CAcert Class 3 root" \
    224228        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \
    225         > /etc/ssl/local/CAcert_Class_3_root.pem</userinput></screen>
     229        > /etc/ssl/local/CAcert_Class_3_root.pem &amp;&amp;
     230/usr/sbin/make-ca -r -f</userinput></screen>
    226231
    227232    <bridgehead renderas="sect3">Overriding Mozilla Trust</bridgehead>
     
    235240    file, run the following commands:</para>
    236241
    237 <screen role="nodump"><userinput>install -vdm755 /etc/ssl/local &amp;&amp;
    238 openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \
     242<screen role="nodump"><userinput>openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \
    239243             -text \
    240244             -fingerprint
  • postlfs/security/p11-kit.xml

    r35c18794 r254e3bf  
    229229            is a command line tool to both extract local certificates from an
    230230            upadated anchor store, and regenerate all anchors and certificate
    231             stores on the system.
     231            stores on the system. This is done unconditionally on BLFS using
     232            the <parameter>--force</parameter> and <parameter>--get</parameter>
     233            flags to <command>make-ca</command> and should likely not be used
     234            for automated updates.
    232235          </para>
    233236          <indexterm zone="p11-kit update-ca-certificates">
    234             <primary sortas="b-trust">update-ca-certificates</primary>
     237            <primary sortas="b-update-ca-certificates">update-ca-certificates</primary>
    235238          </indexterm>
    236239        </listitem>
Note: See TracChangeset for help on using the changeset viewer.