Changeset 254e3bf
- Timestamp:
- 04/13/2019 08:06:50 PM (5 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 9.0, 9.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- f759a25
- Parents:
- 35c18794
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
general.ent
r35c18794 r254e3bf 1 1 <!-- $LastChangedBy$ $Date$ --> 2 2 3 <!ENTITY day "1 1"> <!-- Always 2 digits -->3 <!ENTITY day "13"> <!-- Always 2 digits --> 4 4 <!ENTITY month "04"> <!-- Always 2 digits --> 5 5 <!ENTITY year "2019"> … … 7 7 <!ENTITY copyholder "The BLFS Development Team"> 8 8 <!ENTITY version "&year;-&month;-&day;"> 9 <!ENTITY releasedate "April 1 1th, &year;">9 <!ENTITY releasedate "April 13th, &year;"> 10 10 <!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP --> 11 11 <!ENTITY blfs-version "svn"> <!-- svn|[release #] --> -
introduction/welcome/changelog.xml
r35c18794 r254e3bf 42 42 </listitem> 43 43 --> 44 <listitem> 45 <para>April 13th, 2019</para> 46 <itemizedlist> 47 <listitem> 48 <para>[dj] - Update to make-ca-1.4.</para> 49 </listitem> 50 </itemizedlist> 51 </listitem> 52 44 53 <listitem> 45 54 <para>April 11th, 2019</para> -
packages.ent
r35c18794 r254e3bf 25 25 <!ENTITY linux-pam-docs-version "1.2.0"> 26 26 <!ENTITY libpwquality-version "1.4.0"> 27 <!ENTITY make-ca-version "1. 2">27 <!ENTITY make-ca-version "1.4"> 28 28 <!ENTITY mitkrb-major-version "1.17"> 29 29 <!ENTITY mitkrb-version "1.17"> -
postlfs/security/make-ca.xml
r35c18794 r254e3bf 12 12 <!ENTITY make-ca-download "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz"> 13 13 <!ENTITY make-ca-size "28 KB"> 14 <!ENTITY make-ca-md5sum " 5b68cf77b02d5681f8419b8acfd139c0">14 <!ENTITY make-ca-md5sum "995896ca8b4ee1f92a4a8fa46585d59d"> 15 15 ]> 16 16 … … 104 104 <filename>/etc/ssl/local</filename> will be imported to both the trust 105 105 anchors and the generated certificate stores (overriding Mozilla's 106 trust).</para> 106 trust). Additionally, any modified trust values will be copied from the 107 trust anchors to <filename>/etc/ssl/local</filename> prior to any updates, 108 preserving custom trust values that differ from Mozilla when using the 109 <command>trust</command> utility from <application>p11-kit</application> 110 to operate on the trust store.</para> 107 111 108 112 <para>To install the various certificate stores, first install the … … 110 114 As the <systemitem class="username">root</systemitem> user:</para> 111 115 112 <screen role="root"><userinput>make install</userinput></screen> 116 <screen role="root"><userinput>make install && 117 install -vdm755 /etc/ssl/local</userinput></screen> 113 118 114 119 <para>As the <systemitem class="username">root</systemitem> user, after … … 136 141 /etc/ssl/ca-bundle.crt</userinput></screen> 137 142 138 <para>You should periodically update the store with the above command 143 <para>You should periodically update the store with the above command, 139 144 either manually, or via a <phrase revision="sysv">cron job.</phrase> 140 145 <phrase revision="systemd">systemd timer. A timer is installed at … … 215 220 <xref linkend="wget"/> is installed):</para> 216 221 217 <screen role="nodump"><userinput>install -vdm755 /etc/ssl/local && 218 wget http://www.cacert.org/certs/root.crt && 222 <screen role="nodump"><userinput>wget http://www.cacert.org/certs/root.crt && 219 223 wget http://www.cacert.org/certs/class3.crt && 220 224 openssl x509 -in root.crt -text -fingerprint -setalias "CAcert Class 1 root" \ … … 223 227 openssl x509 -in class3.crt -text -fingerprint -setalias "CAcert Class 3 root" \ 224 228 -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \ 225 > /etc/ssl/local/CAcert_Class_3_root.pem</userinput></screen> 229 > /etc/ssl/local/CAcert_Class_3_root.pem && 230 /usr/sbin/make-ca -r -f</userinput></screen> 226 231 227 232 <bridgehead renderas="sect3">Overriding Mozilla Trust</bridgehead> … … 235 240 file, run the following commands:</para> 236 241 237 <screen role="nodump"><userinput>install -vdm755 /etc/ssl/local && 238 openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \ 242 <screen role="nodump"><userinput>openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \ 239 243 -text \ 240 244 -fingerprint -
postlfs/security/p11-kit.xml
r35c18794 r254e3bf 229 229 is a command line tool to both extract local certificates from an 230 230 upadated anchor store, and regenerate all anchors and certificate 231 stores on the system. 231 stores on the system. This is done unconditionally on BLFS using 232 the <parameter>--force</parameter> and <parameter>--get</parameter> 233 flags to <command>make-ca</command> and should likely not be used 234 for automated updates. 232 235 </para> 233 236 <indexterm zone="p11-kit update-ca-certificates"> 234 <primary sortas="b- trust">update-ca-certificates</primary>237 <primary sortas="b-update-ca-certificates">update-ca-certificates</primary> 235 238 </indexterm> 236 239 </listitem>
Note:
See TracChangeset
for help on using the changeset viewer.