Changeset 462878e4


Ignore:
Timestamp:
04/09/2009 06:01:57 AM (13 years ago)
Author:
DJ Lucas <dj@…>
Branches:
10.0, 10.1, 11.0, 11.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, krejzi/svn, lazarus, nosym, perl-modules, qt5new, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/test-20220226
Children:
2f5c01ff
Parents:
fe9bce8
Message:

Moved root certificates handling to OpenSSL page.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7816 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
1 deleted
4 edited

Legend:

Unmodified
Added
Removed
  • general.ent

    rfe9bce8 r462878e4  
    44-->
    55
    6 <!ENTITY day          "26">                   <!-- Always 2 digits -->
    7 <!ENTITY month        "03">                   <!-- Always 2 digits -->
     6<!ENTITY day          "09">                   <!-- Always 2 digits -->
     7<!ENTITY month        "04">                   <!-- Always 2 digits -->
    88<!ENTITY year         "2009">
    99<!ENTITY copyrightdate "2001-&year;">
    1010<!ENTITY copyholder   "The BLFS Development Team">
    1111<!ENTITY version      "svn-&year;&month;&day;">
    12 <!ENTITY releasedate  "March &day;th, &year;">
     12<!ENTITY releasedate  "April &day;th, &year;">
    1313<!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
    1414<!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
     
    6161
    6262<!ENTITY openssl-version              "0.9.8j">
     63<!ENTITY ca-bundle-version            "20090409">
    6364<!ENTITY gnutls-version               "1.6.3">
    6465<!ENTITY cracklib-version             "2.8.13">
  • introduction/welcome/changelog.xml

    rfe9bce8 r462878e4  
    4242-->
    4343    <listitem>
     44      <para>April 9th, 2009</para>
     45      <itemizedlist>
     46        <listitem>
     47          <para>[dj] - Removed Root Certificates page and added ca-bundle
     48          instructions to OpenSSL page.</para>
     49        </listitem>
     50      </itemizedlist>
     51    </listitem>
     52
     53    <listitem>
    4454      <para>March 26th, 2009</para>
    4555      <itemizedlist>
  • postlfs/security/openssl.xml

    rfe9bce8 r462878e4  
    99  <!ENTITY openssl-md5sum        "a5cb5f6c3d11affb387ecf7a997cac0c">
    1010  <!ENTITY openssl-size          "3.7 MB">
    11   <!ENTITY openssl-buildsize     "45 MB">
    12   <!ENTITY openssl-time          "1.2 SBU (additional 0.3 SBU to run the test suite)">
     11  <!ENTITY ca-bundle-download    "http://anduin.linuxfromscratch.org/files/BLFS/BLFS-ca-bundle-&ca-bundle-version;.tar.bz2">
     12  <!ENTITY ca-bundle-size        "192 KB">
     13  <!ENTITY ca-bundle-md5sum      "a5e85c3df9ef9a192eb5e5cdf94ebb72">
     14  <!ENTITY openssl-buildsize     "47 MB">
     15  <!ENTITY openssl-time          "1.3 SBU (additional 0.3 SBU to run the test suite)">
    1316]>
    1417
     
    5154      </listitem>
    5255      <listitem>
     56        <para>CA Bundle Download: <ulink url="&ca-bundle-download;"/></para>
     57      </listitem>
     58      <listitem>
     59        <para>CA Bundle size: &ca-bundle-size;</para>
     60      </listitem>
     61      <listitem>
     62        <para>CA Bundle MD5 sum: &ca-bundle-md5sum;</para>
     63      </listitem>
     64      <listitem>
    5365        <para>Estimated disk space required: &openssl-buildsize;</para>
    5466      </listitem>
     
    7082    <bridgehead renderas="sect4">Recommended</bridgehead>
    7183    <para role="recommended"><xref linkend="bc"/>(if you run the test suite
    72     during the build) and <xref linkend="rootcerts"/></para>
     84    during the build)</para>
    7385
    7486    <bridgehead renderas="sect4">Optional</bridgehead>
     
    88100
    89101<screen><userinput>patch -Np1 -i ../openssl-&openssl-version;-fix_manpages-1.patch &amp;&amp;
     102tar -vxf ../BLFS-ca-bundle-&ca-bundle-version;.tar.bz2 &amp;&amp;
    90103./config --prefix=/usr         \
    91104         --openssldir=/etc/ssl \
     
    115128    /usr/share/doc/openssl-&openssl-version;</userinput></screen>
    116129
     130    <para>While still the <systemitem class="username">root</systemitem> user,
     131    create a single file that contains all of the installed certificates:</para>
     132
     133<screen role="root"><userinput>for pem in /etc/ssl/certs/*.pem
     134do
     135   cat $pem
     136   echo ""
     137done &gt; /etc/ssl/ca-bundle.crt</userinput></screen>
     138
    117139  </sect2>
    118140
    119141  <sect2 role="commands">
    120142    <title>Command Explanations</title>
     143
     144    <para>
     145    <command>tar -vxf ../BLFS-ca-bundle-&ca-bundle-version;.tar.bz2</command>:
     146    OpenSSL no longer includes any root certificates.  This package adds root
     147    certificates as provided by mozilla.org.</para>
    121148
    122149    <para><parameter>shared</parameter>: This parameter forces the creation of
     
    148175    use of <filename>libz.so</filename> for compression/decompression.</para> -->
    149176
    150     <para><command>cp -v -r certs /etc/ssl</command>: This package no longer
    151     ships CA certificates. This commands installs documentation and sample
    152     certificates as examples should one want to create/install their own
    153     certificates.</para>
     177    <para><command>cp -v -r certs /etc/ssl</command>: This installs both the
     178    sample certificates and documentation included with OpenSSL, and the
     179    certificates that were extrated from the BLFS-ca-bundle-&ca-bundle-version;
     180    package.</para>
     181
     182    <para><command>for pem in /etc/ssl/certs/*.pem...</command>: This group of
     183    commands creates a single-file certificate bundle
     184    (<filename>/etc/ssl/ca-bundle.crt</filename>) that is usable by many
     185    other software packages.  <filename>ca-bundle.crt</filename> should be
     186    recreated anytime that a certificate is added to
     187    <filename class="directory">/etc/ssl/certs</filename>.</para>
    154188
    155189  </sect2>
  • postlfs/security/security.xml

    rfe9bce8 r462878e4  
    4040  "signatures" and compares for files that have been changed.</para>
    4141
    42   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="rootcerts.xml"/>
    4342  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssl.xml"/>
    4443  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="gnutls.xml"/>
Note: See TracChangeset for help on using the changeset viewer.