Changeset 462878e4 for postlfs/security/openssl.xml
- Timestamp:
- 04/09/2009 06:01:57 AM (15 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 2f5c01ff
- Parents:
- fe9bce8
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/openssl.xml
rfe9bce8 r462878e4 9 9 <!ENTITY openssl-md5sum "a5cb5f6c3d11affb387ecf7a997cac0c"> 10 10 <!ENTITY openssl-size "3.7 MB"> 11 <!ENTITY openssl-buildsize "45 MB"> 12 <!ENTITY openssl-time "1.2 SBU (additional 0.3 SBU to run the test suite)"> 11 <!ENTITY ca-bundle-download "http://anduin.linuxfromscratch.org/files/BLFS/BLFS-ca-bundle-&ca-bundle-version;.tar.bz2"> 12 <!ENTITY ca-bundle-size "192 KB"> 13 <!ENTITY ca-bundle-md5sum "a5e85c3df9ef9a192eb5e5cdf94ebb72"> 14 <!ENTITY openssl-buildsize "47 MB"> 15 <!ENTITY openssl-time "1.3 SBU (additional 0.3 SBU to run the test suite)"> 13 16 ]> 14 17 … … 51 54 </listitem> 52 55 <listitem> 56 <para>CA Bundle Download: <ulink url="&ca-bundle-download;"/></para> 57 </listitem> 58 <listitem> 59 <para>CA Bundle size: &ca-bundle-size;</para> 60 </listitem> 61 <listitem> 62 <para>CA Bundle MD5 sum: &ca-bundle-md5sum;</para> 63 </listitem> 64 <listitem> 53 65 <para>Estimated disk space required: &openssl-buildsize;</para> 54 66 </listitem> … … 70 82 <bridgehead renderas="sect4">Recommended</bridgehead> 71 83 <para role="recommended"><xref linkend="bc"/>(if you run the test suite 72 during the build) and <xref linkend="rootcerts"/></para>84 during the build)</para> 73 85 74 86 <bridgehead renderas="sect4">Optional</bridgehead> … … 88 100 89 101 <screen><userinput>patch -Np1 -i ../openssl-&openssl-version;-fix_manpages-1.patch && 102 tar -vxf ../BLFS-ca-bundle-&ca-bundle-version;.tar.bz2 && 90 103 ./config --prefix=/usr \ 91 104 --openssldir=/etc/ssl \ … … 115 128 /usr/share/doc/openssl-&openssl-version;</userinput></screen> 116 129 130 <para>While still the <systemitem class="username">root</systemitem> user, 131 create a single file that contains all of the installed certificates:</para> 132 133 <screen role="root"><userinput>for pem in /etc/ssl/certs/*.pem 134 do 135 cat $pem 136 echo "" 137 done > /etc/ssl/ca-bundle.crt</userinput></screen> 138 117 139 </sect2> 118 140 119 141 <sect2 role="commands"> 120 142 <title>Command Explanations</title> 143 144 <para> 145 <command>tar -vxf ../BLFS-ca-bundle-&ca-bundle-version;.tar.bz2</command>: 146 OpenSSL no longer includes any root certificates. This package adds root 147 certificates as provided by mozilla.org.</para> 121 148 122 149 <para><parameter>shared</parameter>: This parameter forces the creation of … … 148 175 use of <filename>libz.so</filename> for compression/decompression.</para> --> 149 176 150 <para><command>cp -v -r certs /etc/ssl</command>: This package no longer 151 ships CA certificates. This commands installs documentation and sample 152 certificates as examples should one want to create/install their own 153 certificates.</para> 177 <para><command>cp -v -r certs /etc/ssl</command>: This installs both the 178 sample certificates and documentation included with OpenSSL, and the 179 certificates that were extrated from the BLFS-ca-bundle-&ca-bundle-version; 180 package.</para> 181 182 <para><command>for pem in /etc/ssl/certs/*.pem...</command>: This group of 183 commands creates a single-file certificate bundle 184 (<filename>/etc/ssl/ca-bundle.crt</filename>) that is usable by many 185 other software packages. <filename>ca-bundle.crt</filename> should be 186 recreated anytime that a certificate is added to 187 <filename class="directory">/etc/ssl/certs</filename>.</para> 154 188 155 189 </sect2>
Note:
See TracChangeset
for help on using the changeset viewer.