Changeset 5c3f3856
- Timestamp:
- 12/02/2018 02:50:58 AM (5 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 03b278dc
- Parents:
- 49cbcfe
- Files:
-
- 12 edited
Legend:
- Unmodified
- Added
- Removed
-
general.ent
r49cbcfe r5c3f3856 1 1 <!-- $LastChangedBy$ $Date$ --> 2 2 3 <!ENTITY day " 30"> <!-- Always 2 digits -->4 <!ENTITY month "1 1"> <!-- Always 2 digits -->3 <!ENTITY day "02"> <!-- Always 2 digits --> 4 <!ENTITY month "12"> <!-- Always 2 digits --> 5 5 <!ENTITY year "2018"> 6 6 <!ENTITY copyrightdate "2001-&year;"> 7 7 <!ENTITY copyholder "The BLFS Development Team"> 8 8 <!ENTITY version "&year;-&month;-&day;"> 9 <!ENTITY releasedate " November 30th, &year;">9 <!ENTITY releasedate "December 2nd, &year;"> 10 10 <!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP --> 11 11 <!ENTITY blfs-version "svn"> <!-- svn|[release #] --> -
general/genlib/qca.xml
r49cbcfe r5c3f3856 93 93 <para>Fix the location of the CA certificates:</para> 94 94 95 <screen><userinput>sed -i 's@c a-bundle.pem@ca-bundle.crt@' CMakeLists.txt</userinput></screen>95 <screen><userinput>sed -i 's@cert.pem@certs/ca-bundle.crt@' CMakeLists.txt</userinput></screen> 96 96 97 97 <para>Install <application>Qca</application> by running the following -
general/prog/mercurial.xml
r49cbcfe r5c3f3856 205 205 cat > /etc/mercurial/hgrc << "EOF" 206 206 <literal>[web] 207 cacerts = /etc/ ssl/ca-bundle.crt</literal>207 cacerts = /etc/pki/tls/certs/ca-bundle.crt</literal> 208 208 EOF</userinput></screen> 209 209 -
general/prog/openjdk.xml
r49cbcfe r5c3f3856 241 241 --with-version-pre="" \ 242 242 --with-version-opt="" \ 243 --with-cacerts-file=/etc/ ssl/java/cacerts &&243 --with-cacerts-file=/etc/pki/tls/java/cacerts && 244 244 make images</userinput></screen> 245 245 … … 394 394 395 395 <para> 396 <parameter>--with-cacerts-file=/etc/ ssl/java/cacerts</parameter>:396 <parameter>--with-cacerts-file=/etc/pki/tls/java/cacerts</parameter>: 397 397 Specifies where to find a <filename>cacerts</filename> file, 398 <filename>/etc/ ssl/java/</filename> on a BLFS system. Otherwise, an empty399 one is created. You can use the398 <filename>/etc/pki/tls/java/</filename> on a BLFS system. Otherwise, an 399 empty one is created. You can use the 400 400 <command>/usr/sbin/make-ca --force</command> command to generate it, once 401 401 you have installed the Java binaries. … … 450 450 </para> 451 451 452 <screen role="root"><userinput>ln -sfv /etc/ ssl/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen>452 <screen role="root"><userinput>ln -sfv /etc/pki/tls/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen> 453 453 454 454 <para> -
gnome/platform/rest.xml
r49cbcfe r5c3f3856 106 106 107 107 <screen><userinput>./configure --prefix=/usr \ 108 --with-ca-certificates=/etc/ ssl/ca-bundle.crt &&108 --with-ca-certificates=/etc/pki/tls/certs/ca-bundle.crt && 109 109 make</userinput></screen> 110 110 … … 125 125 126 126 <para> 127 <parameter>--with-ca-certificates=/etc/ ssl/ca-bundle.crt</parameter>: This128 switch sets the location of the BLFS certificate authority bundle.127 <parameter>--with-ca-certificates=/etc/pki/tls/certs/ca-bundle.crt</parameter>: 128 This switch sets the location of the BLFS certificate authority bundle. 129 129 </para> 130 130 -
introduction/welcome/changelog.xml
r49cbcfe r5c3f3856 43 43 --> 44 44 <listitem> 45 <para>December 2nd, 2018</para> 46 <itemizedlist> 47 <listitem> 48 <para>[dj] - Update to make-ca-1.0. Fixes 49 <ulink url="&blfs-ticket-root;11401">#11401</ulink>.</para> 50 </listitem> 51 <listitem> 52 <para>[dj] - Use configuration from bash-completions package if 53 it is installed. Added bash-completion-2.8 to the BLFS wiki. Fixes 54 <ulink url="&blfs-ticket-root;11399">#11399</ulink>.</para> 55 </listitem> 56 </itemizedlist> 57 </listitem> 58 59 <listitem> 45 60 <para>November 30th, 2018</para> 46 61 <itemizedlist> -
networking/netlibs/curl.xml
r49cbcfe r5c3f3856 262 262 263 263 <para> 264 <option>--with-ca-bundle=/etc/ ssl/ca-bundle.crt</option>: Use264 <option>--with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt</option>: Use 265 265 this switch instead of <parameter>--with-ca-path</parameter> if 266 266 building with <application>GnuTLS</application> support -
networking/netlibs/neon.xml
r49cbcfe r5c3f3856 140 140 <application>GnuTLS</application> usage when both are present, 141 141 simply pass <option>--with-ssl=gnutls</option> and 142 <option>--with-ca-bundle=/etc/ ssl/ca-bundle.crt</option> to the142 <option>--with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt</option> to the 143 143 <command>configure</command> script. 144 144 </para> -
packages.ent
r49cbcfe r5c3f3856 25 25 <!ENTITY linux-pam-docs-version "1.2.0"> 26 26 <!ENTITY libpwquality-version "1.4.0"> 27 <!ENTITY make-ca-version " 0.9">27 <!ENTITY make-ca-version "1.0"> 28 28 <!ENTITY mitkrb-major-version "1.16"> 29 29 <!ENTITY mitkrb-version "1.16.2"> -
postlfs/config/profile.xml
r49cbcfe r5c3f3856 68 68 as an unprivileged user.</para> 69 69 </note> 70 71 <para condition="html" role="usernotes">User Notes: 72 <ulink url="&blfs-wiki;/bash-shell-startup-files"/></para> 70 73 71 74 <sect2 id="etc-profile-profile"> … … 198 201 # Import bash completion scripts 199 202 200 for script in /etc/bash_completion.d/*.sh ; do 201 if [ -r $script ] ; then 202 . $script 203 fi 204 done 203 # If the bash-completion package is installed, use its configuration instead 204 if [ -f /usr/share/bash-completion/bash_completion ]; then 205 206 # Check for interactive bash and that we haven't already been sourced. 207 if [ -n "${BASH_VERSION-}" -a -n "${PS1-}" -a -z "${BASH_COMPLETION_VERSINFO-}" ]; then 208 209 # Check for recent enough version of bash. 210 if [ ${BASH_VERSINFO[0]} -gt 4 ] || \ 211 [ ${BASH_VERSINFO[0]} -eq 4 -a ${BASH_VERSINFO[1]} -ge 1 ]; then 212 [ -r "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ] && \ 213 . "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" 214 if shopt -q progcomp && [ -r /usr/share/bash-completion/bash_completion ]; then 215 # Source completion code. 216 . /usr/share/bash-completion/bash_completion 217 fi 218 fi 219 fi 220 221 else 222 223 # bash-completions are not installed, use only bash completion directory 224 if shopt -q progcomp; then 225 for script in /etc/bash_completion.d/* ; do 226 if [ -r $script ] ; then 227 . $script 228 fi 229 done 230 fi 231 fi 232 205 233 # End /etc/profile.d/bash_completion.sh</literal> 206 234 EOF</userinput></screen> 207 208 235 <para>Make sure that the directory exists:</para> 209 236 210 237 <screen role="root"><userinput>install --directory --mode=0755 --owner=root --group=root /etc/bash_completion.d</userinput></screen> 211 238 212 </sect3> 213 214 239 <para>For a more complete installation, see 240 <ulink url="&blfs-wiki;/bash-shell-startup-files#bash-completions"/>.</para> 241 242 </sect3> 215 243 216 244 <sect3 id="etc-profile.d-dircolors.sh"> -
postlfs/security/gnutls.xml
r49cbcfe r5c3f3856 188 188 189 189 <para> 190 <option>--with-default-trust-store-file=/etc/ ssl/ca-bundle.crt</option>:190 <option>--with-default-trust-store-file=/etc/pki/tls/certs/ca-bundle.crt</option>: 191 191 This switch tells <command>configure</command> where to find the 192 192 legacy CA certificate bundle and to use it instead of PKCS #11 module -
postlfs/security/make-ca.xml
r49cbcfe r5c3f3856 10 10 <!ENTITY make-ca-time "0.1 SBU (with all runtime deps)"> 11 11 12 <!ENTITY make-ca-download "https://github.com/djlucas/make-ca/ archive/v&make-ca-version;/make-ca-&make-ca-version;.tar.gz">13 <!ENTITY make-ca-size " 36KB">14 <!ENTITY make-ca-md5sum " 0eeaf712eedeae4fa55d8bfa37f4ca32">12 <!ENTITY make-ca-download "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz"> 13 <!ENTITY make-ca-size "28 KB"> 14 <!ENTITY make-ca-md5sum "b038d38233f970aad60c29dfc0502021"> 15 15 ]> 16 16 … … 145 145 As the <systemitem class="username">root</systemitem> user:</para> 146 146 147 <screen role="root"><userinput>make install && 148 mkdir -pv /etc/pki/tls/certs && 149 ln -svf /etc/ssl/ca-bundle.crt \ 150 /etc/pki/tls/certs/ca-bundle.crt</userinput></screen> 147 <screen role="root"><userinput>make install</userinput></screen> 151 148 152 149 <para>As the <systemitem class="username">root</systemitem> user, after … … 164 161 <screen role="root"><userinput>/usr/sbin/make-ca -g</userinput></screen> 165 162 163 <!-- Remove at 8.5 or 9.0 --> 164 <para>Previous version of BLFS used the path 165 <filename>/etc/ssl/ca-bundle.crt</filename> for the 166 <xref linkend="gnutls"/> certificate store. If software is still installed 167 that references this file, create a compatibilty symlink for the old 168 location as the <systemitem class="username">root</systemitem> user:</para> 169 170 <screen role="nodump"><userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt \ 171 /etc/ssl/ca-bundle.crt</userinput></screen> 172 166 173 <para>You should periodically update the store with the above command 167 174 either manually, or via a <phrase revision="sysv">cron job.</phrase> … … 170 177 will check for updates weekly.</phrase></para> 171 178 172 <para>The default <filename>certdata.txt</filename> file provided by make-ca 179 </sect2> 180 181 <sect2 role="configuration" id="make-ca-config"> 182 <title>Configuring make-ca</title> 183 184 <para>Genearally, no configuration is necessary on an LFS system, however, 185 the default <filename>certdata.txt</filename> file provided by make-ca 173 186 is obtained from the mozilla-release branch, and is modified to provide a 174 Mercurial revision. This will be the correct version for most 175 systems. There are, however, several other variants of the file available 176 for use that might be preferred for one reason or another, including the 177 files shipped with Mozilla products in this book. RedHat and OpenSUSE, 178 for instance, use the version included in <xref linkend="nss"/>. Additional 179 upstream downloads are available at the links below.</para> 180 181 <itemizedlist spacing="compact"> 182 <listitem> 183 <para>Mozilla Release (the version provided by BLFS): 184 <ulink url="&certhost;releases/mozilla-release/raw-file/default/security/nss&certpath;"/> 185 </para> 186 </listitem> 187 <listitem> 188 <para>NSS (this is the latest available version): 189 <ulink url="&certhost;projects/nss/raw-file/tip&certpath;"/> 190 </para> 191 </listitem> 192 <listitem> 193 <para>Mozilla Central: 194 <ulink url="&certhost;mozilla-central/raw-file/default/security/nss&certpath;"/> 195 </para> 196 </listitem> 197 <listitem> 198 <para>Mozilla Beta: 199 <ulink url="&certhost;releases/mozilla-beta/raw-file/default/security/nss&certpath;"/> 200 </para> 201 </listitem> 202 <listitem> 203 <para>Mozilla Aurora: 204 <ulink url="&certhost;releases/mozilla-aurora/raw-file/default/security/nss&certpath;"/> 205 </para> 206 </listitem> 207 </itemizedlist> 187 Mercurial revision. This will be the correct version for most systems. 188 There are several other variants of the file available for use that might 189 be preferred for one reason or another, including the files shipped with 190 Mozilla products in this book. RedHat and OpenSUSE, for instance, use the 191 version included in <xref linkend="nss"/>. Additional upstream downloads 192 are available at the links included in 193 <filename>/etc/make-ca.conf.dist</filename>. Simply copy the file to 194 <filename>/etc/make-ca.conf</filename> and edit as appropriate.</para> 195 196 <indexterm zone="make-ca make-ca-config"> 197 <primary sortas="e-etc-make-ca-conf">/etc/make-ca.conf</primary> 198 </indexterm> 208 199 209 200 </sect2> … … 214 205 <segmentedlist> 215 206 <segtitle>Installed Programs</segtitle> 216 <segtitle>Installed Libraries</segtitle>217 207 <segtitle>Installed Directories</segtitle> 218 208 219 209 <seglistitem> 220 210 <seg>make-ca</seg> 221 <seg>None</seg>222 211 <seg>/etc/ssl/{certs,java,local} and /etc/pki/{nssdb,anchors}</seg> 223 212 </seglistitem>
Note:
See TracChangeset
for help on using the changeset viewer.