Changeset 5c3f385


Ignore:
Timestamp:
12/02/2018 02:50:58 AM (3 years ago)
Author:
DJ Lucas <dj@…>
Branches:
10.0, 10.1, 11.0, 8.4, 9.0, 9.1, bdubbs/svn, elogind, lazarus, qt5new, trunk, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
03b278dc
Parents:
49cbcfe
Message:

Update to make-ca-1.0. Fixes #11401.
Use configuration from bash-completions package if it is installed. Added bash-completion-2.8 to ghe BLFS wiki and linked from profile page. Fixes #11399.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20770 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
12 edited

Legend:

Unmodified
Added
Removed
  • general.ent

    r49cbcfe r5c3f385  
    11<!-- $LastChangedBy$ $Date$ -->
    22
    3 <!ENTITY day          "30">                   <!-- Always 2 digits -->
    4 <!ENTITY month        "11">                   <!-- Always 2 digits -->
     3<!ENTITY day          "02">                   <!-- Always 2 digits -->
     4<!ENTITY month        "12">                   <!-- Always 2 digits -->
    55<!ENTITY year         "2018">
    66<!ENTITY copyrightdate "2001-&year;">
    77<!ENTITY copyholder   "The BLFS Development Team">
    88<!ENTITY version      "&year;-&month;-&day;">
    9 <!ENTITY releasedate  "November 30th, &year;">
     9<!ENTITY releasedate  "December 2nd, &year;">
    1010<!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
    1111<!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
  • general/genlib/qca.xml

    r49cbcfe r5c3f385  
    9393    <para>Fix the location of the CA certificates:</para>
    9494
    95 <screen><userinput>sed -i 's@ca-bundle.pem@ca-bundle.crt@' CMakeLists.txt</userinput></screen>
     95<screen><userinput>sed -i 's@cert.pem@certs/ca-bundle.crt@' CMakeLists.txt</userinput></screen>
    9696
    9797    <para>Install <application>Qca</application> by running the following
  • general/prog/mercurial.xml

    r49cbcfe r5c3f385  
    205205cat &gt; /etc/mercurial/hgrc &lt;&lt; "EOF"
    206206<literal>[web]
    207 cacerts = /etc/ssl/ca-bundle.crt</literal>
     207cacerts = /etc/pki/tls/certs/ca-bundle.crt</literal>
    208208EOF</userinput></screen>
    209209
  • general/prog/openjdk.xml

    r49cbcfe r5c3f385  
    241241               --with-version-pre=""        \
    242242               --with-version-opt=""        \
    243                --with-cacerts-file=/etc/ssl/java/cacerts &amp;&amp;
     243               --with-cacerts-file=/etc/pki/tls/java/cacerts &amp;&amp;
    244244make images</userinput></screen>
    245245
     
    394394
    395395    <para>
    396       <parameter>--with-cacerts-file=/etc/ssl/java/cacerts</parameter>:
     396      <parameter>--with-cacerts-file=/etc/pki/tls/java/cacerts</parameter>:
    397397      Specifies where to find a <filename>cacerts</filename> file,
    398       <filename>/etc/ssl/java/</filename> on a BLFS system. Otherwise, an empty
    399       one is created. You can use the
     398      <filename>/etc/pki/tls/java/</filename> on a BLFS system. Otherwise, an
     399      empty one is created. You can use the
    400400      <command>/usr/sbin/make-ca --force</command> command to generate it, once
    401401      you have installed the Java binaries.
     
    450450      </para>
    451451
    452 <screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen>
     452<screen role="root"><userinput>ln -sfv /etc/pki/tls/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen>
    453453
    454454      <para>
  • gnome/platform/rest.xml

    r49cbcfe r5c3f385  
    106106
    107107<screen><userinput>./configure --prefix=/usr \
    108     --with-ca-certificates=/etc/ssl/ca-bundle.crt &amp;&amp;
     108    --with-ca-certificates=/etc/pki/tls/certs/ca-bundle.crt &amp;&amp;
    109109make</userinput></screen>
    110110
     
    125125
    126126    <para>
    127       <parameter>--with-ca-certificates=/etc/ssl/ca-bundle.crt</parameter>: This
    128       switch sets the location of the BLFS certificate authority bundle.
     127      <parameter>--with-ca-certificates=/etc/pki/tls/certs/ca-bundle.crt</parameter>:
     128      This switch sets the location of the BLFS certificate authority bundle.
    129129    </para>
    130130
  • introduction/welcome/changelog.xml

    r49cbcfe r5c3f385  
    4343-->
    4444    <listitem>
     45      <para>December 2nd, 2018</para>
     46      <itemizedlist>
     47        <listitem>
     48          <para>[dj] - Update to make-ca-1.0. Fixes
     49          <ulink url="&blfs-ticket-root;11401">#11401</ulink>.</para>
     50        </listitem>
     51        <listitem>
     52          <para>[dj] - Use configuration from bash-completions package if
     53          it is installed. Added bash-completion-2.8 to the BLFS wiki. Fixes
     54          <ulink url="&blfs-ticket-root;11399">#11399</ulink>.</para>
     55        </listitem>
     56      </itemizedlist>
     57    </listitem>
     58
     59    <listitem>
    4560      <para>November 30th, 2018</para>
    4661      <itemizedlist>
  • networking/netlibs/curl.xml

    r49cbcfe r5c3f385  
    262262
    263263    <para>
    264       <option>--with-ca-bundle=/etc/ssl/ca-bundle.crt</option>: Use
     264      <option>--with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt</option>: Use
    265265      this switch instead of <parameter>--with-ca-path</parameter> if
    266266      building with <application>GnuTLS</application> support
  • networking/netlibs/neon.xml

    r49cbcfe r5c3f385  
    140140      <application>GnuTLS</application> usage when both are present,
    141141      simply pass <option>--with-ssl=gnutls</option> and
    142       <option>--with-ca-bundle=/etc/ssl/ca-bundle.crt</option> to the
     142      <option>--with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt</option> to the
    143143      <command>configure</command> script.
    144144    </para>
  • packages.ent

    r49cbcfe r5c3f385  
    2525<!ENTITY linux-pam-docs-version       "1.2.0">
    2626<!ENTITY libpwquality-version         "1.4.0">
    27 <!ENTITY make-ca-version              "0.9">
     27<!ENTITY make-ca-version              "1.0">
    2828<!ENTITY mitkrb-major-version         "1.16">
    2929<!ENTITY mitkrb-version               "1.16.2">
  • postlfs/config/profile.xml

    r49cbcfe r5c3f385  
    6868    as an unprivileged user.</para>
    6969  </note>
     70
     71    <para condition="html" role="usernotes">User Notes:
     72    <ulink url="&blfs-wiki;/bash-shell-startup-files"/></para>
    7073
    7174  <sect2 id="etc-profile-profile">
     
    198201# Import bash completion scripts
    199202
    200 for script in /etc/bash_completion.d/*.sh ; do
    201         if [ -r $script ] ; then
    202                 . $script
    203         fi
    204 done
     203# If the bash-completion package is installed, use its configuration instead
     204if [ -f /usr/share/bash-completion/bash_completion ]; then
     205
     206  # Check for interactive bash and that we haven't already been sourced.
     207  if [ -n "${BASH_VERSION-}" -a -n "${PS1-}" -a -z "${BASH_COMPLETION_VERSINFO-}" ]; then
     208
     209    # Check for recent enough version of bash.
     210    if [ ${BASH_VERSINFO[0]} -gt 4 ] || \
     211       [ ${BASH_VERSINFO[0]} -eq 4 -a ${BASH_VERSINFO[1]} -ge 1 ]; then
     212       [ -r "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ] &amp;&amp; \
     213            . "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion"
     214       if shopt -q progcomp &amp;&amp; [ -r /usr/share/bash-completion/bash_completion ]; then
     215          # Source completion code.
     216          . /usr/share/bash-completion/bash_completion
     217       fi
     218    fi
     219  fi
     220
     221else
     222
     223  # bash-completions are not installed, use only bash completion directory
     224  if shopt -q progcomp; then
     225    for script in /etc/bash_completion.d/* ; do
     226      if [ -r $script ] ; then
     227        . $script
     228      fi
     229    done
     230  fi
     231fi
     232
    205233# End /etc/profile.d/bash_completion.sh</literal>
    206234EOF</userinput></screen>
    207 
    208235      <para>Make sure that the directory exists:</para>
    209236
    210237<screen role="root"><userinput>install --directory --mode=0755 --owner=root --group=root /etc/bash_completion.d</userinput></screen>
    211238
    212     </sect3>
    213 
    214 
     239      <para>For a more complete installation, see
     240      <ulink url="&blfs-wiki;/bash-shell-startup-files#bash-completions"/>.</para>
     241
     242    </sect3>
    215243
    216244    <sect3 id="etc-profile.d-dircolors.sh">
  • postlfs/security/gnutls.xml

    r49cbcfe r5c3f385  
    188188
    189189    <para>
    190       <option>--with-default-trust-store-file=/etc/ssl/ca-bundle.crt</option>:
     190      <option>--with-default-trust-store-file=/etc/pki/tls/certs/ca-bundle.crt</option>:
    191191      This switch tells <command>configure</command> where to find the
    192192      legacy CA certificate bundle and to use it instead of PKCS #11 module
  • postlfs/security/make-ca.xml

    r49cbcfe r5c3f385  
    1010  <!ENTITY make-ca-time          "0.1 SBU (with all runtime deps)">
    1111
    12   <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-ca-version;.tar.gz">
    13   <!ENTITY make-ca-size          "36 KB">
    14   <!ENTITY make-ca-md5sum        "0eeaf712eedeae4fa55d8bfa37f4ca32">
     12  <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz">
     13  <!ENTITY make-ca-size          "28 KB">
     14  <!ENTITY make-ca-md5sum        "b038d38233f970aad60c29dfc0502021">
    1515]>
    1616
     
    145145    As the <systemitem class="username">root</systemitem> user:</para>
    146146
    147 <screen role="root"><userinput>make install                             &amp;&amp;
    148 mkdir -pv /etc/pki/tls/certs             &amp;&amp;
    149 ln -svf /etc/ssl/ca-bundle.crt \
    150         /etc/pki/tls/certs/ca-bundle.crt</userinput></screen>
     147<screen role="root"><userinput>make install</userinput></screen>
    151148
    152149   <para>As the <systemitem class="username">root</systemitem> user, after
     
    164161<screen role="root"><userinput>/usr/sbin/make-ca -g</userinput></screen>
    165162
     163    <!-- Remove at 8.5 or 9.0 -->
     164    <para>Previous version of BLFS used the path
     165    <filename>/etc/ssl/ca-bundle.crt</filename> for the
     166    <xref linkend="gnutls"/> certificate store. If software is still installed
     167    that references this file, create a compatibilty symlink for the old
     168    location as the <systemitem class="username">root</systemitem> user:</para>
     169
     170<screen role="nodump"><userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt \
     171        /etc/ssl/ca-bundle.crt</userinput></screen>
     172
    166173    <para>You should periodically update the store with the above command
    167174    either manually, or via a <phrase revision="sysv">cron job.</phrase>
     
    170177    will check for updates weekly.</phrase></para>
    171178
    172     <para>The default <filename>certdata.txt</filename> file provided by make-ca
     179  </sect2>
     180
     181  <sect2 role="configuration" id="make-ca-config">
     182    <title>Configuring make-ca</title>
     183
     184    <para>Genearally, no configuration is necessary on an LFS system, however,
     185    the default <filename>certdata.txt</filename> file provided by make-ca
    173186    is obtained from the mozilla-release branch, and is modified to provide a
    174     Mercurial revision. This will be the correct version for most
    175     systems. There are, however, several other variants of the file available
    176     for use that might be preferred for one reason or another, including the
    177     files shipped with Mozilla products in this book. RedHat and OpenSUSE,
    178     for instance, use the version included in <xref linkend="nss"/>. Additional
    179     upstream downloads are available at the links below.</para>
    180 
    181     <itemizedlist spacing="compact">
    182       <listitem>
    183         <para>Mozilla Release (the version provided by BLFS):
    184         <ulink url="&certhost;releases/mozilla-release/raw-file/default/security/nss&certpath;"/>
    185         </para>
    186       </listitem>
    187       <listitem>
    188         <para>NSS (this is the latest available version):
    189         <ulink url="&certhost;projects/nss/raw-file/tip&certpath;"/>
    190         </para>
    191       </listitem>
    192       <listitem>
    193         <para>Mozilla Central:
    194         <ulink url="&certhost;mozilla-central/raw-file/default/security/nss&certpath;"/>
    195         </para>
    196       </listitem>
    197       <listitem>
    198         <para>Mozilla Beta:
    199         <ulink url="&certhost;releases/mozilla-beta/raw-file/default/security/nss&certpath;"/>
    200         </para>
    201       </listitem>
    202       <listitem>
    203         <para>Mozilla Aurora:
    204         <ulink url="&certhost;releases/mozilla-aurora/raw-file/default/security/nss&certpath;"/>
    205         </para>
    206       </listitem>
    207     </itemizedlist>
     187    Mercurial revision. This will be the correct version for most systems.
     188    There are several other variants of the file available for use that might
     189    be preferred for one reason or another, including the files shipped with
     190    Mozilla products in this book. RedHat and OpenSUSE, for instance, use the
     191    version included in <xref linkend="nss"/>. Additional upstream downloads
     192    are available at the links included in
     193    <filename>/etc/make-ca.conf.dist</filename>. Simply copy the file to
     194    <filename>/etc/make-ca.conf</filename> and edit as appropriate.</para>
     195
     196    <indexterm zone="make-ca make-ca-config">
     197      <primary sortas="e-etc-make-ca-conf">/etc/make-ca.conf</primary>
     198    </indexterm>
    208199
    209200  </sect2>
     
    214205    <segmentedlist>
    215206      <segtitle>Installed Programs</segtitle>
    216       <segtitle>Installed Libraries</segtitle>
    217207      <segtitle>Installed Directories</segtitle>
    218208
    219209      <seglistitem>
    220210        <seg>make-ca</seg>
    221         <seg>None</seg>
    222211        <seg>/etc/ssl/{certs,java,local} and /etc/pki/{nssdb,anchors}</seg>
    223212      </seglistitem>
Note: See TracChangeset for help on using the changeset viewer.