Changeset 5c3f3856

Timestamp:

12/02/2018 02:50:58 AM (5 years ago)

Author:

DJ Lucas <dj@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

03b278dc

Parents:

49cbcfe

Message:

Update to make-ca-1.0. Fixes #11401.
Use configuration from bash-completions package if it is installed. Added bash-completion-2.8 to ghe BLFS wiki and linked from profile page. Fixes #11399.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20770 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general.ent (modified) (1 diff)
• general/genlib/qca.xml (modified) (1 diff)
• general/prog/mercurial.xml (modified) (1 diff)
• general/prog/openjdk.xml (modified) (3 diffs)
• gnome/platform/rest.xml (modified) (2 diffs)
• introduction/welcome/changelog.xml (modified) (1 diff)
• networking/netlibs/curl.xml (modified) (1 diff)
• networking/netlibs/neon.xml (modified) (1 diff)
• packages.ent (modified) (1 diff)
• postlfs/config/profile.xml (modified) (2 diffs)
• postlfs/security/gnutls.xml (modified) (1 diff)
• postlfs/security/make-ca.xml (modified) (5 diffs)

general.ent

@@ -1 +1 @@
 <!-- $LastChangedBy$ $Date$ -->
 
-<!ENTITY day          "30">                   <!-- Always 2 digits -->
-<!ENTITY month        "11">                   <!-- Always 2 digits -->
+<!ENTITY day          "02">                   <!-- Always 2 digits -->
+<!ENTITY month        "12">                   <!-- Always 2 digits -->
 <!ENTITY year         "2018">
 <!ENTITY copyrightdate "2001-&year;">
 <!ENTITY copyholder   "The BLFS Development Team">
 <!ENTITY version      "&year;-&month;-&day;">
-<!ENTITY releasedate  "November 30th, &year;">
+<!ENTITY releasedate  "December 2nd, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->

general/genlib/qca.xml

@@ -93 +93 @@
     <para>Fix the location of the CA certificates:</para>
 
-<screen><userinput>sed -i 's@ca-bundle.pem@ca-bundle.crt@' CMakeLists.txt</userinput></screen>
+<screen><userinput>sed -i 's@cert.pem@certs/ca-bundle.crt@' CMakeLists.txt</userinput></screen>
 
     <para>Install <application>Qca</application> by running the following

general/prog/mercurial.xml

@@ -205 +205 @@
 cat > /etc/mercurial/hgrc << "EOF"
 <literal>[web]
-cacerts = /etc/ssl/ca-bundle.crt</literal>
+cacerts = /etc/pki/tls/certs/ca-bundle.crt</literal>
 EOF</userinput></screen>
 

general/prog/openjdk.xml

@@ -241 +241 @@
                --with-version-pre=""        \
                --with-version-opt=""        \
-               --with-cacerts-file=/etc/ssl/java/cacerts &&
+               --with-cacerts-file=/etc/pki/tls/java/cacerts &&
 make images</userinput></screen>
 
@@ -394 +394 @@
 
     <para>
-      <parameter>--with-cacerts-file=/etc/ssl/java/cacerts</parameter>:
+      <parameter>--with-cacerts-file=/etc/pki/tls/java/cacerts</parameter>:
       Specifies where to find a <filename>cacerts</filename> file,
-      <filename>/etc/ssl/java/</filename> on a BLFS system. Otherwise, an empty
-      one is created. You can use the
+      <filename>/etc/pki/tls/java/</filename> on a BLFS system. Otherwise, an
+      empty one is created. You can use the
       <command>/usr/sbin/make-ca --force</command> command to generate it, once
       you have installed the Java binaries.
@@ -450 +450 @@
       </para>
 
-<screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen>
+<screen role="root"><userinput>ln -sfv /etc/pki/tls/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen>
 
       <para>

gnome/platform/rest.xml

@@ -106 +106 @@
 
 <screen><userinput>./configure --prefix=/usr \
-    --with-ca-certificates=/etc/ssl/ca-bundle.crt &amp;&amp;
+    --with-ca-certificates=/etc/pki/tls/certs/ca-bundle.crt &amp;&amp;
 make</userinput></screen>
 
@@ -125 +125 @@
 
     <para>
-      <parameter>--with-ca-certificates=/etc/ssl/ca-bundle.crt</parameter>: This
-      switch sets the location of the BLFS certificate authority bundle.
+      <parameter>--with-ca-certificates=/etc/pki/tls/certs/ca-bundle.crt</parameter>: 
+      This switch sets the location of the BLFS certificate authority bundle.
     </para>
 

introduction/welcome/changelog.xml

@@ -43 +43 @@
 -->
     <listitem>
+      <para>December 2nd, 2018</para>
+      <itemizedlist>
+        <listitem>
+          <para>[dj] - Update to make-ca-1.0. Fixes
+          <ulink url="&blfs-ticket-root;11401">#11401</ulink>.</para>
+        </listitem>
+        <listitem>
+          <para>[dj] - Use configuration from bash-completions package if
+          it is installed. Added bash-completion-2.8 to the BLFS wiki. Fixes
+          <ulink url="&blfs-ticket-root;11399">#11399</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>November 30th, 2018</para>
       <itemizedlist>

networking/netlibs/curl.xml

@@ -262 +262 @@
 
     <para>
-      <option>--with-ca-bundle=/etc/ssl/ca-bundle.crt</option>: Use
+      <option>--with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt</option>: Use
       this switch instead of <parameter>--with-ca-path</parameter> if
       building with <application>GnuTLS</application> support

networking/netlibs/neon.xml

@@ -140 +140 @@
       <application>GnuTLS</application> usage when both are present,
       simply pass <option>--with-ssl=gnutls</option> and 
-      <option>--with-ca-bundle=/etc/ssl/ca-bundle.crt</option> to the
+      <option>--with-ca-bundle=/etc/pki/tls/certs/ca-bundle.crt</option> to the
       <command>configure</command> script.
     </para>

packages.ent

@@ -25 +25 @@
 <!ENTITY linux-pam-docs-version       "1.2.0">
 <!ENTITY libpwquality-version         "1.4.0">
-<!ENTITY make-ca-version              "0.9">
+<!ENTITY make-ca-version              "1.0">
 <!ENTITY mitkrb-major-version         "1.16">
 <!ENTITY mitkrb-version               "1.16.2">

postlfs/config/profile.xml

@@ -68 +68 @@
     as an unprivileged user.</para>
   </note>
+
+    <para condition="html" role="usernotes">User Notes:
+    <ulink url="&blfs-wiki;/bash-shell-startup-files"/></para>
 
   <sect2 id="etc-profile-profile">
@@ -198 +201 @@
 # Import bash completion scripts
 
-for script in /etc/bash_completion.d/*.sh ; do
-        if [ -r $script ] ; then
-                . $script
-        fi
-done
+# If the bash-completion package is installed, use its configuration instead
+if [ -f /usr/share/bash-completion/bash_completion ]; then
+
+  # Check for interactive bash and that we haven't already been sourced.
+  if [ -n "${BASH_VERSION-}" -a -n "${PS1-}" -a -z "${BASH_COMPLETION_VERSINFO-}" ]; then
+
+    # Check for recent enough version of bash.
+    if [ ${BASH_VERSINFO[0]} -gt 4 ] || \
+       [ ${BASH_VERSINFO[0]} -eq 4 -a ${BASH_VERSINFO[1]} -ge 1 ]; then
+       [ -r "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion" ] &amp;&amp; \
+            . "${XDG_CONFIG_HOME:-$HOME/.config}/bash_completion"
+       if shopt -q progcomp &amp;&amp; [ -r /usr/share/bash-completion/bash_completion ]; then
+          # Source completion code.
+          . /usr/share/bash-completion/bash_completion
+       fi
+    fi
+  fi
+
+else
+
+  # bash-completions are not installed, use only bash completion directory
+  if shopt -q progcomp; then
+    for script in /etc/bash_completion.d/* ; do
+      if [ -r $script ] ; then
+        . $script
+      fi
+    done
+  fi
+fi
+
 # End /etc/profile.d/bash_completion.sh</literal>
 EOF</userinput></screen>
-
       <para>Make sure that the directory exists:</para>
 
 <screen role="root"><userinput>install --directory --mode=0755 --owner=root --group=root /etc/bash_completion.d</userinput></screen>
 
-    </sect3>
-
-
+      <para>For a more complete installation, see
+      <ulink url="&blfs-wiki;/bash-shell-startup-files#bash-completions"/>.</para>
+
+    </sect3>
 
     <sect3 id="etc-profile.d-dircolors.sh">

postlfs/security/gnutls.xml

@@ -188 +188 @@
 
     <para>
-      <option>--with-default-trust-store-file=/etc/ssl/ca-bundle.crt</option>:
+      <option>--with-default-trust-store-file=/etc/pki/tls/certs/ca-bundle.crt</option>:
       This switch tells <command>configure</command> where to find the
       legacy CA certificate bundle and to use it instead of PKCS #11 module

postlfs/security/make-ca.xml

@@ -10 +10 @@
   <!ENTITY make-ca-time          "0.1 SBU (with all runtime deps)">
 
-  <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-ca-version;.tar.gz">
-  <!ENTITY make-ca-size          "36 KB">
-  <!ENTITY make-ca-md5sum        "0eeaf712eedeae4fa55d8bfa37f4ca32">
+  <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz">
+  <!ENTITY make-ca-size          "28 KB">
+  <!ENTITY make-ca-md5sum        "b038d38233f970aad60c29dfc0502021">
 ]>
 
@@ -145 +145 @@
     As the <systemitem class="username">root</systemitem> user:</para>
 
-<screen role="root"><userinput>make install                             &amp;&amp;
-mkdir -pv /etc/pki/tls/certs             &amp;&amp;
-ln -svf /etc/ssl/ca-bundle.crt \
-        /etc/pki/tls/certs/ca-bundle.crt</userinput></screen>
+<screen role="root"><userinput>make install</userinput></screen>
 
    <para>As the <systemitem class="username">root</systemitem> user, after
@@ -164 +161 @@
 <screen role="root"><userinput>/usr/sbin/make-ca -g</userinput></screen>
 
+    <!-- Remove at 8.5 or 9.0 -->
+    <para>Previous version of BLFS used the path
+    <filename>/etc/ssl/ca-bundle.crt</filename> for the
+    <xref linkend="gnutls"/> certificate store. If software is still installed
+    that references this file, create a compatibilty symlink for the old
+    location as the <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="nodump"><userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt \
+        /etc/ssl/ca-bundle.crt</userinput></screen>
+
     <para>You should periodically update the store with the above command
     either manually, or via a <phrase revision="sysv">cron job.</phrase>
@@ -170 +177 @@
     will check for updates weekly.</phrase></para>
 
-    <para>The default <filename>certdata.txt</filename> file provided by make-ca
+  </sect2>
+
+  <sect2 role="configuration" id="make-ca-config">
+    <title>Configuring make-ca</title>
+
+    <para>Genearally, no configuration is necessary on an LFS system, however,
+    the default <filename>certdata.txt</filename> file provided by make-ca
     is obtained from the mozilla-release branch, and is modified to provide a
-    Mercurial revision. This will be the correct version for most
-    systems. There are, however, several other variants of the file available
-    for use that might be preferred for one reason or another, including the
-    files shipped with Mozilla products in this book. RedHat and OpenSUSE,
-    for instance, use the version included in <xref linkend="nss"/>. Additional
-    upstream downloads are available at the links below.</para>
-
-    <itemizedlist spacing="compact">
-      <listitem>
-        <para>Mozilla Release (the version provided by BLFS):
-        <ulink url="&certhost;releases/mozilla-release/raw-file/default/security/nss&certpath;"/>
-        </para>
-      </listitem>
-      <listitem>
-        <para>NSS (this is the latest available version):
-        <ulink url="&certhost;projects/nss/raw-file/tip&certpath;"/>
-        </para>
-      </listitem>
-      <listitem>
-        <para>Mozilla Central:
-        <ulink url="&certhost;mozilla-central/raw-file/default/security/nss&certpath;"/>
-        </para>
-      </listitem>
-      <listitem>
-        <para>Mozilla Beta:
-        <ulink url="&certhost;releases/mozilla-beta/raw-file/default/security/nss&certpath;"/>
-        </para>
-      </listitem>
-      <listitem>
-        <para>Mozilla Aurora:
-        <ulink url="&certhost;releases/mozilla-aurora/raw-file/default/security/nss&certpath;"/>
-        </para>
-      </listitem>
-    </itemizedlist>
+    Mercurial revision. This will be the correct version for most systems.
+    There are several other variants of the file available for use that might
+    be preferred for one reason or another, including the files shipped with
+    Mozilla products in this book. RedHat and OpenSUSE, for instance, use the
+    version included in <xref linkend="nss"/>. Additional upstream downloads
+    are available at the links included in
+    <filename>/etc/make-ca.conf.dist</filename>. Simply copy the file to
+    <filename>/etc/make-ca.conf</filename> and edit as appropriate.</para>
+
+    <indexterm zone="make-ca make-ca-config">
+      <primary sortas="e-etc-make-ca-conf">/etc/make-ca.conf</primary>
+    </indexterm>
 
   </sect2>
@@ -214 +205 @@
     <segmentedlist>
       <segtitle>Installed Programs</segtitle>
-      <segtitle>Installed Libraries</segtitle>
       <segtitle>Installed Directories</segtitle>
 
       <seglistitem>
         <seg>make-ca</seg>
-        <seg>None</seg>
         <seg>/etc/ssl/{certs,java,local} and /etc/pki/{nssdb,anchors}</seg>
       </seglistitem>