Changeset 5c3f3856 for postlfs/security/make-ca.xml

Timestamp:

12/02/2018 02:50:58 AM (5 years ago)

Author:

DJ Lucas <dj@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

03b278dc

Parents:

49cbcfe

Message:

Update to make-ca-1.0. Fixes #11401.
Use configuration from bash-completions package if it is installed. Added bash-completion-2.8 to ghe BLFS wiki and linked from profile page. Fixes #11399.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20770 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/make-ca.xml (modified) (5 diffs)

postlfs/security/make-ca.xml

@@ -10 +10 @@
   <!ENTITY make-ca-time          "0.1 SBU (with all runtime deps)">
 
-  <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-ca-version;.tar.gz">
-  <!ENTITY make-ca-size          "36 KB">
-  <!ENTITY make-ca-md5sum        "0eeaf712eedeae4fa55d8bfa37f4ca32">
+  <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz">
+  <!ENTITY make-ca-size          "28 KB">
+  <!ENTITY make-ca-md5sum        "b038d38233f970aad60c29dfc0502021">
 ]>
 
@@ -145 +145 @@
     As the <systemitem class="username">root</systemitem> user:</para>
 
-<screen role="root"><userinput>make install                             &amp;&amp;
-mkdir -pv /etc/pki/tls/certs             &amp;&amp;
-ln -svf /etc/ssl/ca-bundle.crt \
-        /etc/pki/tls/certs/ca-bundle.crt</userinput></screen>
+<screen role="root"><userinput>make install</userinput></screen>
 
    <para>As the <systemitem class="username">root</systemitem> user, after
@@ -164 +161 @@
 <screen role="root"><userinput>/usr/sbin/make-ca -g</userinput></screen>
 
+    <!-- Remove at 8.5 or 9.0 -->
+    <para>Previous version of BLFS used the path
+    <filename>/etc/ssl/ca-bundle.crt</filename> for the
+    <xref linkend="gnutls"/> certificate store. If software is still installed
+    that references this file, create a compatibilty symlink for the old
+    location as the <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="nodump"><userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt \
+        /etc/ssl/ca-bundle.crt</userinput></screen>
+
     <para>You should periodically update the store with the above command
     either manually, or via a <phrase revision="sysv">cron job.</phrase>
@@ -170 +177 @@
     will check for updates weekly.</phrase></para>
 
-    <para>The default <filename>certdata.txt</filename> file provided by make-ca
+  </sect2>
+
+  <sect2 role="configuration" id="make-ca-config">
+    <title>Configuring make-ca</title>
+
+    <para>Genearally, no configuration is necessary on an LFS system, however,
+    the default <filename>certdata.txt</filename> file provided by make-ca
     is obtained from the mozilla-release branch, and is modified to provide a
-    Mercurial revision. This will be the correct version for most
-    systems. There are, however, several other variants of the file available
-    for use that might be preferred for one reason or another, including the
-    files shipped with Mozilla products in this book. RedHat and OpenSUSE,
-    for instance, use the version included in <xref linkend="nss"/>. Additional
-    upstream downloads are available at the links below.</para>
-
-    <itemizedlist spacing="compact">
-      <listitem>
-        <para>Mozilla Release (the version provided by BLFS):
-        <ulink url="&certhost;releases/mozilla-release/raw-file/default/security/nss&certpath;"/>
-        </para>
-      </listitem>
-      <listitem>
-        <para>NSS (this is the latest available version):
-        <ulink url="&certhost;projects/nss/raw-file/tip&certpath;"/>
-        </para>
-      </listitem>
-      <listitem>
-        <para>Mozilla Central:
-        <ulink url="&certhost;mozilla-central/raw-file/default/security/nss&certpath;"/>
-        </para>
-      </listitem>
-      <listitem>
-        <para>Mozilla Beta:
-        <ulink url="&certhost;releases/mozilla-beta/raw-file/default/security/nss&certpath;"/>
-        </para>
-      </listitem>
-      <listitem>
-        <para>Mozilla Aurora:
-        <ulink url="&certhost;releases/mozilla-aurora/raw-file/default/security/nss&certpath;"/>
-        </para>
-      </listitem>
-    </itemizedlist>
+    Mercurial revision. This will be the correct version for most systems.
+    There are several other variants of the file available for use that might
+    be preferred for one reason or another, including the files shipped with
+    Mozilla products in this book. RedHat and OpenSUSE, for instance, use the
+    version included in <xref linkend="nss"/>. Additional upstream downloads
+    are available at the links included in
+    <filename>/etc/make-ca.conf.dist</filename>. Simply copy the file to
+    <filename>/etc/make-ca.conf</filename> and edit as appropriate.</para>
+
+    <indexterm zone="make-ca make-ca-config">
+      <primary sortas="e-etc-make-ca-conf">/etc/make-ca.conf</primary>
+    </indexterm>
 
   </sect2>
@@ -214 +205 @@
     <segmentedlist>
       <segtitle>Installed Programs</segtitle>
-      <segtitle>Installed Libraries</segtitle>
       <segtitle>Installed Directories</segtitle>
 
       <seglistitem>
         <seg>make-ca</seg>
-        <seg>None</seg>
         <seg>/etc/ssl/{certs,java,local} and /etc/pki/{nssdb,anchors}</seg>
       </seglistitem>