Changeset 5c3f3856 for postlfs/security/make-ca.xml
- Timestamp:
- 12/02/2018 02:50:58 AM (5 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 03b278dc
- Parents:
- 49cbcfe
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/make-ca.xml
r49cbcfe r5c3f3856 10 10 <!ENTITY make-ca-time "0.1 SBU (with all runtime deps)"> 11 11 12 <!ENTITY make-ca-download "https://github.com/djlucas/make-ca/ archive/v&make-ca-version;/make-ca-&make-ca-version;.tar.gz">13 <!ENTITY make-ca-size " 36KB">14 <!ENTITY make-ca-md5sum " 0eeaf712eedeae4fa55d8bfa37f4ca32">12 <!ENTITY make-ca-download "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz"> 13 <!ENTITY make-ca-size "28 KB"> 14 <!ENTITY make-ca-md5sum "b038d38233f970aad60c29dfc0502021"> 15 15 ]> 16 16 … … 145 145 As the <systemitem class="username">root</systemitem> user:</para> 146 146 147 <screen role="root"><userinput>make install && 148 mkdir -pv /etc/pki/tls/certs && 149 ln -svf /etc/ssl/ca-bundle.crt \ 150 /etc/pki/tls/certs/ca-bundle.crt</userinput></screen> 147 <screen role="root"><userinput>make install</userinput></screen> 151 148 152 149 <para>As the <systemitem class="username">root</systemitem> user, after … … 164 161 <screen role="root"><userinput>/usr/sbin/make-ca -g</userinput></screen> 165 162 163 <!-- Remove at 8.5 or 9.0 --> 164 <para>Previous version of BLFS used the path 165 <filename>/etc/ssl/ca-bundle.crt</filename> for the 166 <xref linkend="gnutls"/> certificate store. If software is still installed 167 that references this file, create a compatibilty symlink for the old 168 location as the <systemitem class="username">root</systemitem> user:</para> 169 170 <screen role="nodump"><userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt \ 171 /etc/ssl/ca-bundle.crt</userinput></screen> 172 166 173 <para>You should periodically update the store with the above command 167 174 either manually, or via a <phrase revision="sysv">cron job.</phrase> … … 170 177 will check for updates weekly.</phrase></para> 171 178 172 <para>The default <filename>certdata.txt</filename> file provided by make-ca 179 </sect2> 180 181 <sect2 role="configuration" id="make-ca-config"> 182 <title>Configuring make-ca</title> 183 184 <para>Genearally, no configuration is necessary on an LFS system, however, 185 the default <filename>certdata.txt</filename> file provided by make-ca 173 186 is obtained from the mozilla-release branch, and is modified to provide a 174 Mercurial revision. This will be the correct version for most 175 systems. There are, however, several other variants of the file available 176 for use that might be preferred for one reason or another, including the 177 files shipped with Mozilla products in this book. RedHat and OpenSUSE, 178 for instance, use the version included in <xref linkend="nss"/>. Additional 179 upstream downloads are available at the links below.</para> 180 181 <itemizedlist spacing="compact"> 182 <listitem> 183 <para>Mozilla Release (the version provided by BLFS): 184 <ulink url="&certhost;releases/mozilla-release/raw-file/default/security/nss&certpath;"/> 185 </para> 186 </listitem> 187 <listitem> 188 <para>NSS (this is the latest available version): 189 <ulink url="&certhost;projects/nss/raw-file/tip&certpath;"/> 190 </para> 191 </listitem> 192 <listitem> 193 <para>Mozilla Central: 194 <ulink url="&certhost;mozilla-central/raw-file/default/security/nss&certpath;"/> 195 </para> 196 </listitem> 197 <listitem> 198 <para>Mozilla Beta: 199 <ulink url="&certhost;releases/mozilla-beta/raw-file/default/security/nss&certpath;"/> 200 </para> 201 </listitem> 202 <listitem> 203 <para>Mozilla Aurora: 204 <ulink url="&certhost;releases/mozilla-aurora/raw-file/default/security/nss&certpath;"/> 205 </para> 206 </listitem> 207 </itemizedlist> 187 Mercurial revision. This will be the correct version for most systems. 188 There are several other variants of the file available for use that might 189 be preferred for one reason or another, including the files shipped with 190 Mozilla products in this book. RedHat and OpenSUSE, for instance, use the 191 version included in <xref linkend="nss"/>. Additional upstream downloads 192 are available at the links included in 193 <filename>/etc/make-ca.conf.dist</filename>. Simply copy the file to 194 <filename>/etc/make-ca.conf</filename> and edit as appropriate.</para> 195 196 <indexterm zone="make-ca make-ca-config"> 197 <primary sortas="e-etc-make-ca-conf">/etc/make-ca.conf</primary> 198 </indexterm> 208 199 209 200 </sect2> … … 214 205 <segmentedlist> 215 206 <segtitle>Installed Programs</segtitle> 216 <segtitle>Installed Libraries</segtitle>217 207 <segtitle>Installed Directories</segtitle> 218 208 219 209 <seglistitem> 220 210 <seg>make-ca</seg> 221 <seg>None</seg>222 211 <seg>/etc/ssl/{certs,java,local} and /etc/pki/{nssdb,anchors}</seg> 223 212 </seglistitem>
Note:
See TracChangeset
for help on using the changeset viewer.