Changeset a1b18af2 for postlfs/security
- Timestamp:
- 08/12/2014 11:57:07 AM (10 years ago)
- Branches:
- 7.6-blfs, 7.6-systemd, kde5-14269, kde5-14686, systemd-13485
- Children:
- 87222ab
- Parents:
- 55b442a7
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/cacerts.xml
r55b442a7 ra1b18af2 82 82 class="username">root</systemitem> user:</para> 83 83 84 <screen role="root"><userinput>cat > / bin/make-cert.pl << "EOF"84 <screen role="root"><userinput>cat > /usr/bin/make-cert.pl << "EOF" 85 85 <literal>#!/usr/bin/perl -w 86 86 … … 134 134 EOF 135 135 136 chmod +x / bin/make-cert.pl</userinput></screen>136 chmod +x /usr/bin/make-cert.pl</userinput></screen> 137 137 138 138 <para>The following script creates the certificates and a bundle of all the … … 142 142 user:</para> 143 143 144 <screen role="root"><userinput>cat > / bin/make-ca.sh << "EOF"144 <screen role="root"><userinput>cat > /usr/bin/make-ca.sh << "EOF" 145 145 <literal>#!/bin/sh 146 146 # Begin make-ca.sh … … 174 174 TRUSTATTRIBUTES="CKA_TRUST_SERVER_AUTH" 175 175 BUNDLE="BLFS-ca-bundle-${VERSION}.crt" 176 CONVERTSCRIPT="/ bin/make-cert.pl"176 CONVERTSCRIPT="/usr/bin/make-cert.pl" 177 177 SSLDIR="/etc/ssl" 178 178 … … 240 240 EOF 241 241 242 chmod +x / bin/make-ca.sh</userinput></screen>242 chmod +x /usr/bin/make-ca.sh</userinput></screen> 243 243 244 244 <para>Add a short script to remove expired certificates from a directory. … … 246 246 class="username">root</systemitem> user:</para> 247 247 248 <screen role="root"><userinput>cat > / bin/remove-expired-certs.sh << "EOF"248 <screen role="root"><userinput>cat > /usr/bin/remove-expired-certs.sh << "EOF" 249 249 <literal>#!/bin/sh 250 # Begin / bin/remove-expired-certs.sh250 # Begin /usr/bin/remove-expired-certs.sh 251 251 # 252 252 # Version 20120211 … … 302 302 EOF 303 303 304 chmod +x / bin/remove-expired-certs.sh</userinput></screen>304 chmod +x /usr/bin/remove-expired-certs.sh</userinput></screen> 305 305 306 306 <para>The following commands will fetch the certificates and convert them to … … 310 310 necessary to update the CA Certificates.</para> 311 311 312 <screen><userinput>certhost='http://mxr.mozilla.org' && 313 certdir='/mozilla/source/security/nss/lib/ckfw/builtins' && 314 url="$certhost$certdir/certdata.txt?raw=1" && 315 316 wget --output-document certdata.txt $url && 317 unset certhost certdir url && 318 make-ca.sh && 312 <screen><userinput>URL=&sources-anduin-other-http;/certdata.txt && 313 rm -f certdata.txt && 314 wget $URL && 315 make-ca.sh && 319 316 remove-expired-certs.sh certs</userinput></screen> 320 317 321 318 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 322 319 323 <screen role="root"><userinput>SSLDIR=/etc/ssl &&324 install -d ${SSLDIR}/certs &&325 cp -v certs/*.pem ${SSLDIR}/certs &&326 c_rehash &&327 install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt &&328 ln -s v ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt &&320 <screen role="root"><userinput>SSLDIR=/etc/ssl && 321 install -d ${SSLDIR}/certs && 322 cp -v certs/*.pem ${SSLDIR}/certs && 323 c_rehash && 324 install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt && 325 ln -sfv ../ca-bundle.crt ${SSLDIR}/certs/ca-certificates.crt && 329 326 unset SSLDIR</userinput></screen> 330 327
Note:
See TracChangeset
for help on using the changeset viewer.