Changeset ac38e9dc for postlfs/security/cacerts.xml
- Timestamp:
- 08/01/2015 04:26:22 AM (9 years ago)
- Branches:
- systemd-13485
- Children:
- ad6910d
- Parents:
- 4a83293
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/cacerts.xml
r4a83293 rac38e9dc 8 8 <!ENTITY certdir "/mozilla/source/security/nss/lib/ckfw/builtins"> 9 9 <!ENTITY ca-bundle-download "&sources-anduin-other-http;/certdata.txt"> 10 <!ENTITY ca-bundle-size "1. 2MB">11 <!ENTITY cacerts-buildsize " 1.2MB">12 <!ENTITY cacerts-time " less than0.1 SBU">10 <!ENTITY ca-bundle-size "1.6 MB"> 11 <!ENTITY cacerts-buildsize "6 MB"> 12 <!ENTITY cacerts-time "0.1 SBU"> 13 13 ]> 14 14 … … 31 31 <application>openssl</application>.</para> 32 32 33 &lfs7 6_checked;33 &lfs77_checked; 34 34 35 35 <indexterm zone="cacerts"> … … 46 46 </listitem> 47 47 <listitem> 48 <para>CA Bundle size: &ca-bundle-size;</para>48 <para>CA Certificate size: &ca-bundle-size;</para> 49 49 </listitem> 50 50 <listitem> … … 66 66 67 67 <bridgehead renderas="sect4">Required</bridgehead> 68 <para role="required"><xref linkend="openssl"/></para> 68 <para role="required"> 69 <xref linkend="openssl"/> 70 </para> 69 71 70 72 <bridgehead renderas="sect4">Recommended</bridgehead> 71 <para role="recommended"><xref linkend="wget"/></para> 73 <para role="recommended"> 74 <xref linkend="wget"/> 75 </para> 72 76 73 77 <para condition="html" role="usernotes">User Notes: 74 <ulink url= '&blfs-wiki;/cacerts'/></para>78 <ulink url="&blfs-wiki;/cacerts"/></para> 75 79 </sect2> 76 80 … … 86 90 87 91 # Used to generate PEM encoded files from Mozilla certdata.txt. 88 # Run as ./m kcrt.pl > certificate.crt92 # Run as ./make-cert.pl > certificate.crt 89 93 # 90 94 # Parts of this script courtesy of RedHat (mkcabundle.pl) … … 179 183 mkdir "${TEMPDIR}/certs" 180 184 181 # Get a list of star ing lines for each cert185 # Get a list of starting lines for each cert 182 186 CERTBEGINLIST=$(grep -n "^# Certificate" "${certdata}" | cut -d ":" -f1) 183 187 … … 197 201 done 198 202 199 unset CERTBEGINLIST CERTDATA CERTENDLIST cert ebegin certend203 unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend 200 204 201 205 mkdir -p certs … … 246 250 class="username">root</systemitem> user:</para> 247 251 248 <screen role="root"><userinput>cat > /usr/ bin/remove-expired-certs.sh << "EOF"252 <screen role="root"><userinput>cat > /usr/sbin/remove-expired-certs.sh << "EOF" 249 253 <literal>#!/bin/sh 250 # Begin /usr/ bin/remove-expired-certs.sh254 # Begin /usr/sbin/remove-expired-certs.sh 251 255 # 252 256 # Version 20120211 … … 302 306 EOF 303 307 304 chmod +x /usr/bin/remove-expired-certs.sh</userinput></screen>308 chmod u+x /usr/sbin/remove-expired-certs.sh</userinput></screen> 305 309 306 310 <para>The following commands will fetch the certificates and convert them to … … 314 318 wget $URL && 315 319 make-ca.sh && 316 remove-expired-certs.sh certs</userinput></screen>320 unset URL</userinput></screen> 317 321 318 322 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 319 323 320 324 <screen role="root"><userinput>SSLDIR=/etc/ssl && 325 remove-expired-certs.sh certs && 321 326 install -d ${SSLDIR}/certs && 322 327 cp -v certs/*.pem ${SSLDIR}/certs && … … 382 387 <term><command>remove-expired-certs.sh</command></term> 383 388 <listitem> 384 <para>is a utility <application>perl</application>script that389 <para>is a utility shell script that 385 390 removes expired certificates from a directory. The default 386 391 directory is <filename class='directory'>/etc/ssl/certs</filename>.</para>
Note:
See TracChangeset
for help on using the changeset viewer.