Changeset ac38e9dc for postlfs/security/cacerts.xml

Timestamp:

08/01/2015 04:26:22 AM (9 years ago)

Author:

Douglas R. Reno <renodr@…>

Branches:

systemd-13485

Children:

ad6910d

Parents:

4a83293

Message:

Import back into SVN from Github

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@16309 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/cacerts.xml (modified) (11 diffs)

postlfs/security/cacerts.xml

@@ -8 +8 @@
   <!ENTITY certdir               "/mozilla/source/security/nss/lib/ckfw/builtins">
   <!ENTITY ca-bundle-download    "&sources-anduin-other-http;/certdata.txt">
-  <!ENTITY ca-bundle-size        "1.2 MB">
-  <!ENTITY cacerts-buildsize     "1.2 MB">
-  <!ENTITY cacerts-time          "less than 0.1 SBU">
+  <!ENTITY ca-bundle-size        "1.6 MB">
+  <!ENTITY cacerts-buildsize     "6 MB">
+  <!ENTITY cacerts-time          "0.1 SBU">
 ]>
 
@@ -31 +31 @@
   <application>openssl</application>.</para>
 
-  &lfs76_checked;
+  &lfs77_checked;
 
   <indexterm zone="cacerts">
@@ -46 +46 @@
       </listitem>
       <listitem>
-        <para>CA Bundle size: &ca-bundle-size;</para>
+        <para>CA Certificate size: &ca-bundle-size;</para>
       </listitem>
       <listitem>
@@ -66 +66 @@
 
     <bridgehead renderas="sect4">Required</bridgehead>
-    <para role="required"><xref linkend="openssl"/></para>
+    <para role="required">
+      <xref linkend="openssl"/>
+    </para>
 
     <bridgehead renderas="sect4">Recommended</bridgehead>
-    <para role="recommended"><xref linkend="wget"/></para>
+    <para role="recommended">
+      <xref linkend="wget"/>
+    </para>
 
     <para condition="html" role="usernotes">User Notes:
-    <ulink url='&blfs-wiki;/cacerts'/></para>
+    <ulink url="&blfs-wiki;/cacerts"/></para>
   </sect2>
 
@@ -86 +90 @@
 
 # Used to generate PEM encoded files from Mozilla certdata.txt.
-# Run as ./mkcrt.pl > certificate.crt
+# Run as ./make-cert.pl > certificate.crt
 #
 # Parts of this script courtesy of RedHat (mkcabundle.pl)
@@ -179 +183 @@
 mkdir "${TEMPDIR}/certs"
 
-# Get a list of staring lines for each cert
+# Get a list of starting lines for each cert
 CERTBEGINLIST=$(grep -n "^# Certificate" "${certdata}" | cut -d ":" -f1)
 
@@ -197 +201 @@
 done
 
-unset CERTBEGINLIST CERTDATA CERTENDLIST certebegin certend
+unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend
 
 mkdir -p certs
@@ -246 +250 @@
    class="username">root</systemitem> user:</para>
 
-<screen role="root"><userinput>cat > /usr/bin/remove-expired-certs.sh &lt;&lt; "EOF"
+<screen role="root"><userinput>cat > /usr/sbin/remove-expired-certs.sh &lt;&lt; "EOF"
 <literal>#!/bin/sh
-# Begin /usr/bin/remove-expired-certs.sh
+# Begin /usr/sbin/remove-expired-certs.sh
 #
 # Version 20120211
@@ -302 +306 @@
 EOF
 
-chmod +x /usr/bin/remove-expired-certs.sh</userinput></screen>
+chmod u+x /usr/sbin/remove-expired-certs.sh</userinput></screen>
 
    <para>The following commands will fetch the certificates and convert them to
@@ -314 +318 @@
 wget $URL          &amp;&amp;
 make-ca.sh         &amp;&amp;
-remove-expired-certs.sh certs</userinput></screen>
+unset URL</userinput></screen>
 
    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>SSLDIR=/etc/ssl                                              &amp;&amp;
+remove-expired-certs.sh certs                                &amp;&amp;
 install -d ${SSLDIR}/certs                                   &amp;&amp;
 cp -v certs/*.pem ${SSLDIR}/certs                            &amp;&amp;
@@ -382 +387 @@
         <term><command>remove-expired-certs.sh</command></term>
         <listitem>
-          <para>is a utility <application>perl</application> script that
+          <para>is a utility shell script that
           removes expired certificates from a directory.  The default
           directory is <filename class='directory'>/etc/ssl/certs</filename>.</para>