Changeset c1cd435e

Timestamp:

09/06/2018 12:36:36 AM (6 years ago)

Author:

DJ Lucas <dj@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

11759d2

Parents:

4d7d99d

Message:

Update to make-ca-0.9. Fixes #11114.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20462 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general.ent (modified) (2 diffs)
• general/prog/ojdk-conf.xml (modified) (2 diffs)
• general/prog/openjdk.xml (modified) (3 diffs)
• introduction/welcome/changelog.xml (modified) (1 diff)
• packages.ent (modified) (1 diff)
• postlfs/security/make-ca.xml (modified) (5 diffs)
• postlfs/security/p11-kit.xml (modified) (2 diffs)

general.ent

@@ -1 +1 @@
 <!-- $LastChangedBy$ $Date$ -->
 
-<!ENTITY day          "05">                   <!-- Always 2 digits -->
+<!ENTITY day          "06">                   <!-- Always 2 digits -->
 <!ENTITY month        "09">                   <!-- Always 2 digits -->
 <!ENTITY year         "2018">
@@ -7 +7 @@
 <!ENTITY copyholder   "The BLFS Development Team">
 <!ENTITY version      "&year;-&month;-&day;">
-<!ENTITY releasedate  "September 5th, &year;">
+<!ENTITY releasedate  "September 6th, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->

general/prog/ojdk-conf.xml

@@ -89 +89 @@
       <envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by
       default. In order to keep all the certificates in one place, we use
-      <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be
+      <filename>/etc/ssl/java/cacerts</filename>. That file should be
       generated using the system PKI trust store. The instructions
       on the <xref linkend="make-ca"/> page should be used to update the file
@@ -98 +98 @@
 
 <screen role="root"><userinput>/usr/sbin/make-ca -g --force &amp;&amp;
-ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen>
+ln -sfv /etc/ssl/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen>
 
     <para>

general/prog/openjdk.xml

@@ -241 +241 @@
                --with-version-pre=""        \
                --with-version-opt=""        \
-               --with-cacerts-file=/etc/ssl/java/cacerts.jks &&
+               --with-cacerts-file=/etc/ssl/java/cacerts &&
 make images</userinput></screen>
 
@@ -394 +394 @@
 
     <para>
-      <parameter>--with-cacerts-file=/etc/ssl/java/cacerts.jks</parameter>:
+      <parameter>--with-cacerts-file=/etc/ssl/java/cacerts</parameter>:
       Specifies where to find a <filename>cacerts</filename> file,
       <filename>/etc/ssl/java/</filename> on a BLFS system. Otherwise, an empty
@@ -444 +444 @@
 
       <para>
-        If you have run the instructions for <xref linkend="ojdk-certs"/>,
-        you only need to create a symlink in the default location for
-        those certificates. As user <systemitem
+        If you have run the instructions on the <xref linkend="make-ca"/> page,
+        you only need to create a symlink in the default location for the
+        <filename>cacerts</filename> file. As user <systemitem
         class="username">root</systemitem>:
       </para>
 
-<screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen>
+<screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen>
 
       <para>
-        To check the installatiion, as when <xref linkend="ojdk-certs"/>, issue:
+        To check the installatiion, issue:
       </para>
 

introduction/welcome/changelog.xml

@@ -43 +43 @@
 -->
     <listitem>
+      <para>September 6th, 2018</para>
+      <itemizedlist>
+        <listitem>
+          <para>[dj] - Update to make-ca-0.9. Fixes
+          <ulink url="&blfs-ticket-root;11114">#11114</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>September 5th, 2018</para>
       <itemizedlist>

packages.ent

@@ -25 +25 @@
 <!ENTITY linux-pam-docs-version       "1.2.0">
 <!ENTITY libpwquality-version         "1.4.0">
-<!ENTITY make-ca-version              "0.8">
+<!ENTITY make-ca-version              "0.9">
 <!ENTITY mitkrb-major-version         "1.16">
 <!ENTITY mitkrb-version               "1.16.1">

postlfs/security/make-ca.xml

@@ -8 +8 @@
   <!ENTITY certpath              "/lib/ckfw/builtins/certdata.txt">
   <!ENTITY make-ca-buildsize     "6.6 MB (with all runtime deps)">
-  <!ENTITY make-ca-time          "0.3 SBU (with all runtime deps)">
+  <!ENTITY make-ca-time          "0.1 SBU (with all runtime deps)">
 
   <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-ca-version;.tar.gz">
   <!ENTITY make-ca-size          "36 KB">
-  <!ENTITY make-ca-md5sum        "1f0176c4fa89274971b2826a97f303f7">
+  <!ENTITY make-ca-md5sum        "0eeaf712eedeae4fa55d8bfa37f4ca32">
 ]>
 
@@ -75 +75 @@
 
     <bridgehead renderas="sect3">make-ca Dependencies</bridgehead>
-<!--
-    <bridgehead renderas="sect4">Required</bridgehead>
-    <para role="required"><xref linkend="openssl"/></para>
--->
+
+    <bridgehead renderas="sect4">Recommended</bridgehead>
+    <para role="recommended"><xref linkend="p11-kit"/> (required at runtime to
+    generate certificate stores from trust anchors)</para>
+
    <bridgehead renderas="sect4">Optional (runtime)</bridgehead>
     <para role="optional">
       <xref role="runtime" linkend="java"/> or
-      <xref role="runtime" linkend="openjdk"/>,
-      <xref role="runtime" linkend="nss"/>, and
-      <xref role="runtime" linkend="p11-kit"/>
+      <xref role="runtime" linkend="openjdk"/> (to generate a java PKCS#12
+      store), and <xref role="runtime" linkend="nss"/> (to generate a shared
+      NSSDB)
     </para>
 
@@ -96 +97 @@
     <para>The <application>make-ca</application> script will download and
     process the certificates included in the <filename>certdata.txt</filename>
-    file for use in multiple certificate stores (if the associated applications
-    are present on the system). Additionally, any local certificates stored in
-    <filename>/etc/ssl/local</filename> will be imported to the certificate
-    stores. Certificates in this directory should be stored as PEM encoded
+    file for use as trust anchors for the <xref linkend="p11-kit"/> trust
+    module. Additionally, it will generate system certificate stores used by
+    BLFS applications (if the recommended and optional applications are present
+    on the system). Any local certificates stored in
+    <filename>/etc/ssl/local</filename> will be imported to both the trust
+    anchors and the generated certificate stores (overriding Mozilla's trust).
+    Certificates in this directory should be stored as PEM encoded
     <application>OpenSSL</application> trusted certificates.</para>
 
@@ -141 +145 @@
 <screen role="root"><userinput>make install</userinput></screen>
 
-   <para>As the <systemitem class="username">root</systemitem> user, download
-   and update the certificate stores with the following command:</para>
+   <para>As the <systemitem class="username">root</systemitem> user, after
+   installing <xref linkend="p11-kit"/>, download the certificate source and
+   prepare for system use with the following command:</para>
 
     <note>
       <para>If running the script a second time with the same version of
       <filename>certdata.txt</filename>, for instance, to add additional stores
-      as the requisite software is installed, add the <parameter>-f</parameter>
+      as the requisite software is installed, add the <parameter>-r</parameter>
       switch to the command line. If packaging, run <command>make-ca
       --help</command> to see all available command line options.</para>
@@ -224 +229 @@
           <para>is a shell script that adapts a current version of
           <filename>certdata.txt</filename>, and prepares it for use
-          as the system certificate store.</para>
+          as the system trust store.</para>
           <indexterm zone="make-ca make-ca">
             <primary sortas="b-make-ca">make-ca</primary>

postlfs/security/p11-kit.xml

@@ -75 +75 @@
     <bridgehead renderas="sect4">Recommended</bridgehead>
     <para role="recommended">
-      <xref linkend="make-ca"/> and
       <xref linkend="libtasn1"/>
     </para>
@@ -81 +80 @@
     <bridgehead renderas="sect4">Optional</bridgehead>
     <para role="optional">
-      <xref linkend="nss"/>,
+      <xref linkend="make-ca"/> (runtime), 
+      <xref linkend="nss"/> (runtime),
       <xref linkend="gtk-doc"/> and
       <xref linkend="libxslt"/>