Changeset c1cd435e
- Timestamp:
- 09/06/2018 12:36:36 AM (6 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 11759d2
- Parents:
- 4d7d99d
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
general.ent
r4d7d99d rc1cd435e 1 1 <!-- $LastChangedBy$ $Date$ --> 2 2 3 <!ENTITY day "0 5"> <!-- Always 2 digits -->3 <!ENTITY day "06"> <!-- Always 2 digits --> 4 4 <!ENTITY month "09"> <!-- Always 2 digits --> 5 5 <!ENTITY year "2018"> … … 7 7 <!ENTITY copyholder "The BLFS Development Team"> 8 8 <!ENTITY version "&year;-&month;-&day;"> 9 <!ENTITY releasedate "September 5th, &year;">9 <!ENTITY releasedate "September 6th, &year;"> 10 10 <!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP --> 11 11 <!ENTITY blfs-version "svn"> <!-- svn|[release #] --> -
general/prog/ojdk-conf.xml
r4d7d99d rc1cd435e 89 89 <envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by 90 90 default. In order to keep all the certificates in one place, we use 91 <filename>/etc/ssl/java/cacerts .jks</filename>. That file should be91 <filename>/etc/ssl/java/cacerts</filename>. That file should be 92 92 generated using the system PKI trust store. The instructions 93 93 on the <xref linkend="make-ca"/> page should be used to update the file … … 98 98 99 99 <screen role="root"><userinput>/usr/sbin/make-ca -g --force && 100 ln -sfv /etc/ssl/java/cacerts .jks/opt/jdk/lib/security/cacerts</userinput></screen>100 ln -sfv /etc/ssl/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen> 101 101 102 102 <para> -
general/prog/openjdk.xml
r4d7d99d rc1cd435e 241 241 --with-version-pre="" \ 242 242 --with-version-opt="" \ 243 --with-cacerts-file=/etc/ssl/java/cacerts .jks&&243 --with-cacerts-file=/etc/ssl/java/cacerts && 244 244 make images</userinput></screen> 245 245 … … 394 394 395 395 <para> 396 <parameter>--with-cacerts-file=/etc/ssl/java/cacerts .jks</parameter>:396 <parameter>--with-cacerts-file=/etc/ssl/java/cacerts</parameter>: 397 397 Specifies where to find a <filename>cacerts</filename> file, 398 398 <filename>/etc/ssl/java/</filename> on a BLFS system. Otherwise, an empty … … 444 444 445 445 <para> 446 If you have run the instructions for <xref linkend="ojdk-certs"/>,447 you only need to create a symlink in the default location for 448 those certificates. As user <systemitem446 If you have run the instructions on the <xref linkend="make-ca"/> page, 447 you only need to create a symlink in the default location for the 448 <filename>cacerts</filename> file. As user <systemitem 449 449 class="username">root</systemitem>: 450 450 </para> 451 451 452 <screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts .jks/opt/jdk/lib/security/cacerts</userinput></screen>452 <screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen> 453 453 454 454 <para> 455 To check the installatiion, as when <xref linkend="ojdk-certs"/>,issue:455 To check the installatiion, issue: 456 456 </para> 457 457 -
introduction/welcome/changelog.xml
r4d7d99d rc1cd435e 43 43 --> 44 44 <listitem> 45 <para>September 6th, 2018</para> 46 <itemizedlist> 47 <listitem> 48 <para>[dj] - Update to make-ca-0.9. Fixes 49 <ulink url="&blfs-ticket-root;11114">#11114</ulink>.</para> 50 </listitem> 51 </itemizedlist> 52 </listitem> 53 54 <listitem> 45 55 <para>September 5th, 2018</para> 46 56 <itemizedlist> -
packages.ent
r4d7d99d rc1cd435e 25 25 <!ENTITY linux-pam-docs-version "1.2.0"> 26 26 <!ENTITY libpwquality-version "1.4.0"> 27 <!ENTITY make-ca-version "0. 8">27 <!ENTITY make-ca-version "0.9"> 28 28 <!ENTITY mitkrb-major-version "1.16"> 29 29 <!ENTITY mitkrb-version "1.16.1"> -
postlfs/security/make-ca.xml
r4d7d99d rc1cd435e 8 8 <!ENTITY certpath "/lib/ckfw/builtins/certdata.txt"> 9 9 <!ENTITY make-ca-buildsize "6.6 MB (with all runtime deps)"> 10 <!ENTITY make-ca-time "0. 3SBU (with all runtime deps)">10 <!ENTITY make-ca-time "0.1 SBU (with all runtime deps)"> 11 11 12 12 <!ENTITY make-ca-download "https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-ca-version;.tar.gz"> 13 13 <!ENTITY make-ca-size "36 KB"> 14 <!ENTITY make-ca-md5sum " 1f0176c4fa89274971b2826a97f303f7">14 <!ENTITY make-ca-md5sum "0eeaf712eedeae4fa55d8bfa37f4ca32"> 15 15 ]> 16 16 … … 75 75 76 76 <bridgehead renderas="sect3">make-ca Dependencies</bridgehead> 77 <!-- 78 <bridgehead renderas="sect4">Required</bridgehead> 79 <para role="required"><xref linkend="openssl"/></para> 80 --> 77 78 <bridgehead renderas="sect4">Recommended</bridgehead> 79 <para role="recommended"><xref linkend="p11-kit"/> (required at runtime to 80 generate certificate stores from trust anchors)</para> 81 81 82 <bridgehead renderas="sect4">Optional (runtime)</bridgehead> 82 83 <para role="optional"> 83 84 <xref role="runtime" linkend="java"/> or 84 <xref role="runtime" linkend="openjdk"/> ,85 <xref role="runtime" linkend="nss"/>, and86 <xref role="runtime" linkend="p11-kit"/>85 <xref role="runtime" linkend="openjdk"/> (to generate a java PKCS#12 86 store), and <xref role="runtime" linkend="nss"/> (to generate a shared 87 NSSDB) 87 88 </para> 88 89 … … 96 97 <para>The <application>make-ca</application> script will download and 97 98 process the certificates included in the <filename>certdata.txt</filename> 98 file for use in multiple certificate stores (if the associated applications 99 are present on the system). Additionally, any local certificates stored in 100 <filename>/etc/ssl/local</filename> will be imported to the certificate 101 stores. Certificates in this directory should be stored as PEM encoded 99 file for use as trust anchors for the <xref linkend="p11-kit"/> trust 100 module. Additionally, it will generate system certificate stores used by 101 BLFS applications (if the recommended and optional applications are present 102 on the system). Any local certificates stored in 103 <filename>/etc/ssl/local</filename> will be imported to both the trust 104 anchors and the generated certificate stores (overriding Mozilla's trust). 105 Certificates in this directory should be stored as PEM encoded 102 106 <application>OpenSSL</application> trusted certificates.</para> 103 107 … … 141 145 <screen role="root"><userinput>make install</userinput></screen> 142 146 143 <para>As the <systemitem class="username">root</systemitem> user, download 144 and update the certificate stores with the following command:</para> 147 <para>As the <systemitem class="username">root</systemitem> user, after 148 installing <xref linkend="p11-kit"/>, download the certificate source and 149 prepare for system use with the following command:</para> 145 150 146 151 <note> 147 152 <para>If running the script a second time with the same version of 148 153 <filename>certdata.txt</filename>, for instance, to add additional stores 149 as the requisite software is installed, add the <parameter>- f</parameter>154 as the requisite software is installed, add the <parameter>-r</parameter> 150 155 switch to the command line. If packaging, run <command>make-ca 151 156 --help</command> to see all available command line options.</para> … … 224 229 <para>is a shell script that adapts a current version of 225 230 <filename>certdata.txt</filename>, and prepares it for use 226 as the system certificatestore.</para>231 as the system trust store.</para> 227 232 <indexterm zone="make-ca make-ca"> 228 233 <primary sortas="b-make-ca">make-ca</primary> -
postlfs/security/p11-kit.xml
r4d7d99d rc1cd435e 75 75 <bridgehead renderas="sect4">Recommended</bridgehead> 76 76 <para role="recommended"> 77 <xref linkend="make-ca"/> and78 77 <xref linkend="libtasn1"/> 79 78 </para> … … 81 80 <bridgehead renderas="sect4">Optional</bridgehead> 82 81 <para role="optional"> 83 <xref linkend="nss"/>, 82 <xref linkend="make-ca"/> (runtime), 83 <xref linkend="nss"/> (runtime), 84 84 <xref linkend="gtk-doc"/> and 85 85 <xref linkend="libxslt"/>
Note:
See TracChangeset
for help on using the changeset viewer.