- Timestamp:
- 09/06/2018 12:36:36 AM (6 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 11759d2
- Parents:
- 4d7d99d
- Location:
- postlfs/security
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/make-ca.xml
r4d7d99d rc1cd435e 8 8 <!ENTITY certpath "/lib/ckfw/builtins/certdata.txt"> 9 9 <!ENTITY make-ca-buildsize "6.6 MB (with all runtime deps)"> 10 <!ENTITY make-ca-time "0. 3SBU (with all runtime deps)">10 <!ENTITY make-ca-time "0.1 SBU (with all runtime deps)"> 11 11 12 12 <!ENTITY make-ca-download "https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-ca-version;.tar.gz"> 13 13 <!ENTITY make-ca-size "36 KB"> 14 <!ENTITY make-ca-md5sum " 1f0176c4fa89274971b2826a97f303f7">14 <!ENTITY make-ca-md5sum "0eeaf712eedeae4fa55d8bfa37f4ca32"> 15 15 ]> 16 16 … … 75 75 76 76 <bridgehead renderas="sect3">make-ca Dependencies</bridgehead> 77 <!-- 78 <bridgehead renderas="sect4">Required</bridgehead> 79 <para role="required"><xref linkend="openssl"/></para> 80 --> 77 78 <bridgehead renderas="sect4">Recommended</bridgehead> 79 <para role="recommended"><xref linkend="p11-kit"/> (required at runtime to 80 generate certificate stores from trust anchors)</para> 81 81 82 <bridgehead renderas="sect4">Optional (runtime)</bridgehead> 82 83 <para role="optional"> 83 84 <xref role="runtime" linkend="java"/> or 84 <xref role="runtime" linkend="openjdk"/> ,85 <xref role="runtime" linkend="nss"/>, and86 <xref role="runtime" linkend="p11-kit"/>85 <xref role="runtime" linkend="openjdk"/> (to generate a java PKCS#12 86 store), and <xref role="runtime" linkend="nss"/> (to generate a shared 87 NSSDB) 87 88 </para> 88 89 … … 96 97 <para>The <application>make-ca</application> script will download and 97 98 process the certificates included in the <filename>certdata.txt</filename> 98 file for use in multiple certificate stores (if the associated applications 99 are present on the system). Additionally, any local certificates stored in 100 <filename>/etc/ssl/local</filename> will be imported to the certificate 101 stores. Certificates in this directory should be stored as PEM encoded 99 file for use as trust anchors for the <xref linkend="p11-kit"/> trust 100 module. Additionally, it will generate system certificate stores used by 101 BLFS applications (if the recommended and optional applications are present 102 on the system). Any local certificates stored in 103 <filename>/etc/ssl/local</filename> will be imported to both the trust 104 anchors and the generated certificate stores (overriding Mozilla's trust). 105 Certificates in this directory should be stored as PEM encoded 102 106 <application>OpenSSL</application> trusted certificates.</para> 103 107 … … 141 145 <screen role="root"><userinput>make install</userinput></screen> 142 146 143 <para>As the <systemitem class="username">root</systemitem> user, download 144 and update the certificate stores with the following command:</para> 147 <para>As the <systemitem class="username">root</systemitem> user, after 148 installing <xref linkend="p11-kit"/>, download the certificate source and 149 prepare for system use with the following command:</para> 145 150 146 151 <note> 147 152 <para>If running the script a second time with the same version of 148 153 <filename>certdata.txt</filename>, for instance, to add additional stores 149 as the requisite software is installed, add the <parameter>- f</parameter>154 as the requisite software is installed, add the <parameter>-r</parameter> 150 155 switch to the command line. If packaging, run <command>make-ca 151 156 --help</command> to see all available command line options.</para> … … 224 229 <para>is a shell script that adapts a current version of 225 230 <filename>certdata.txt</filename>, and prepares it for use 226 as the system certificatestore.</para>231 as the system trust store.</para> 227 232 <indexterm zone="make-ca make-ca"> 228 233 <primary sortas="b-make-ca">make-ca</primary> -
postlfs/security/p11-kit.xml
r4d7d99d rc1cd435e 75 75 <bridgehead renderas="sect4">Recommended</bridgehead> 76 76 <para role="recommended"> 77 <xref linkend="make-ca"/> and78 77 <xref linkend="libtasn1"/> 79 78 </para> … … 81 80 <bridgehead renderas="sect4">Optional</bridgehead> 82 81 <para role="optional"> 83 <xref linkend="nss"/>, 82 <xref linkend="make-ca"/> (runtime), 83 <xref linkend="nss"/> (runtime), 84 84 <xref linkend="gtk-doc"/> and 85 85 <xref linkend="libxslt"/>
Note:
See TracChangeset
for help on using the changeset viewer.