Ignore:
Timestamp:
09/06/2018 12:36:36 AM (6 years ago)
Author:
DJ Lucas <dj@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
11759d2
Parents:
4d7d99d
Message:

Update to make-ca-0.9. Fixes #11114.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20462 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:
1 edited

Legend:

Unmodified
Added
Removed

  • postlfs/security/make-ca.xml

    r4d7d99d rc1cd435e  
    88  <!ENTITY certpath              "/lib/ckfw/builtins/certdata.txt">
    99  <!ENTITY make-ca-buildsize     "6.6 MB (with all runtime deps)">
    10   <!ENTITY make-ca-time          "0.3 SBU (with all runtime deps)">
     10  <!ENTITY make-ca-time          "0.1 SBU (with all runtime deps)">
    1111
    1212  <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-ca-version;.tar.gz">
    1313  <!ENTITY make-ca-size          "36 KB">
    14   <!ENTITY make-ca-md5sum        "1f0176c4fa89274971b2826a97f303f7">
     14  <!ENTITY make-ca-md5sum        "0eeaf712eedeae4fa55d8bfa37f4ca32">
    1515]>
    1616
     
    7575
    7676    <bridgehead renderas="sect3">make-ca Dependencies</bridgehead>
    77 <!--
    78     <bridgehead renderas="sect4">Required</bridgehead>
    79     <para role="required"><xref linkend="openssl"/></para>
    80 -->
     77
     78    <bridgehead renderas="sect4">Recommended</bridgehead>
     79    <para role="recommended"><xref linkend="p11-kit"/> (required at runtime to
     80    generate certificate stores from trust anchors)</para>
     81
    8182   <bridgehead renderas="sect4">Optional (runtime)</bridgehead>
    8283    <para role="optional">
    8384      <xref role="runtime" linkend="java"/> or
    84       <xref role="runtime" linkend="openjdk"/>,
    85       <xref role="runtime" linkend="nss"/>, and
    86       <xref role="runtime" linkend="p11-kit"/>
     85      <xref role="runtime" linkend="openjdk"/> (to generate a java PKCS#12
     86      store), and <xref role="runtime" linkend="nss"/> (to generate a shared
     87      NSSDB)
    8788    </para>
    8889
     
    9697    <para>The <application>make-ca</application> script will download and
    9798    process the certificates included in the <filename>certdata.txt</filename>
    98     file for use in multiple certificate stores (if the associated applications
    99     are present on the system). Additionally, any local certificates stored in
    100     <filename>/etc/ssl/local</filename> will be imported to the certificate
    101     stores. Certificates in this directory should be stored as PEM encoded
     99    file for use as trust anchors for the <xref linkend="p11-kit"/> trust
     100    module. Additionally, it will generate system certificate stores used by
     101    BLFS applications (if the recommended and optional applications are present
     102    on the system). Any local certificates stored in
     103    <filename>/etc/ssl/local</filename> will be imported to both the trust
     104    anchors and the generated certificate stores (overriding Mozilla's trust).
     105    Certificates in this directory should be stored as PEM encoded
    102106    <application>OpenSSL</application> trusted certificates.</para>
    103107
     
    141145<screen role="root"><userinput>make install</userinput></screen>
    142146
    143    <para>As the <systemitem class="username">root</systemitem> user, download
    144    and update the certificate stores with the following command:</para>
     147   <para>As the <systemitem class="username">root</systemitem> user, after
     148   installing <xref linkend="p11-kit"/>, download the certificate source and
     149   prepare for system use with the following command:</para>
    145150
    146151    <note>
    147152      <para>If running the script a second time with the same version of
    148153      <filename>certdata.txt</filename>, for instance, to add additional stores
    149       as the requisite software is installed, add the <parameter>-f</parameter>
     154      as the requisite software is installed, add the <parameter>-r</parameter>
    150155      switch to the command line. If packaging, run <command>make-ca
    151156      --help</command> to see all available command line options.</para>
     
    224229          <para>is a shell script that adapts a current version of
    225230          <filename>certdata.txt</filename>, and prepares it for use
    226           as the system certificate store.</para>
     231          as the system trust store.</para>
    227232          <indexterm zone="make-ca make-ca">
    228233            <primary sortas="b-make-ca">make-ca</primary>
Note: See TracChangeset for help on using the changeset viewer.