Changeset c9b953e6

Timestamp:

10/19/2011 08:18:40 PM (13 years ago)

Author:

Bruce Dubbs <bdubbs@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

6b5cc24

Parents:

54cfc01

Message:

Add a separate page for CA certificates.
Update to openssl-1.0.0e.
Update to bc-1.06.95.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@8900 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general.ent (modified) (6 diffs)
• general/genutils/bc.xml (modified) (6 diffs)
• introduction/welcome/changelog.xml (modified) (1 diff)
• postlfs/security/cacerts.xml (added)
• postlfs/security/openssl.xml (modified) (6 diffs)
• postlfs/security/security.xml (modified) (1 diff)

general.ent

@@ -4 +4 @@
 -->
 
-<!ENTITY day          "06">                   <!-- Always 2 digits -->
-<!ENTITY month        "09">                   <!-- Always 2 digits -->
+<!ENTITY day          "19">                   <!-- Always 2 digits -->
+<!ENTITY month        "10">                   <!-- Always 2 digits -->
 <!ENTITY year         "2011">
 <!ENTITY copyrightdate "2001-&year;">
@@ -25 +25 @@
 <!ENTITY sources-anduin-http  "http://anduin.&lfs-domainname;/sources/BLFS/svn">
 <!ENTITY sources-anduin-ftp   "ftp://anduin.&lfs-domainname;/BLFS/svn">
+<!ENTITY sources-anduin-other "ftp://anduin.&lfs-domainname;/BLFS">
 <!ENTITY files-anduin         "http://anduin.&lfs-domainname;/files/BLFS/svn">
 <!ENTITY hints-root           "http://www.&lfs-domainname;/hints">
@@ -33 +34 @@
 <!ENTITY lfs-root             "../../../../lfs/view/&lfs-version;">
 <!ENTITY lfs-dev              "../../../../lfs/view/development">
+<!ENTITY gnu-alpha-ftp        "ftp://alpha.gnu.org/gnu/">
+<!ENTITY gnu-alpha-http       "http://alpha.gnu.org/gnu/">
 <!ENTITY sourceforge-repo     "http://downloads.sourceforge.net">
 <!ENTITY sourceforge-repo2    "http://sourceforge.net">
@@ -77 +80 @@
 <!ENTITY lfs67_built          "<para>This package is known to build using an LFS
                               6.7 platform but has not been tested.</para>">
+<!ENTITY lfs70_checked        "<para>This package is known to build and work
+                              properly using an LFS-7.0 platform.</para>">
+<!ENTITY lfs70_built          "<para>This package is known to build using an LFS
+                              7.0 platform but has not been tested.</para>">
 
 <!-- usage: <para>&lfssvn_checked;ccyymmdd&lfssvn_checked2;</para> -->
@@ -93 +100 @@
 <!-- Chapter 4 -->
 
-<!ENTITY openssl-version              "1.0.0d">
+<!ENTITY openssl-version              "1.0.0e">
 <!-- The ca-bundle-version should be updated to match nss version -->
 <!ENTITY ca-bundle-version            "3.12.11.0">
@@ -243 +250 @@
 
 <!-- Chapter 10 -->
-<!ENTITY bc-version                   "1.06">
+<!ENTITY bc-version                   "1.06.95">
 <!ENTITY rep-gtk-version              "0.18">
 <!ENTITY compface-version             "1.5.2">

general/genutils/bc.xml

@@ -17 +17 @@
     <!-- <para>To test the results, issue: <command>make check</command>.</para> -->
 
-  <!ENTITY bc-download-http "http://ftp.gnu.org/gnu/bc/bc-&bc-version;.tar.gz">
-  <!ENTITY bc-download-ftp "ftp://ftp.gnu.org/gnu/bc/bc-&bc-version;.tar.gz">
-  <!ENTITY bc-md5sum "d44b5dddebd8a7a7309aea6c36fda117">
-  <!ENTITY bc-size "273 KB">
+  <!ENTITY bc-download-http "&gnu-alpha-http;/bc/bc-&bc-version;.tar.bz2">
+  <!ENTITY bc-download-ftp "&gnu-alpha-ftp;/bc/bc-&bc-version;.tar.bz2">
+  <!ENTITY bc-md5sum "5126a721b73f97d715bb72c13c889035">
+  <!ENTITY bc-size "288 KB">
   <!ENTITY bc-buildsize "3 MB">
   <!ENTITY bc-time "less than 0.1 SBU (0.2 SBU if running the testsuite)">
@@ -33 +33 @@
   </sect1info>
 
-  <title>Bc-&bc-version;</title>
+  <title>bc-&bc-version;</title>
 
   <indexterm zone="bc">
@@ -40 +40 @@
 
   <sect2 role="package">
-    <title>Introduction to Bc</title>
+    <title>Introduction to bc</title>
 
     <para>The <application>bc</application> package contains
     an arbitrary precision numeric processing language.</para>
 
-    &lfs67_checked;
+    &lfs70_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
@@ -79 +79 @@
     <para>Install <application>bc</application> by running the following commands:</para>
 
-<screen><userinput>sed -i '/PROTO.*readline/d' bc/scan.l &amp;&amp;
-sed -i '/flex -I8/s/8//' configure &amp;&amp;
-sed -i '/stdlib/a #include &lt;string.h&gt;' lib/number.c &amp;&amp;
-sed -i 's/program.*save/static &amp;/' bc/load.c &amp;&amp;
-./configure --prefix=/usr --with-readline &amp;&amp;
+<screen><userinput>./configure --prefix=/usr --with-readline &amp;&amp;
 make</userinput></screen>
 
@@ -101 +97 @@
   <sect2 role="commands">
     <title>Command Explanations</title>
-
+<!--
     <para><command>sed -i '/PROTO.*readline/d' bc/scan.l</command>: This
     command fixes the <application>Readline</application> library call.</para>
@@ -114 +110 @@
     This command fixes a segfault when running <application>bc</application>
     with <command>bc -l</command>.</para>
-
+-->
     <para><parameter>--with-readline</parameter>: This option enables
     <application>Readline</application> support in interactive mode.</para>

introduction/welcome/changelog.xml

@@ -41 +41 @@
 
 -->
+
+    <listitem>
+      <para>October 19th, 2011</para>
+      <itemizedlist>
+        <listitem>
+          <para>[bdubbs] - Added separate page to generate CA certificates.</para>
+        </listitem>
+        <listitem>
+          <para>[bdubbs] - Updated to openssl-1.0.0e.</para>
+        </listitem>
+        <listitem>
+          <para>[bdubbs] - Updated to bc-1.06.95.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem>
       <para>September 6th, 2011</para>

postlfs/security/openssl.xml

@@ -39 +39 @@
     (for accessing HTTPS sites).</para>
 
-    &lfs65_checked;
+    &lfs70_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
@@ -54 +54 @@
       <listitem>
         <para>Download size: &openssl-size;</para>
-      </listitem>
-      <listitem>
-        <para>CA Bundle Download: <ulink url="&ca-bundle-download;"/></para>
-      </listitem>
-      <listitem>
-        <para>CA Bundle size: &ca-bundle-size;</para>
-      </listitem>
-      <listitem>
-        <para>CA Bundle MD5 sum: &ca-bundle-md5sum;</para>
       </listitem>
       <listitem>
@@ -99 +90 @@
 
 <screen><userinput>patch -Np1 -i ../openssl-&openssl-version;-fix_manpages-1.patch &amp;&amp;
-tar -vxf ../BLFS-ca-bundle-&ca-bundle-version;.tar.bz2 &amp;&amp;
 
 ./config --prefix=/usr         \
@@ -109 +99 @@
     <para>To test the results, issue: <command>make test</command>.</para>
 
-    <!-- <para>To test the results, issue: <command>make test</command>.  Note that the
-    test results/output depend on the availability of /etc/ssl/openssl.cnf.  If
-    running the tests for the first time run the following as the
-    <systemitem class="username">root</systemitem> user before running the
-    tests:</para>
-
-<screen role="root"><userinput>install -v -m755 d /etc/ssl &amp;&amp;
-install -v ./apps/openssl.cnf /etc/ssl/</userinput></screen> -->
-
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>make MANDIR=/usr/share/man install                &amp;&amp;
-cp -v -r certs /etc/ssl                           &amp;&amp;
 install -v -d -m755 /usr/share/doc/openssl-&openssl-version; &amp;&amp;
 cp      -v -r       doc/{HOWTO,README,*.{txt,html,gif}} \
                     /usr/share/doc/openssl-&openssl-version;</userinput></screen>
 
-    <para>While still the <systemitem class="username">root</systemitem> user,
-    create a single file that contains all of the installed certificates:</para>
-
-<screen role="root"><userinput>for pem in /etc/ssl/certs/*.pem
-do
-   cat $pem
-   echo ""
-done &gt; /etc/ssl/ca-bundle.crt</userinput></screen>
-
   </sect2>
 
   <sect2 role="commands">
     <title>Command Explanations</title>
-
-    <para>
-    <command>tar -vxf ../BLFS-ca-bundle-&ca-bundle-version;.tar.bz2</command>:
-    <application>OpenSSL</application> no longer includes any root certificates.
-    This package adds root certificates as provided by mozilla.org.</para>
 
     <para><parameter>shared</parameter>: This parameter forces the creation of
@@ -169 +135 @@
     all virtual hosts.</para> -->
 
-    <!-- <para><option>zlib-dynamic</option>: When added to the
-    <command>./config</command> command, this switch will enable
-    use of <filename>libz.so</filename> for compression/decompression.</para> -->
-
-    <para><command>cp -v -r certs /etc/ssl</command>: This installs both the
-    sample certificates and documentation included with
-    <application>OpenSSL</application>, and the certificates that were extracted
-    from the BLFS-ca-bundle-&ca-bundle-version; package.</para>
-
-    <para><command>for pem in /etc/ssl/certs/*.pem...</command>: This group of
-    commands creates a single-file certificate bundle
-    (<filename>/etc/ssl/ca-bundle.crt</filename>) that is usable by many
-    other software packages.  <filename>ca-bundle.crt</filename> should be
-    recreated every time a new or updated certificate is added to
-    <filename class="directory">/etc/ssl/certs</filename>.</para>
-
   </sect2>
 
@@ -204 +154 @@
       <title>Configuration Information</title>
 
-      <para>Most people who just want to use <application>OpenSSL</application>
-      for providing functions to other programs such as
-      <application>OpenSSH</application> and web browsers won't need to worry
-      about configuring <application>OpenSSL</application>. Configuring
-      <application>OpenSSL</application> is an advanced topic and so those
-      who do would normally be expected to either know how to do it or to be
-      able to find out how to do it.</para>
+      <para>Most users will want to install Certificate Authority Certificates
+      for validataion of downloaded certificates.  For example, these
+      certificates are used by <xref linkend='firefox'/> or <xref
+      linkend='wget'/> when accessing secure (https protocol) sites.  To do this, 
+      follow the instructions from the <xref linkend='cacerts'/> page.</para> 
+
+      <para>Users who just want to use <application>OpenSSL</application> for
+      providing functions to other programs such as
+      <application>OpenSSH</application> and web browsers do not need to worry
+      about additional configuration. This is an advanced topic and so those
+      who do need it would normally be expected to either know how to properly
+      update <filename>/etc/ssl/openssl.cnf</filename> or be able to find out
+      how to do it.</para>
 
     </sect3>

postlfs/security/security.xml

@@ -41 +41 @@
 
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cacerts.xml"/> 
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>