Changeset c9b953e6 for postlfs


Ignore:
Timestamp:
10/19/2011 08:18:40 PM (13 years ago)
Author:
Bruce Dubbs <bdubbs@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
6b5cc24
Parents:
54cfc01
Message:

Add a separate page for CA certificates.
Update to openssl-1.0.0e.
Update to bc-1.06.95.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@8900 af4574ff-66df-0310-9fd7-8a98e5e911e0

Location:
postlfs/security
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed

  • postlfs/security/openssl.xml

    r54cfc01 rc9b953e6  
    3939    (for accessing HTTPS sites).</para>
    4040
    41     &lfs65_checked;
     41    &lfs70_checked;
    4242
    4343    <bridgehead renderas="sect3">Package Information</bridgehead>
     
    5454      <listitem>
    5555        <para>Download size: &openssl-size;</para>
    56       </listitem>
    57       <listitem>
    58         <para>CA Bundle Download: <ulink url="&ca-bundle-download;"/></para>
    59       </listitem>
    60       <listitem>
    61         <para>CA Bundle size: &ca-bundle-size;</para>
    62       </listitem>
    63       <listitem>
    64         <para>CA Bundle MD5 sum: &ca-bundle-md5sum;</para>
    6556      </listitem>
    6657      <listitem>
     
    9990
    10091<screen><userinput>patch -Np1 -i ../openssl-&openssl-version;-fix_manpages-1.patch &amp;&amp;
    101 tar -vxf ../BLFS-ca-bundle-&ca-bundle-version;.tar.bz2 &amp;&amp;
    10292
    10393./config --prefix=/usr         \
     
    10999    <para>To test the results, issue: <command>make test</command>.</para>
    110100
    111     <!-- <para>To test the results, issue: <command>make test</command>.  Note that the
    112     test results/output depend on the availability of /etc/ssl/openssl.cnf.  If
    113     running the tests for the first time run the following as the
    114     <systemitem class="username">root</systemitem> user before running the
    115     tests:</para>
    116 
    117 <screen role="root"><userinput>install -v -m755 d /etc/ssl &amp;&amp;
    118 install -v ./apps/openssl.cnf /etc/ssl/</userinput></screen> -->
    119 
    120101    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
    121102
    122103<screen role="root"><userinput>make MANDIR=/usr/share/man install                &amp;&amp;
    123 cp -v -r certs /etc/ssl                           &amp;&amp;
    124104install -v -d -m755 /usr/share/doc/openssl-&openssl-version; &amp;&amp;
    125105cp      -v -r       doc/{HOWTO,README,*.{txt,html,gif}} \
    126106                    /usr/share/doc/openssl-&openssl-version;</userinput></screen>
    127107
    128     <para>While still the <systemitem class="username">root</systemitem> user,
    129     create a single file that contains all of the installed certificates:</para>
    130 
    131 <screen role="root"><userinput>for pem in /etc/ssl/certs/*.pem
    132 do
    133    cat $pem
    134    echo ""
    135 done &gt; /etc/ssl/ca-bundle.crt</userinput></screen>
    136 
    137108  </sect2>
    138109
    139110  <sect2 role="commands">
    140111    <title>Command Explanations</title>
    141 
    142     <para>
    143     <command>tar -vxf ../BLFS-ca-bundle-&ca-bundle-version;.tar.bz2</command>:
    144     <application>OpenSSL</application> no longer includes any root certificates.
    145     This package adds root certificates as provided by mozilla.org.</para>
    146112
    147113    <para><parameter>shared</parameter>: This parameter forces the creation of
     
    169135    all virtual hosts.</para> -->
    170136
    171     <!-- <para><option>zlib-dynamic</option>: When added to the
    172     <command>./config</command> command, this switch will enable
    173     use of <filename>libz.so</filename> for compression/decompression.</para> -->
    174 
    175     <para><command>cp -v -r certs /etc/ssl</command>: This installs both the
    176     sample certificates and documentation included with
    177     <application>OpenSSL</application>, and the certificates that were extracted
    178     from the BLFS-ca-bundle-&ca-bundle-version; package.</para>
    179 
    180     <para><command>for pem in /etc/ssl/certs/*.pem...</command>: This group of
    181     commands creates a single-file certificate bundle
    182     (<filename>/etc/ssl/ca-bundle.crt</filename>) that is usable by many
    183     other software packages.  <filename>ca-bundle.crt</filename> should be
    184     recreated every time a new or updated certificate is added to
    185     <filename class="directory">/etc/ssl/certs</filename>.</para>
    186 
    187137  </sect2>
    188138
     
    204154      <title>Configuration Information</title>
    205155
    206       <para>Most people who just want to use <application>OpenSSL</application>
    207       for providing functions to other programs such as
    208       <application>OpenSSH</application> and web browsers won't need to worry
    209       about configuring <application>OpenSSL</application>. Configuring
    210       <application>OpenSSL</application> is an advanced topic and so those
    211       who do would normally be expected to either know how to do it or to be
    212       able to find out how to do it.</para>
     156      <para>Most users will want to install Certificate Authority Certificates
     157      for validataion of downloaded certificates.  For example, these
     158      certificates are used by <xref linkend='firefox'/> or <xref
     159      linkend='wget'/> when accessing secure (https protocol) sites.  To do this,
     160      follow the instructions from the <xref linkend='cacerts'/> page.</para>
     161
     162      <para>Users who just want to use <application>OpenSSL</application> for
     163      providing functions to other programs such as
     164      <application>OpenSSH</application> and web browsers do not need to worry
     165      about additional configuration. This is an advanced topic and so those
     166      who do need it would normally be expected to either know how to properly
     167      update <filename>/etc/ssl/openssl.cnf</filename> or be able to find out
     168      how to do it.</para>
    213169
    214170    </sect3>

  • postlfs/security/security.xml

    r54cfc01 rc9b953e6  
    4141
    4242  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/>
     43  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cacerts.xml"/>
    4344  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
    4445  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
Note: See TracChangeset for help on using the changeset viewer.