Changeset d973faf


Ignore:
Timestamp:
01/01/2019 10:18:07 AM (5 years ago)
Author:
DJ Lucas <dj@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.4, 9.0, 9.1, bdubbs/svn, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
979dcbd5
Parents:
f2eaeaa
Message:

Update to make-ca-1.1. Complete configuration of P11-Kit trust-extract-compat to utilize both P11-kit and make-ca.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20900 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
4 edited

Legend:

Unmodified
Added
Removed

  • introduction/welcome/changelog.xml

    rf2eaeaa rd973faf  
    4646      <itemizedlist>
    4747        <listitem>
     48          <para>[dj] - Update to make-ca-1.1. Complete configuration of P11-Kit
     49          trust-extract-compat to utilize both P11-kit and make-ca.</para>
     50        </listitem>
     51        <listitem>
    4852          <para>[bdubbs] - Update to nasm-2.14.02. Fixes
    4953          <ulink url="&blfs-ticket-root;11476">#11476</ulink>.</para>

  • packages.ent

    rf2eaeaa rd973faf  
    2525<!ENTITY linux-pam-docs-version       "1.2.0">
    2626<!ENTITY libpwquality-version         "1.4.0">
    27 <!ENTITY make-ca-version              "1.0">
     27<!ENTITY make-ca-version              "1.1">
    2828<!ENTITY mitkrb-major-version         "1.16">
    2929<!ENTITY mitkrb-version               "1.16.2">

  • postlfs/security/make-ca.xml

    rf2eaeaa rd973faf  
    1212  <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz">
    1313  <!ENTITY make-ca-size          "28 KB">
    14   <!ENTITY make-ca-md5sum        "b038d38233f970aad60c29dfc0502021">
     14  <!ENTITY make-ca-md5sum        "417a8ebfb3d6ac4821c1e508a0a3981f">
    1515]>
    1616

  • postlfs/security/p11-kit.xml

    rf2eaeaa rd973faf  
    9898<screen><userinput>sed '20,$ d' -i trust/trust-extract-compat.in &amp;&amp;
    9999cat &gt;&gt; trust/trust-extract-compat.in &lt;&lt; "EOF"
    100 echo "Please create an OpenSSL Trusted Certificate with appropriate"
    101 echo "trust arguments in /etc/ssl/local/ and run '/usr/sbin/make-ca -f'"
    102 echo "as the root user."
    103 exit 1
     100<literal># LFS uses make-ca to manage certificates
     101if [ -f /etc/make-ca.conf ]; then
     102    . /etc/make-ca.conf
     103else
     104    #Use defaults if make-ca.conf does not exist
     105    ANCHORDIR="/etc/pki/anchors"
     106    ANCHORLIST="/etc/pki/anchors.txt"
     107    LOCALDIR="/etc/ssl/local"
     108    CERTLIST=""
     109fi
     110
     111# Create a list of certificates not present at previous run
     112for ca in `/bin/ls -1 --color=none "${ANCHORDIR}"` ; do
     113    /bin/grep "${ca}" "${ANCHORLIST}" 2>&amp;1>/dev/null || CERTLIST="${CERTLIST} ${ca}"
     114done
     115
     116# Dump to a temporary directory
     117TEMPDIR=`mktemp -d`
     118/usr/bin/trust extract --filter=certificates --format=openssl-directory --overwrite \
     119    "${TEMPDIR}"
     120
     121# Copy new certificates to LOCALDIR
     122for certificate in `echo "${CERTLIST}"` ; do
     123    LABEL=`/bin/grep -m 1 "label:" "${ANCHORDIR}/${certificate}"`
     124    LABELNEW=`echo "${LABEL}" | /bin/sed -e 's@^label: @@' -e 's@"@@g' -e 's@ @_@g'`
     125    cp -v "${TEMPDIR}/${LABELNEW}.pem" "${LOCALDIR}"
     126    unset LABEL LABELNEW
     127done
     128
     129# Clean up
     130rm -rf "${TEMPDIR}"
     131unset ANCHORDIR ANCHORLIST LOCALDIR CERTLIST TEMPDIR
     132
     133# Generate a new trust store
     134/usr/sbin/make-ca -f</literal>
    104135EOF</userinput></screen>
    105136
     
    123154    </para>
    124155
    125 <screen role="root"><userinput>make install</userinput></screen>
     156<screen role="root"><userinput>make install &amp;&amp;
     157ln -s /usr/libexec/p11-kit/trust-extract-compat \
     158      /usr/bin/update-ca-certificates</userinput></screen>
    126159
    127160  </sect2>
     
    225258      </varlistentry>
    226259
     260      <varlistentry id="update-ca-certificates">
     261        <term><command>update-ca-certificates</command></term>
     262        <listitem>
     263          <para>
     264            is a command line tool to both extract local certificates from an
     265            upadated anchor store, and regenerate all anchors and certificate
     266            stores on the system.
     267          </para>
     268          <indexterm zone="p11-kit update-ca-certificates">
     269            <primary sortas="b-trust">update-ca-certificates</primary>
     270          </indexterm>
     271        </listitem>
     272      </varlistentry>
    227273
    228274      <varlistentry id="libp11-kit">
Note: See TracChangeset for help on using the changeset viewer.