> Op 13 dec. 2017, om 09:55 heeft Pierre Labastie <[email protected]> het > volgende geschreven: > > On 13/12/2017 00:35, DJ Lucas wrote:
>> (…) >> Use make-ca from the development book as it uses openssl s_client to >> download the certs. I understand, but as I stumbled already that far in the LFS-8.1 and BLFS-8.1 build, I’ll try now to finish with the stable books. BTW: there was another problem while downloading the BLFS files, that may also already be solved in the development book: the path to http://www.linuxfromscratch.org/blfs/downloads/8.1/blfs-systemd-units-20160602.tar.bz2 <http://www.linuxfromscratch.org/blfs/downloads/8.1/blfs-systemd-units-20160602.tar.bz2> is wrong. I had to download it manually from http://www.linuxfromscratch.org/blfs/downloads/8.1-systemd/ <http://www.linuxfromscratch.org/blfs/downloads/8.1-systemd/> . Also, the LFS script stopped because it couldn’t download python-2.7.13-docs-html.tar.bz2. As a work-around, I have manually downloaded the version 2.7.14 and I renamed it to 2.7.13, then restarted the script. >> > > On the cacert page, wget is only needed for downloading files. But wget needs > cacerts. The BLFS-8.1 book says that cacert is a “recommended” “runtime” dependency for wget, so it should be possible to build wget before cacert. That was also my work-around: I first let build wget, by touching 012-z-cacerts in $LFS/blfs_root/work, then removed again that marker file. > That's why, if you tick "Add blfs-tool support", jhalfs downloads the > necessary files for cacerts before entering chroot, and removes the > instructions using wget from the cacerts script. So normally, the cacert > script should run OK. That’s not what happens here. Below some extracts from the script file; there are 5 lines with wget: pol@PowerMac-G5:/mnt/build_dir/blfs_root/scripts$ cat 012-z-cacerts #!/bin/bash set -e (…) PACKAGE=make-ca.sh-20170514 if [[ ! -f $PACKAGE ]] ; then if [[ -f $SRC_ARCHIVE/$PACKAGE ]] ; then cp $SRC_ARCHIVE/$PACKAGE $PACKAGE else wget -T 30 -t 5 http://anduin.linuxfromscratch.org/BLFS/other/make-ca.sh-20170514 || wget -T 30 -t 5 ${FTP_SERVER}svn/m/$PACKAGE fi fi PACKAGE1=certdata.txt if [[ ! -f $PACKAGE1 ]] ; then if [[ -f $SRC_ARCHIVE/$PACKAGE1 ]] ; then cp $SRC_ARCHIVE/$PACKAGE1 $PACKAGE1 else wget -T 30 -t 5 http://anduin.linuxfromscratch.org/BLFS/other/certdata.txt || wget -T 30 -t 5 ${FTP_SERVER}svn/c/$PACKAGE1 fi fi [[ "$SRC_DIR" != "$BUILD_DIR" ]] && ln -sf $SRC_DIR/$PACKAGE1 $BUILD_DIR (…) install -vdm755 /etc/ssl/local && wget http://www.cacert.org/certs/root.crt && openssl x509 -in root.crt -text -fingerprint -setalias "CAcert Class 1 root" \ -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \ > /etc/ssl/local/CAcert_Class_1_root.pem install -vm755 make-ca.sh- /usr/sbin/make-ca.sh /usr/sbin/make-ca.sh ldconfig cd $BUILD_DIR [[ -n "$KEEP_FILES" ]] || rm -rf $UNPACKDIR unpacked > > Now, as DJ wrote above, if you use the development version of the cacert > script, wget is not needed either. > > Pierre > -- > http://lists.linuxfromscratch.org/listinfo/alfs-discuss > <http://lists.linuxfromscratch.org/listinfo/alfs-discuss> > FAQ: http://www.linuxfromscratch.org/faq/ > <http://www.linuxfromscratch.org/faq/> > Unsubscribe: See the above information page
-- http://lists.linuxfromscratch.org/listinfo/alfs-discuss FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
