Author: dj
Date: Wed Sep 5 17:36:36 2018
New Revision: 20462
Log:
Update to make-ca-0.9. Fixes #11114.
Modified:
trunk/BOOK/general.ent
trunk/BOOK/general/prog/ojdk-conf.xml
trunk/BOOK/general/prog/openjdk.xml
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/packages.ent
trunk/BOOK/postlfs/security/make-ca.xml
trunk/BOOK/postlfs/security/p11-kit.xml
Modified: trunk/BOOK/general.ent
==============================================================================
--- trunk/BOOK/general.ent Wed Sep 5 15:25:22 2018 (r20461)
+++ trunk/BOOK/general.ent Wed Sep 5 17:36:36 2018 (r20462)
@@ -1,12 +1,12 @@
<!-- $LastChangedBy$ $Date$ -->
-<!ENTITY day "05"> <!-- Always 2 digits -->
+<!ENTITY day "06"> <!-- Always 2 digits -->
<!ENTITY month "09"> <!-- Always 2 digits -->
<!ENTITY year "2018">
<!ENTITY copyrightdate "2001-&year;">
<!ENTITY copyholder "The BLFS Development Team">
<!ENTITY version "&year;-&month;-&day;">
-<!ENTITY releasedate "September 5th, &year;">
+<!ENTITY releasedate "September 6th, &year;">
<!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
<!ENTITY blfs-version "svn"> <!-- svn|[release #] -->
<!ENTITY lfs-version "development"> <!-- x.y|development -->
Modified: trunk/BOOK/general/prog/ojdk-conf.xml
==============================================================================
--- trunk/BOOK/general/prog/ojdk-conf.xml Wed Sep 5 15:25:22 2018
(r20461)
+++ trunk/BOOK/general/prog/ojdk-conf.xml Wed Sep 5 17:36:36 2018
(r20462)
@@ -88,7 +88,7 @@
CA certificates. The Java security modules use
<envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by
default. In order to keep all the certificates in one place, we use
- <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be
+ <filename>/etc/ssl/java/cacerts</filename>. That file should be
generated using the system PKI trust store. The instructions
on the <xref linkend="make-ca"/> page should be used to update the file
located in <filename class="directory">/etc/ssl/java</filename>.
@@ -97,7 +97,7 @@
</para>
<screen role="root"><userinput>/usr/sbin/make-ca -g --force &&
-ln -sfv /etc/ssl/java/cacerts.jks
/opt/jdk/lib/security/cacerts</userinput></screen>
+ln -sfv /etc/ssl/java/cacerts
/opt/jdk/lib/security/cacerts</userinput></screen>
<para>
Use the following commands to check if the <filename>cacerts</filename>
Modified: trunk/BOOK/general/prog/openjdk.xml
==============================================================================
--- trunk/BOOK/general/prog/openjdk.xml Wed Sep 5 15:25:22 2018 (r20461)
+++ trunk/BOOK/general/prog/openjdk.xml Wed Sep 5 17:36:36 2018 (r20462)
@@ -240,7 +240,7 @@
--with-version-build="&openjdk-build;" \
--with-version-pre="" \
--with-version-opt="" \
- --with-cacerts-file=/etc/ssl/java/cacerts.jks &&
+ --with-cacerts-file=/etc/ssl/java/cacerts &&
make images</userinput></screen>
<para>
@@ -393,7 +393,7 @@
</para>
<para>
- <parameter>--with-cacerts-file=/etc/ssl/java/cacerts.jks</parameter>:
+ <parameter>--with-cacerts-file=/etc/ssl/java/cacerts</parameter>:
Specifies where to find a <filename>cacerts</filename> file,
<filename>/etc/ssl/java/</filename> on a BLFS system. Otherwise, an empty
one is created. You can use the
@@ -443,16 +443,16 @@
</title>
<para>
- If you have run the instructions for <xref linkend="ojdk-certs"/>,
- you only need to create a symlink in the default location for
- those certificates. As user <systemitem
+ If you have run the instructions on the <xref linkend="make-ca"/> page,
+ you only need to create a symlink in the default location for the
+ <filename>cacerts</filename> file. As user <systemitem
class="username">root</systemitem>:
</para>
-<screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts.jks
/opt/jdk/lib/security/cacerts</userinput></screen>
+<screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts
/opt/jdk/lib/security/cacerts</userinput></screen>
<para>
- To check the installatiion, as when <xref linkend="ojdk-certs"/>,
issue:
+ To check the installatiion, issue:
</para>
<screen role="root"><userinput>cd /opt/jdk
Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml Wed Sep 5 15:25:22
2018 (r20461)
+++ trunk/BOOK/introduction/welcome/changelog.xml Wed Sep 5 17:36:36
2018 (r20462)
@@ -42,6 +42,16 @@
</listitem>
-->
<listitem>
+ <para>September 6th, 2018</para>
+ <itemizedlist>
+ <listitem>
+ <para>[dj] - Update to make-ca-0.9. Fixes
+ <ulink url="&blfs-ticket-root;11114">#11114</ulink>.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
<para>September 5th, 2018</para>
<itemizedlist>
<listitem>
Modified: trunk/BOOK/packages.ent
==============================================================================
--- trunk/BOOK/packages.ent Wed Sep 5 15:25:22 2018 (r20461)
+++ trunk/BOOK/packages.ent Wed Sep 5 17:36:36 2018 (r20462)
@@ -24,7 +24,7 @@
<!ENTITY linux-pam-version "1.3.0">
<!ENTITY linux-pam-docs-version "1.2.0">
<!ENTITY libpwquality-version "1.4.0">
-<!ENTITY make-ca-version "0.8">
+<!ENTITY make-ca-version "0.9">
<!ENTITY mitkrb-major-version "1.16">
<!ENTITY mitkrb-version "1.16.1">
<!ENTITY nettle-version "3.4">
Modified: trunk/BOOK/postlfs/security/make-ca.xml
==============================================================================
--- trunk/BOOK/postlfs/security/make-ca.xml Wed Sep 5 15:25:22 2018
(r20461)
+++ trunk/BOOK/postlfs/security/make-ca.xml Wed Sep 5 17:36:36 2018
(r20462)
@@ -7,11 +7,11 @@
<!ENTITY certhost "https://hg.mozilla.org/";>
<!ENTITY certpath "/lib/ckfw/builtins/certdata.txt">
<!ENTITY make-ca-buildsize "6.6 MB (with all runtime deps)">
- <!ENTITY make-ca-time "0.3 SBU (with all runtime deps)">
+ <!ENTITY make-ca-time "0.1 SBU (with all runtime deps)">
<!ENTITY make-ca-download
"https://github.com/djlucas/make-ca/archive/v&make-ca-version;/make-ca-&make-ca-version;.tar.gz";>
<!ENTITY make-ca-size "36 KB">
- <!ENTITY make-ca-md5sum "1f0176c4fa89274971b2826a97f303f7">
+ <!ENTITY make-ca-md5sum "0eeaf712eedeae4fa55d8bfa37f4ca32">
]>
<sect1 id="make-ca" xreflabel="make-ca-&make-ca-version;">
@@ -74,16 +74,17 @@
</itemizedlist>
<bridgehead renderas="sect3">make-ca Dependencies</bridgehead>
-<!--
- <bridgehead renderas="sect4">Required</bridgehead>
- <para role="required"><xref linkend="openssl"/></para>
--->
+
+ <bridgehead renderas="sect4">Recommended</bridgehead>
+ <para role="recommended"><xref linkend="p11-kit"/> (required at runtime to
+ generate certificate stores from trust anchors)</para>
+
<bridgehead renderas="sect4">Optional (runtime)</bridgehead>
<para role="optional">
<xref role="runtime" linkend="java"/> or
- <xref role="runtime" linkend="openjdk"/>,
- <xref role="runtime" linkend="nss"/>, and
- <xref role="runtime" linkend="p11-kit"/>
+ <xref role="runtime" linkend="openjdk"/> (to generate a java PKCS#12
+ store), and <xref role="runtime" linkend="nss"/> (to generate a shared
+ NSSDB)
</para>
<para condition="html" role="usernotes">User Notes:
@@ -95,10 +96,13 @@
<para>The <application>make-ca</application> script will download and
process the certificates included in the <filename>certdata.txt</filename>
- file for use in multiple certificate stores (if the associated applications
- are present on the system). Additionally, any local certificates stored in
- <filename>/etc/ssl/local</filename> will be imported to the certificate
- stores. Certificates in this directory should be stored as PEM encoded
+ file for use as trust anchors for the <xref linkend="p11-kit"/> trust
+ module. Additionally, it will generate system certificate stores used by
+ BLFS applications (if the recommended and optional applications are present
+ on the system). Any local certificates stored in
+ <filename>/etc/ssl/local</filename> will be imported to both the trust
+ anchors and the generated certificate stores (overriding Mozilla's trust).
+ Certificates in this directory should be stored as PEM encoded
<application>OpenSSL</application> trusted certificates.</para>
<para>To create an <application>OpenSSL</application> trusted certificate
@@ -140,13 +144,14 @@
<screen role="root"><userinput>make install</userinput></screen>
- <para>As the <systemitem class="username">root</systemitem> user, download
- and update the certificate stores with the following command:</para>
+ <para>As the <systemitem class="username">root</systemitem> user, after
+ installing <xref linkend="p11-kit"/>, download the certificate source and
+ prepare for system use with the following command:</para>
<note>
<para>If running the script a second time with the same version of
<filename>certdata.txt</filename>, for instance, to add additional stores
- as the requisite software is installed, add the <parameter>-f</parameter>
+ as the requisite software is installed, add the <parameter>-r</parameter>
switch to the command line. If packaging, run <command>make-ca
--help</command> to see all available command line options.</para>
</note>
@@ -223,7 +228,7 @@
<listitem>
<para>is a shell script that adapts a current version of
<filename>certdata.txt</filename>, and prepares it for use
- as the system certificate store.</para>
+ as the system trust store.</para>
<indexterm zone="make-ca make-ca">
<primary sortas="b-make-ca">make-ca</primary>
</indexterm>
Modified: trunk/BOOK/postlfs/security/p11-kit.xml
==============================================================================
--- trunk/BOOK/postlfs/security/p11-kit.xml Wed Sep 5 15:25:22 2018
(r20461)
+++ trunk/BOOK/postlfs/security/p11-kit.xml Wed Sep 5 17:36:36 2018
(r20462)
@@ -74,13 +74,13 @@
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
- <xref linkend="make-ca"/> and
<xref linkend="libtasn1"/>
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
- <xref linkend="nss"/>,
+ <xref linkend="make-ca"/> (runtime),
+ <xref linkend="nss"/> (runtime),
<xref linkend="gtk-doc"/> and
<xref linkend="libxslt"/>
</para>
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
