On 10/11/2016 08:24, DJ Lucas wrote:
Okay, so here is a little bit more complete example. I've moved back
to using certdata.txt directly. I've replaced our external perl script
with an unfortunately ugly function. I've populated our shared NSS DB
as a replacement DB, not a supplemental one. I've changed the logic
for version to store the Version string in the ca-bundle.crt, and
compare with the installed one.
This doesn't actually install anything yet, it only throws the value
of TEMPDIR to stdout and leaves the temporary directory in place so
that the results of the conversion can be reviewed. I haven't messed
with Java yet, or pulled in /etc/ssl/local but those are trivial
additions at this point.
Obviously outstanding is any explanatory text whatsoever. How to
adjust NSS consumers to use the shared DB might be of some importance.
(I'll try for that tomorrow). :-)
As far as I can tell, the only remaining thing brought up in the
previous thread was how to obtain and verify the file. I do like using
the release branch as the default source (with version info as
provided by Bruce's script on Anduin). Bruce, what do you think about
signing that file for verification? Or even automatically updating the
date and md5sum of the file in the book -- changelog would need to be
skipped I think, but with that little concession, it should be
reasonably easy to do from cron.
P.S. I'd appreciate a second set of eyes on convert_pem(). It works
well enough, but I could not get it to play nicely using only pipes.
As a result, right now it uses a total of three temporary files per
conversion. This is terribly inefficient and I'd like to fix it, but I
just can't see it tonight.
--DJ
Quick look: why using "covert_pem" and not "convert_pem"?
Why would you need a loop in covert_pem for finding the "END" line?
Isn't the file examined for only one certificate?
I do not see where the octal/char conversion is done (missing format in
printf?).
Thanks for all the good work!
Pierre
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
