On November 10, 2016 4:00:39 AM CST, Pierre Labastie <[email protected]> wrote: >On 10/11/2016 08:24, DJ Lucas wrote: >> Okay, so here is a little bit more complete example. I've moved back >> to using certdata.txt directly. I've replaced our external perl >script >> with an unfortunately ugly function. I've populated our shared NSS DB > >> as a replacement DB, not a supplemental one. I've changed the logic >> for version to store the Version string in the ca-bundle.crt, and >> compare with the installed one. >> >> This doesn't actually install anything yet, it only throws the value >> of TEMPDIR to stdout and leaves the temporary directory in place so >> that the results of the conversion can be reviewed. I haven't messed >> with Java yet, or pulled in /etc/ssl/local but those are trivial >> additions at this point. >> >> Obviously outstanding is any explanatory text whatsoever. How to >> adjust NSS consumers to use the shared DB might be of some >importance. >> (I'll try for that tomorrow). :-) >> >> As far as I can tell, the only remaining thing brought up in the >> previous thread was how to obtain and verify the file. I do like >using >> the release branch as the default source (with version info as >> provided by Bruce's script on Anduin). Bruce, what do you think about > >> signing that file for verification? Or even automatically updating >the >> date and md5sum of the file in the book -- changelog would need to be > >> skipped I think, but with that little concession, it should be >> reasonably easy to do from cron. >> >> P.S. I'd appreciate a second set of eyes on convert_pem(). It works >> well enough, but I could not get it to play nicely using only pipes. >> As a result, right now it uses a total of three temporary files per >> conversion. This is terribly inefficient and I'd like to fix it, but >I >> just can't see it tonight. >> >> --DJ >> >> >Quick look: why using "covert_pem" and not "convert_pem"?
Typo. Thank you. :-) > >Why would you need a loop in covert_pem for finding the "END" line? >Isn't the file examined for only one certificate? > It is, but it contains a lot more data than is necessary for the DER encoded file. We are only interested in that small part of it. There should be around 10 lines that begin in ^END. I suppose we could limit to a range beginning at startline and just grab the first instance. >I do not see where the octal/char conversion is done (missing format in > >printf?). They are already formatted as \NNN. From the manpage: \<NNN> Interprets <NNN> as octal number and prints the corresponding character from the character set. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
