On Sat, Feb 23, 2019 at 07:11:52AM +0000, Ken Moffat via blfs-support wrote:
> On Sat, Feb 23, 2019 at 06:23:44AM +0000, DJ Lucas via blfs-support wrote:
> > On 2/22/2019 11:45 PM, Ken Moffat wrote:
> > > On Sat, Feb 23, 2019 at 04:10:51AM +0000, DJ Lucas via blfs-support
> > > wrote:
> > >> On 2/22/2019 8:14 PM, Ken Moffat via blfs-support wrote: Okay, so the
> > >> bit of code that extracts the text and octal data from
> > >> cacerts.txt are on lines 589-599. Lines 601-610 are what converts
> > >> them to PEM files. awk, grep, printf, and openssl are the commands
> > >> used. This error implies that the cert isn't extracted from the
> > >> certdata.txt file correctly. Do this... replace line 849 (rm -rf
> > >> "${TEMPDIR}") with echo ${TEMPDIR} instead and lets see what's in there.
> > > Hi DJ, thanks for the response. Line _843_ in my copy of 1.2, I guess
> > > you are looking at your master version with a few newer commits.
> > > /tmp/tmp.jgLcZhknCx
> > >> ${TEMPDIR}/certs should contain all of the extracted mozilla format
> > >> files These files should begin with '#Certificate "Name"' and be
> > >> readable, but I suspect not.i
> > > A lot of readable files (perms 644) and they all seem to start like
> > > that. But checking the next two items just in case.
> > >> If not, then make sure the downloaded $TEMPDIR/work/certdata.txt
> > >> looks sane, should begin with a mecurial revision number.
> > > Yes, 3a4a3b9133e9 (it's from 12th of February).
> > >> ${TEMPDIR}/pki/anchors should contain a bunch of pem files ini style
> > >> layout, first line should be '[p11-kit-object-v1]'.
> > > Yes, 151 of them, they all start with that.
> > Good so far, we are successfully through the really ugly part of the
> > script then.
> >
> > Okay, so does $TEMPDIR/work/tempfile.crt look like a valid cert? Should
> > look something like below:
>
> No .crt files in $TEMPDIR or its subdirectories. I changed make-ca
> to exit after displaying the value of $TEMPDIR, the creation of
> everything should have finished by then ?
>
> work/ only contains certdata.txt
>
I had a reply off-list suggesting that I try without the local cert
directory. So I renamed that, and retried. Running make-ca -g
succeeded but told me that the certs were up to date.
Running make-ca -f succeeded, the final output was:
Certificate: Global Chambersign Root - 2008
Keyhash: 0c4c9b6c
Added to p11-kit anchor directory with trust 'C,C,'.
Extracting OpenSSL certificates to /etc/ssl/certs...Done!
Extracting GNUTLS server auth certificates to
/etc/pki/tls/certs/ca-bundle.crt...Done!
Extracting GNUTLS S-Mime certificates to
/etc/pki/tls/certs/email-ca-bundle.crt...Done!
Extracting GNUTLS code signing certificates to
/etc/pki/tls/certs/objsign-ca-bundle.crt...Done!
Extracting Java cacerts (JKS) to /etc/pki/tls/java/cacerts...Done!
And running links to an https: site from chroot now works.
I'll keep this around for a bit in case you are replying to my
earlier reply, but I need to sort out some food, then I'll probably
go shopping and then wind down and go to bed.
ĸen
--
The beauty of reading a page of de Selby is that it leads one
inescapably to the conclusion that one is not, of all nincompoops,
the greates. -- du Garbandier
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
