[csw-devel] SF.net SVN: gar:[2726] csw/mgar/pkg/ca_certificates/trunk

chninkel at users.sourceforge.net chninkel at users.sourceforge.net
Thu Jan 1 15:56:18 CET 2009 

Revision: 2726
          http://gar.svn.sourceforge.net/gar/?rev=2726&view=rev
Author:   chninkel
Date:     2009-01-01 14:56:18 +0000 (Thu, 01 Jan 2009)

Log Message:
-----------
ca_certificates: added README.CSW

Modified Paths:
--------------
    csw/mgar/pkg/ca_certificates/trunk/Makefile
    csw/mgar/pkg/ca_certificates/trunk/checksums

Added Paths:
-----------
    csw/mgar/pkg/ca_certificates/trunk/files/README.CSW

Modified: csw/mgar/pkg/ca_certificates/trunk/Makefile
===================================================================
--- csw/mgar/pkg/ca_certificates/trunk/Makefile	2008-12-31 18:56:46 UTC (rev 2725)
+++ csw/mgar/pkg/ca_certificates/trunk/Makefile	2009-01-01 14:56:18 UTC (rev 2726)
@@ -8,7 +8,7 @@
 endef
 
 MASTER_SITES = http://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/
-DISTFILES  = certdata.txt certdata2pem.pl update-ca-certificates ca-certificates.conf
+DISTFILES  = certdata.txt certdata2pem.pl update-ca-certificates ca-certificates.conf README.CSW
 DISTFILES += $(call admfiles,CSWcacertificates,depend postinstall postremove)
 
 # We define upstream file regex so we can be notifed of new upstream software release
@@ -28,7 +28,7 @@
 $(WORKDIR)/hash.db: $(WORKDIR)/certdata.txt
 	rm -f $(WORKDIR)/hash.db
 	find "$(DESTDIR)/$(sharedstatedir)/ca-certificates" -name *.pem | while read FILE; do \
-		echo "`basename $$FILE`=`/opt/csw/bin/openssl x509 -hash -fingerprint -noout -in "$$FILE" | head -n 1`.0" >> hash.db; \
+		echo "`basename $$FILE`=`/opt/csw/bin/openssl x509 -hash -fingerprint -noout -in "$$FILE" | head -n 1`.0" >> $(WORKDIR)/hash.db; \
 	done
 
 $(WORKDIR)/LICENSE: $(WORKDIR)/certdata.txt
@@ -38,8 +38,9 @@
 install-custom: $(WORKDIR)/hash.db $(WORKDIR)/LICENSE
 	ginstall -d "$(DESTDIR)/$(sysconfdir)/ssl/certs"
 	ginstall -d "$(DESTDIR)/$(sharedstatedir)/ca-certificates"
-	ginstall -D $(WORKDIR)/update-ca-certificates "$(DESTDIR)/$(sbindir)/update-ca-certificates"
-	ginstall -D hash.db "$(DESTDIR)/$(sharedstatedir)/ca-certificates/hash.db"
+	ginstall -D "$(WORKDIR)/update-ca-certificates" "$(DESTDIR)/$(sbindir)/update-ca-certificates"
+	ginstall -D "$(WORKDIR)/hash.db" "$(DESTDIR)/$(sharedstatedir)/ca-certificates/hash.db"
+	ginstall -D "$(WORKDIR)/README.CSW" "$(DESTDIR)/$(docdir)/ca-certificates/README.CSW"
 	ginstall -d "$(DESTDIR)/$(sharedstatedir)/ca-certificates/mozilla"
 	cd "$(DESTDIR)/$(sharedstatedir)/ca-certificates/mozilla" && perl "$(CURDIR)/$(WORKDIR)/certdata2pem.pl" < "$(CURDIR)/$(WORKDIR)/certdata.txt"
 

Modified: csw/mgar/pkg/ca_certificates/trunk/checksums
===================================================================
--- csw/mgar/pkg/ca_certificates/trunk/checksums	2008-12-31 18:56:46 UTC (rev 2725)
+++ csw/mgar/pkg/ca_certificates/trunk/checksums	2009-01-01 14:56:18 UTC (rev 2726)
@@ -2,6 +2,7 @@
 77fe4c8feb1b341814a6ed03d4ff764a  download/certdata2pem.pl
 8163827375c4cb08f9734930adb06ee2  download/update-ca-certificates
 b4f6772525da6772d51eb30f90605d60  download/ca-certificates.conf
+c7fd74bceddf27039a26a5f1dfede163  download/README.CSW
 787d361f8d8b8ecf89e83bb813fdaec5  download/CSWcacertificates.gspec
 31227010faaad1c2b9893ba91d6b16bb  download/CSWcacertificates.depend
 32e6ea27867c760d2279330fd4c480d3  download/CSWcacertificates.postinstall

Added: csw/mgar/pkg/ca_certificates/trunk/files/README.CSW
===================================================================
--- csw/mgar/pkg/ca_certificates/trunk/files/README.CSW	                        (rev 0)
+++ csw/mgar/pkg/ca_certificates/trunk/files/README.CSW	2009-01-01 14:56:18 UTC (rev 2726)
@@ -0,0 +1,53 @@
+
+Notes for ca_certificates
+-------------------------
+
+The ca_certificates package provides common Certification Authorities to 
+allow ssl-based software to check the validity of certificates exchanged 
+during a SSL connection.
+It also provides a simple way to configure which CA is considered valid and
+to add new custom certificate to the set of CA.
+
+Currently the CA provided by this package are the ones that are shipped with
+the mozilla firefox browser.
+
+Quick Usage FAQ:
+
+* How to disable a certificate ?
+
+Just edit the /opt/csw/etc/ca-certificates.conf file and add the full path of the
+certificate prefixed by an exclamation mark, then launch:
+
+	/opt/csw/sbin/update-ca-certificates
+
+For exemple, to remove the Equifax Secure CA from the valid CA, add the following 
+line in /opt/csw/etc/ca-certificates.conf:
+
+	!/opt/csw/share/ca-certificates/mozilla/Equifax_Secure_CA.crt
+
+and launch /opt/csw/sbin/update-ca-certificates
+
+For CA provided by ca-certificates, you can just put the filename, as by default 
+update-ca-certificates will look under /opt/csw/share/ca-certificates/.
+
+For Equifax Secure CA you could just add the line:
+
+	!Equifax_Secure_CA.crt
+
+
+* How to add a new certificate ?
+
+To add a CA not provided by the ca-certificates package, you first need to install
+the openssl_utils package so update-ca-certificates will be able to generate the
+hash of the certificate using the openssl binary:
+
+	pkg-get install openssl_utils (or pkg-util -i openssl_utils)
+
+Then either you add the full location of the certificate in /opt/csw/etc/ca-certificates.conf
+or you just copy the certificate in /opt/csw/etc/ssl/certs and make sure it has a 
+pem extension.
+
+Eventually you launch the update-ca-certificate command:
+
+	/opt/csw/sbin/update-ca-certificates
+


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

More information about the devel mailing list