make-ca, include.h2m: Add detailed dependncy info and add note about configuration file
This commit is contained in:
parent
81786ef1c1
commit
892378ecbe
@ -1,4 +1,5 @@
|
|||||||
1.6 - Fix install target for make -j#
|
1.6 - Fix install target for make -j#
|
||||||
|
- Add detailed dependncy info and add note about configuration file
|
||||||
1.5 - Allow generation of all stores in alternate directory
|
1.5 - Allow generation of all stores in alternate directory
|
||||||
1.4 - Revert change to use /usr/bin/update-ca-certifiates for systemd
|
1.4 - Revert change to use /usr/bin/update-ca-certifiates for systemd
|
||||||
service
|
service
|
||||||
|
51
help2man
51
help2man
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
# Generate a short man page from --help and --version output.
|
# Generate a short man page from --help and --version output.
|
||||||
# Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2009,
|
# Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2009,
|
||||||
# 2010, 2011, 2012, 2013, 2014, 2015 Free Software Foundation, Inc.
|
# 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 Free Software Foundation, Inc.
|
||||||
|
|
||||||
# This program is free software; you can redistribute it and/or modify
|
# This program is free software; you can redistribute it and/or modify
|
||||||
# it under the terms of the GNU General Public License as published by
|
# it under the terms of the GNU General Public License as published by
|
||||||
@ -26,22 +26,43 @@ use Getopt::Long;
|
|||||||
use Text::ParseWords qw(shellwords);
|
use Text::ParseWords qw(shellwords);
|
||||||
use Text::Tabs qw(expand);
|
use Text::Tabs qw(expand);
|
||||||
use POSIX qw(strftime setlocale LC_ALL);
|
use POSIX qw(strftime setlocale LC_ALL);
|
||||||
|
use Locale::gettext qw(gettext);
|
||||||
|
use Encode qw(decode encode);
|
||||||
|
use I18N::Langinfo qw(langinfo CODESET);
|
||||||
|
|
||||||
my $this_program = 'help2man';
|
my $this_program = 'help2man';
|
||||||
my $this_version = '1.47.4';
|
my $this_version = '1.47.12';
|
||||||
|
my $encoding;
|
||||||
|
|
||||||
sub _ { $_[0] }
|
{
|
||||||
|
my $gettext = Locale::gettext->domain($this_program);
|
||||||
|
sub _ { $gettext->get($_[0]) }
|
||||||
|
|
||||||
|
my ($user_locale) = grep defined && length,
|
||||||
|
(map $ENV{$_}, qw(LANGUAGE LC_ALL LC_MESSAGES LANG)), 'C';
|
||||||
|
|
||||||
|
my $user_encoding = langinfo CODESET;
|
||||||
|
|
||||||
|
# Set localisation of date and executable's output.
|
||||||
sub configure_locale
|
sub configure_locale
|
||||||
{
|
{
|
||||||
my $locale = shift;
|
delete @ENV{qw(LANGUAGE LC_MESSAGES LANG)};
|
||||||
die "$this_program: no locale support (Locale::gettext required)\n"
|
setlocale LC_ALL, $ENV{LC_ALL} = shift || 'C';
|
||||||
unless $locale eq 'C';
|
$encoding = langinfo CODESET;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub dec { $encoding ? decode $encoding, $_[0] : $_[0] }
|
||||||
|
sub enc { $encoding ? encode $encoding, $_[0] : $_[0] }
|
||||||
|
sub enc_user { encode $user_encoding, $_[0] }
|
||||||
|
sub kark # die with message formatted in the invoking user's locale
|
||||||
|
{
|
||||||
|
setlocale LC_ALL, $user_locale;
|
||||||
|
my $fmt = $gettext->get(shift);
|
||||||
|
my $errmsg = enc_user sprintf $fmt, @_;
|
||||||
|
die $errmsg, "\n";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub dec { $_[0] }
|
|
||||||
sub enc { $_[0] }
|
|
||||||
sub enc_user { $_[0] }
|
|
||||||
sub kark { die +(sprintf shift, @_), "\n" }
|
|
||||||
sub N_ { $_[0] }
|
sub N_ { $_[0] }
|
||||||
|
|
||||||
sub program_basename;
|
sub program_basename;
|
||||||
@ -53,7 +74,7 @@ my $version_info = enc_user sprintf _(<<'EOT'), $this_program, $this_version;
|
|||||||
GNU %s %s
|
GNU %s %s
|
||||||
|
|
||||||
Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2009, 2010,
|
Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2009, 2010,
|
||||||
2011, 2012, 2013, 2014, 2015 Free Software Foundation, Inc.
|
2011, 2012, 2013, 2014, 2015, 2016, 2017 Free Software Foundation, Inc.
|
||||||
This is free software; see the source for copying conditions. There is NO
|
This is free software; see the source for copying conditions. There is NO
|
||||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||||
|
|
||||||
@ -123,6 +144,8 @@ my %opt_def = (
|
|||||||
Getopt::Long::config('bundling');
|
Getopt::Long::config('bundling');
|
||||||
die $help_info unless GetOptions %opt_def and @ARGV == 1;
|
die $help_info unless GetOptions %opt_def and @ARGV == 1;
|
||||||
|
|
||||||
|
configure_locale unless $encoding;
|
||||||
|
|
||||||
my %include = ();
|
my %include = ();
|
||||||
my %replace = ();
|
my %replace = ();
|
||||||
my %append = ();
|
my %append = ();
|
||||||
@ -248,15 +271,15 @@ my $help_text = get_option_value $ARGV[0], $help_option;
|
|||||||
$version_text ||= get_option_value $ARGV[0], $version_option;
|
$version_text ||= get_option_value $ARGV[0], $version_option;
|
||||||
|
|
||||||
# By default the generated manual pages will include the current date. This may
|
# By default the generated manual pages will include the current date. This may
|
||||||
# however be overriden by setting the environment variable $SOURCE_DATE_EPOCH
|
# however be overriden by setting the environment variable $SOURCE_DATE_EPOCH to
|
||||||
# to an integer value of the seconds since the UNIX epoch. This is primarily
|
# an integer value of the seconds since the UNIX epoch. This is primarily
|
||||||
# intended to support reproducible builds (wiki.debian.org/ReproducibleBuilds)
|
# intended to support reproducible builds (wiki.debian.org/ReproducibleBuilds)
|
||||||
# and will additionally ensure that the output date string is UTC.
|
# and will additionally ensure that the output date string is UTC.
|
||||||
my $epoch_secs = time;
|
my $epoch_secs = time;
|
||||||
if (exists $ENV{SOURCE_DATE_EPOCH} and $ENV{SOURCE_DATE_EPOCH} =~ /^(\d+)$/)
|
if (exists $ENV{SOURCE_DATE_EPOCH} and $ENV{SOURCE_DATE_EPOCH} =~ /^(\d+)$/)
|
||||||
{
|
{
|
||||||
$epoch_secs = $1;
|
$epoch_secs = $1;
|
||||||
$ENV{TZ} = 'UTC';
|
$ENV{TZ} = 'UTC0';
|
||||||
}
|
}
|
||||||
|
|
||||||
# Translators: the following message is a strftime(3) format string, which in
|
# Translators: the following message is a strftime(3) format string, which in
|
||||||
|
16
include.h2m
16
include.h2m
@ -3,11 +3,24 @@ make-ca -g
|
|||||||
|
|
||||||
[EXAMPLES]
|
[EXAMPLES]
|
||||||
The make-ca script will process the certificates included in the certdata.txt
|
The make-ca script will process the certificates included in the certdata.txt
|
||||||
file for use in multiple certificate stores (if the associated applications are
|
file for use in multiple certificate stores (if the required prerequisites are
|
||||||
present on the system). Additionally, any local certificates stored in
|
present on the system). Additionally, any local certificates stored in
|
||||||
/etc/ssl/local will be imported to the certificate stores. Certificates in this
|
/etc/ssl/local will be imported to the certificate stores. Certificates in this
|
||||||
directory should be stored as PEM encoded OpenSSL trusted certificates.
|
directory should be stored as PEM encoded OpenSSL trusted certificates.
|
||||||
|
|
||||||
|
The make-ca script depends on OpenSSL-1.1.0, P11-Kit-0.23, and optionally,
|
||||||
|
NSS-3.23 (for the MozTrust exetension). Additionally, Coreutils, gawk, and sed
|
||||||
|
are used. The default locations for output files can be tailored for your
|
||||||
|
environment via the /etc/make-ca.conf configuration file.
|
||||||
|
|
||||||
|
As of version 1.2, a p11-kit helper, copy-trust-modifications, is included
|
||||||
|
for use in p11-kit's trust-extract-compat script. Manual creation of OpenSSL
|
||||||
|
trusted certificates is no longer needed. Instead, import the certificate
|
||||||
|
using p11-kit's trust utility, and recreate the individual stores using the
|
||||||
|
update-ca-certificates script. A copy of any modified anchors will be placed
|
||||||
|
into $LOCALDIR (in the correct format) by the p11-kit helper script. The old
|
||||||
|
method is left for reference:
|
||||||
|
|
||||||
To create an OpenSSL trusted certificate from a regular PEM encoded file,
|
To create an OpenSSL trusted certificate from a regular PEM encoded file,
|
||||||
provided by a CA not included in Mozilla's certificate distribution, you need
|
provided by a CA not included in Mozilla's certificate distribution, you need
|
||||||
to add trust arguments to the openssl command, and create a new certificate.
|
to add trust arguments to the openssl command, and create a new certificate.
|
||||||
@ -36,3 +49,4 @@ particular use, replace the -addtrust flag with the -addreject flag.
|
|||||||
Local trust overrides are handled entirely using the /etc/ssl/local directory.
|
Local trust overrides are handled entirely using the /etc/ssl/local directory.
|
||||||
To override Mozilla's trust values, simply make a copy of the certificate in
|
To override Mozilla's trust values, simply make a copy of the certificate in
|
||||||
the local directory with alternate trust values.
|
the local directory with alternate trust values.
|
||||||
|
|
||||||
|
4
make-ca
4
make-ca
@ -237,8 +237,8 @@ function check_arg(){
|
|||||||
function showhelp(){
|
function showhelp(){
|
||||||
echo ""
|
echo ""
|
||||||
echo "`basename ${0}` is a utility to deliver and manage a complete PKI configuration"
|
echo "`basename ${0}` is a utility to deliver and manage a complete PKI configuration"
|
||||||
echo "for workstaitons and servers using only standard Unix utilities and OpenSSL. It"
|
echo "for workstaitons and servers using only standard GNU utilities, OpenSSL, and"
|
||||||
echo "will optionally generate keystores for OpenJDK and NSS if already installed,"
|
echo "P11-Kit. It will optionally generate keystores for NSS if already installed,"
|
||||||
echo "using a Mozilla cacerts.txt or like formatted file. It was originally developed"
|
echo "using a Mozilla cacerts.txt or like formatted file. It was originally developed"
|
||||||
echo "for use with Linux From Scratch to minimize dependencies for early system"
|
echo "for use with Linux From Scratch to minimize dependencies for early system"
|
||||||
echo "build, but has been written to be generic enough for any Linux distribution."
|
echo "build, but has been written to be generic enough for any Linux distribution."
|
||||||
|
Loading…
x
Reference in New Issue
Block a user