make-ca, include.h2m: Add detailed dependncy info and add note about configuration file
This commit is contained in:
parent
81786ef1c1
commit
892378ecbe
@ -1,4 +1,5 @@
|
||||
1.6 - Fix install target for make -j#
|
||||
- Add detailed dependncy info and add note about configuration file
|
||||
1.5 - Allow generation of all stores in alternate directory
|
||||
1.4 - Revert change to use /usr/bin/update-ca-certifiates for systemd
|
||||
service
|
||||
|
51
help2man
51
help2man
@ -2,7 +2,7 @@
|
||||
|
||||
# Generate a short man page from --help and --version output.
|
||||
# Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2009,
|
||||
# 2010, 2011, 2012, 2013, 2014, 2015 Free Software Foundation, Inc.
|
||||
# 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 Free Software Foundation, Inc.
|
||||
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@ -26,22 +26,43 @@ use Getopt::Long;
|
||||
use Text::ParseWords qw(shellwords);
|
||||
use Text::Tabs qw(expand);
|
||||
use POSIX qw(strftime setlocale LC_ALL);
|
||||
use Locale::gettext qw(gettext);
|
||||
use Encode qw(decode encode);
|
||||
use I18N::Langinfo qw(langinfo CODESET);
|
||||
|
||||
my $this_program = 'help2man';
|
||||
my $this_version = '1.47.4';
|
||||
my $this_version = '1.47.12';
|
||||
my $encoding;
|
||||
|
||||
sub _ { $_[0] }
|
||||
{
|
||||
my $gettext = Locale::gettext->domain($this_program);
|
||||
sub _ { $gettext->get($_[0]) }
|
||||
|
||||
my ($user_locale) = grep defined && length,
|
||||
(map $ENV{$_}, qw(LANGUAGE LC_ALL LC_MESSAGES LANG)), 'C';
|
||||
|
||||
my $user_encoding = langinfo CODESET;
|
||||
|
||||
# Set localisation of date and executable's output.
|
||||
sub configure_locale
|
||||
{
|
||||
my $locale = shift;
|
||||
die "$this_program: no locale support (Locale::gettext required)\n"
|
||||
unless $locale eq 'C';
|
||||
delete @ENV{qw(LANGUAGE LC_MESSAGES LANG)};
|
||||
setlocale LC_ALL, $ENV{LC_ALL} = shift || 'C';
|
||||
$encoding = langinfo CODESET;
|
||||
}
|
||||
|
||||
sub dec { $encoding ? decode $encoding, $_[0] : $_[0] }
|
||||
sub enc { $encoding ? encode $encoding, $_[0] : $_[0] }
|
||||
sub enc_user { encode $user_encoding, $_[0] }
|
||||
sub kark # die with message formatted in the invoking user's locale
|
||||
{
|
||||
setlocale LC_ALL, $user_locale;
|
||||
my $fmt = $gettext->get(shift);
|
||||
my $errmsg = enc_user sprintf $fmt, @_;
|
||||
die $errmsg, "\n";
|
||||
}
|
||||
}
|
||||
|
||||
sub dec { $_[0] }
|
||||
sub enc { $_[0] }
|
||||
sub enc_user { $_[0] }
|
||||
sub kark { die +(sprintf shift, @_), "\n" }
|
||||
sub N_ { $_[0] }
|
||||
|
||||
sub program_basename;
|
||||
@ -53,7 +74,7 @@ my $version_info = enc_user sprintf _(<<'EOT'), $this_program, $this_version;
|
||||
GNU %s %s
|
||||
|
||||
Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2009, 2010,
|
||||
2011, 2012, 2013, 2014, 2015 Free Software Foundation, Inc.
|
||||
2011, 2012, 2013, 2014, 2015, 2016, 2017 Free Software Foundation, Inc.
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
||||
@ -123,6 +144,8 @@ my %opt_def = (
|
||||
Getopt::Long::config('bundling');
|
||||
die $help_info unless GetOptions %opt_def and @ARGV == 1;
|
||||
|
||||
configure_locale unless $encoding;
|
||||
|
||||
my %include = ();
|
||||
my %replace = ();
|
||||
my %append = ();
|
||||
@ -248,15 +271,15 @@ my $help_text = get_option_value $ARGV[0], $help_option;
|
||||
$version_text ||= get_option_value $ARGV[0], $version_option;
|
||||
|
||||
# By default the generated manual pages will include the current date. This may
|
||||
# however be overriden by setting the environment variable $SOURCE_DATE_EPOCH
|
||||
# to an integer value of the seconds since the UNIX epoch. This is primarily
|
||||
# however be overriden by setting the environment variable $SOURCE_DATE_EPOCH to
|
||||
# an integer value of the seconds since the UNIX epoch. This is primarily
|
||||
# intended to support reproducible builds (wiki.debian.org/ReproducibleBuilds)
|
||||
# and will additionally ensure that the output date string is UTC.
|
||||
my $epoch_secs = time;
|
||||
if (exists $ENV{SOURCE_DATE_EPOCH} and $ENV{SOURCE_DATE_EPOCH} =~ /^(\d+)$/)
|
||||
{
|
||||
$epoch_secs = $1;
|
||||
$ENV{TZ} = 'UTC';
|
||||
$ENV{TZ} = 'UTC0';
|
||||
}
|
||||
|
||||
# Translators: the following message is a strftime(3) format string, which in
|
||||
|
16
include.h2m
16
include.h2m
@ -3,11 +3,24 @@ make-ca -g
|
||||
|
||||
[EXAMPLES]
|
||||
The make-ca script will process the certificates included in the certdata.txt
|
||||
file for use in multiple certificate stores (if the associated applications are
|
||||
file for use in multiple certificate stores (if the required prerequisites are
|
||||
present on the system). Additionally, any local certificates stored in
|
||||
/etc/ssl/local will be imported to the certificate stores. Certificates in this
|
||||
directory should be stored as PEM encoded OpenSSL trusted certificates.
|
||||
|
||||
The make-ca script depends on OpenSSL-1.1.0, P11-Kit-0.23, and optionally,
|
||||
NSS-3.23 (for the MozTrust exetension). Additionally, Coreutils, gawk, and sed
|
||||
are used. The default locations for output files can be tailored for your
|
||||
environment via the /etc/make-ca.conf configuration file.
|
||||
|
||||
As of version 1.2, a p11-kit helper, copy-trust-modifications, is included
|
||||
for use in p11-kit's trust-extract-compat script. Manual creation of OpenSSL
|
||||
trusted certificates is no longer needed. Instead, import the certificate
|
||||
using p11-kit's trust utility, and recreate the individual stores using the
|
||||
update-ca-certificates script. A copy of any modified anchors will be placed
|
||||
into $LOCALDIR (in the correct format) by the p11-kit helper script. The old
|
||||
method is left for reference:
|
||||
|
||||
To create an OpenSSL trusted certificate from a regular PEM encoded file,
|
||||
provided by a CA not included in Mozilla's certificate distribution, you need
|
||||
to add trust arguments to the openssl command, and create a new certificate.
|
||||
@ -36,3 +49,4 @@ particular use, replace the -addtrust flag with the -addreject flag.
|
||||
Local trust overrides are handled entirely using the /etc/ssl/local directory.
|
||||
To override Mozilla's trust values, simply make a copy of the certificate in
|
||||
the local directory with alternate trust values.
|
||||
|
||||
|
4
make-ca
4
make-ca
@ -237,8 +237,8 @@ function check_arg(){
|
||||
function showhelp(){
|
||||
echo ""
|
||||
echo "`basename ${0}` is a utility to deliver and manage a complete PKI configuration"
|
||||
echo "for workstaitons and servers using only standard Unix utilities and OpenSSL. It"
|
||||
echo "will optionally generate keystores for OpenJDK and NSS if already installed,"
|
||||
echo "for workstaitons and servers using only standard GNU utilities, OpenSSL, and"
|
||||
echo "P11-Kit. It will optionally generate keystores for NSS if already installed,"
|
||||
echo "using a Mozilla cacerts.txt or like formatted file. It was originally developed"
|
||||
echo "for use with Linux From Scratch to minimize dependencies for early system"
|
||||
echo "build, but has been written to be generic enough for any Linux distribution."
|
||||
|
Loading…
Reference in New Issue
Block a user