Add back Java P12 certs (disabled by default)

Disable NSSDB by default
2018-09-04 22:19:40 -05:00
parent 1aa966774d
commit 98c0193bb5
2 changed files with 158 additions and 30 deletions
--- a/12
+++ b/12
@@ -1,12 +1,14 @@
 0.9      - Use P11-Kit trust module to generate alternate certificate stores
           from trust policy
-         - Only generate the trust store and NSSDB when using DESTDIR - you now 
-           must run the installed script as part of your post-installation
-           proceedure, with P11-Kit trust available, to generate the alternate
-           certificate stores - only the trust store and NSSDB are distributed
+         - Only generate the trust store (and optionally NSSDB and Java PKCS#12)
+           when using DESTDIR - you now must run the installed script as part of
+           your post-installation proceedure, with P11-Kit trust available, to
+           generate the alternate certificate stores - only the trust store (and
+           optionally NSSDB and Java P12 stores) are distributed
         - Added "Wants=network-online.target" to update-pki.service - Thanks to
           Brendan L for the fix
-         - No longer generate Java p12 format cacerts
+         - No longer generate Java p12 format cacerts by default
+         - No longer generate NSSDB store by default
 0.8      - Use 'openssl rehash' instead of c-rehash script
 0.7      - Generate both PKCS#12 and JKS stores for Java
         - Local certs keep out of band trust when copied to system certs