Commit Graph

161 Commits

Author SHA1 Message Date
DJ Lucas
9291cf9319 make-ca.conf.dist: remove link to aurora 2022-12-27 20:12:26 -06:00
DJ Lucas
5fec9b5317 CS.txt: Update to latestest list of Microsoft certs. 2022-12-27 20:10:32 -06:00
DJ Lucas
6eee45ffc9 CHANGELOG: add missing changelog entries. 2022-12-27 20:07:18 -06:00
DJ Lucas
327c7e9306 make-ca{,.conf.dist}: set nss tree to default source and introduce workaround for p11-kit mishandling of nss-{email,server}-distrust-after values. 2022-12-21 23:10:22 -06:00
DJ Lucas
dac19a3cf1 make-ca: Keep upstream formatting and remove Opnessl data 2022-11-25 11:17:50 -06:00
DJ Lucas
10d6241bd2
make-ca: post-release version bump 2022-11-23 10:55:18 -06:00
DJ Lucas
0b408bda43
Update CHANGELOG 2022-11-23 10:06:27 -06:00
DJ Lucas
1528fdd47c
update-mscertsign.sh: Fix ouput error in script 2022-11-23 10:01:26 -06:00
DJ Lucas
55f8847147
Update CS.txt
Fix comment
2022-11-23 09:59:56 -06:00
DJ Lucas
62ce400648
Update CS.txt before release 2022-11-23 09:59:23 -06:00
DJ Lucas
accd6b49fb
Merge pull request #22 from xry111/ship-mozilla-ca-root
verify hg.mozilla.org with bundled CA root
2022-11-23 08:31:07 -06:00
Xi Ruoyao
d3562bc2f0
verify hg.mozilla.org with bundled CA root
Before this, make-ca does not verify the certificate of hg.mozilla.org
at all.  It makes sense as make-ca often runs on systems without trust
anchor.  But, a MIM can easily fake hg.mozilla.org and completely hijack
the trust anchor of a BLFS system.

To improve the situation, we ship the certificate of the CA root for
hg.mozilla.org (DigiCert Global Root CA) in the make-ca package, and use
it to verify hg.mozilla.org.
2022-01-31 19:07:08 +08:00
DJ Lucas
3093851fdd
Update CHANGELOG 2022-01-10 00:17:38 -06:00
DJ Lucas
76fa47f5d0
Don't install systemd timers on non-systemd
Fixes #18
2022-01-10 00:16:47 -06:00
DJ Lucas
a7ceb85300
Update CS.txt (no changes since last release) 2022-01-10 00:12:39 -06:00
DJ Lucas
23daa436c8
Merge pull request #20 from xry111/fix-19
make-ca: use --filter=ca-anchors for all stores
2022-01-09 22:56:51 -06:00
Xi Ruoyao
151af87198
make-ca: use --filter=ca-anchors for all stores
Fixes #19.
2022-01-09 00:00:22 +08:00
DJ Lucas
6d1c729972 CHANGELOG: all current updates. 2021-09-16 18:56:59 -05:00
DJ Lucas
92dbb064c5 CS.txt,update-mscertsign.sh: Add update script for CS.txt now that MS has update CCADB. 2021-09-16 18:56:30 -05:00
DJ Lucas
1ff5a0a672 make-ca: Update help text for -i/--mscodesign switch. 2021-09-13 22:05:16 -05:00
DJ Lucas
4ee256bfb9 README,Makefile: move distfiles to /etc/make-ca.
Closes #16.
2021-09-13 22:01:58 -05:00
DJ Lucas
c3620b3636 make-ca: guard overrides on first run.
Closes #17.
2021-09-13 21:50:21 -05:00
DJ Lucas
c22c228e3e
Update README 2021-09-13 21:16:41 -05:00
DJ Lucas
aacfcb6b69 make-ca,CHANGELOG: Post-release version bump. 2021-08-29 23:46:04 -05:00
DJ Lucas
1ba7f4319b make-ca: bump version. 2021-08-29 23:33:15 -05:00
DJ Lucas
79082f4814 Changelog 2021-08-29 23:32:18 -05:00
DJ Lucas
3eca3a7dba make-ca: set default for code signing to 0. 2021-08-29 23:31:20 -05:00
DJ Lucas
4bbde9a90b make-ca: Remove unneeded variable (leftover from testing). 2021-08-09 22:17:29 -05:00
DJ Lucas
b138f67112 make-ca: Backup and restore anchors with PKIX extensions. 2021-08-09 22:14:46 -05:00
DJ Lucas
c2a3d1d837 make-ca: Fix typo. 2021-08-08 22:32:37 -05:00
DJ Lucas
c41b7f3d4b Makefile,make-ca: Use Microsoft's trust for code signing with -i | --mscodesign. 2021-08-08 11:03:12 -05:00
DJ Lucas
53ac95f8fd make-ca: remove workarounds and use certdata.txt values first, remove trailing spaces from x509 Subject derived p11label. 2021-08-08 00:26:59 -05:00
DJ Lucas
2c1da33970 make-ca: Special case for poorly named 'NetLock Arany' certs. 2021-08-07 20:16:17 -05:00
DJ Lucas
6e7e5a391c CHANGELOG: yet another typo. 2021-08-07 20:01:19 -05:00
DJ Lucas
5d764d2756 CHANGELOG: typo 2021-08-07 19:59:16 -05:00
DJ Lucas
3fc0a03bb5 :-) Properly thank miijoost for forcing me to fix all of the issues in get_p11_label(). 2021-08-07 19:58:24 -05:00
DJ Lucas
47d1fea7c4 CHANGELOG: clarify changes. 2021-08-07 19:53:35 -05:00
DJ Lucas
94c44961b8 make-ca: Revert change to use p11label for naming anchors. 2021-08-07 19:37:23 -05:00
DJ Lucas
0ea74dd846 make-ca: Additional normalizaton of p11label and fix a few corner cases. Thank you to Michael Joost for brining the issue to my attention. 2021-08-07 19:34:33 -05:00
DJ Lucas
e02c930e6c make-ca: Fix DESTDIR if using a relative path. 2021-08-07 19:32:18 -05:00
DJ Lucas
51ffa79fa4 Fix help output for -a/--anchordir. 2021-08-07 01:48:22 -05:00
DJ Lucas
c79ee2ff79 make-ca: Handle getopt style short options in get_args(). 2021-08-07 00:40:39 -05:00
DJ Lucas
de5bf4a332
CS.txt: Updated code signing list 2021-08-06 23:31:39 -05:00
DJ Lucas
f3913cb756 make-ca: minor text fixups to assiste with man-page output. 2021-08-05 23:56:09 -05:00
DJ Lucas
6938b0f70e README: change comment. 2021-08-05 23:34:27 -05:00
DJ Lucas
16c01c3249 make-ca: don't copy use -v when instaling cacerts.p12. 2021-08-05 23:28:54 -05:00
DJ Lucas
f7a8c9f2f3 README,include.h2m: Sync documentation and fix typos. 2021-08-05 22:43:41 -05:00
DJ Lucas
8baf93dc22 make-ca: Use p11label value and .p11-kit extension for anchor naming. 2021-08-05 22:31:13 -05:00
DJ Lucas
0faf62233b copy-trust-modifications: Use X509v3 Key Usage section to determine local trust for anchros added using tust utiltiy. 2021-08-05 22:27:20 -05:00
DJ Lucas
62864a82a5 LICENSE,CHANGELOG: Fix grammar and typos. 2021-08-05 20:48:55 -05:00