make-ca, include.h2m: Add detailed dependncy info and add note about configuration file

This commit is contained in:
DJ Lucas 2020-03-07 22:37:27 -06:00
parent 81786ef1c1
commit 892378ecbe
4 changed files with 57 additions and 19 deletions

View File

@ -1,4 +1,5 @@
1.6 - Fix install target for make -j# 1.6 - Fix install target for make -j#
- Add detailed dependncy info and add note about configuration file
1.5 - Allow generation of all stores in alternate directory 1.5 - Allow generation of all stores in alternate directory
1.4 - Revert change to use /usr/bin/update-ca-certifiates for systemd 1.4 - Revert change to use /usr/bin/update-ca-certifiates for systemd
service service

View File

@ -2,7 +2,7 @@
# Generate a short man page from --help and --version output. # Generate a short man page from --help and --version output.
# Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2009, # Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2009,
# 2010, 2011, 2012, 2013, 2014, 2015 Free Software Foundation, Inc. # 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -26,22 +26,43 @@ use Getopt::Long;
use Text::ParseWords qw(shellwords); use Text::ParseWords qw(shellwords);
use Text::Tabs qw(expand); use Text::Tabs qw(expand);
use POSIX qw(strftime setlocale LC_ALL); use POSIX qw(strftime setlocale LC_ALL);
use Locale::gettext qw(gettext);
use Encode qw(decode encode);
use I18N::Langinfo qw(langinfo CODESET);
my $this_program = 'help2man'; my $this_program = 'help2man';
my $this_version = '1.47.4'; my $this_version = '1.47.12';
my $encoding;
sub _ { $_[0] }
sub configure_locale
{ {
my $locale = shift; my $gettext = Locale::gettext->domain($this_program);
die "$this_program: no locale support (Locale::gettext required)\n" sub _ { $gettext->get($_[0]) }
unless $locale eq 'C';
my ($user_locale) = grep defined && length,
(map $ENV{$_}, qw(LANGUAGE LC_ALL LC_MESSAGES LANG)), 'C';
my $user_encoding = langinfo CODESET;
# Set localisation of date and executable's output.
sub configure_locale
{
delete @ENV{qw(LANGUAGE LC_MESSAGES LANG)};
setlocale LC_ALL, $ENV{LC_ALL} = shift || 'C';
$encoding = langinfo CODESET;
}
sub dec { $encoding ? decode $encoding, $_[0] : $_[0] }
sub enc { $encoding ? encode $encoding, $_[0] : $_[0] }
sub enc_user { encode $user_encoding, $_[0] }
sub kark # die with message formatted in the invoking user's locale
{
setlocale LC_ALL, $user_locale;
my $fmt = $gettext->get(shift);
my $errmsg = enc_user sprintf $fmt, @_;
die $errmsg, "\n";
}
} }
sub dec { $_[0] }
sub enc { $_[0] }
sub enc_user { $_[0] }
sub kark { die +(sprintf shift, @_), "\n" }
sub N_ { $_[0] } sub N_ { $_[0] }
sub program_basename; sub program_basename;
@ -53,7 +74,7 @@ my $version_info = enc_user sprintf _(<<'EOT'), $this_program, $this_version;
GNU %s %s GNU %s %s
Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2009, 2010, Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2009, 2010,
2011, 2012, 2013, 2014, 2015 Free Software Foundation, Inc. 2011, 2012, 2013, 2014, 2015, 2016, 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@ -123,6 +144,8 @@ my %opt_def = (
Getopt::Long::config('bundling'); Getopt::Long::config('bundling');
die $help_info unless GetOptions %opt_def and @ARGV == 1; die $help_info unless GetOptions %opt_def and @ARGV == 1;
configure_locale unless $encoding;
my %include = (); my %include = ();
my %replace = (); my %replace = ();
my %append = (); my %append = ();
@ -248,15 +271,15 @@ my $help_text = get_option_value $ARGV[0], $help_option;
$version_text ||= get_option_value $ARGV[0], $version_option; $version_text ||= get_option_value $ARGV[0], $version_option;
# By default the generated manual pages will include the current date. This may # By default the generated manual pages will include the current date. This may
# however be overriden by setting the environment variable $SOURCE_DATE_EPOCH # however be overriden by setting the environment variable $SOURCE_DATE_EPOCH to
# to an integer value of the seconds since the UNIX epoch. This is primarily # an integer value of the seconds since the UNIX epoch. This is primarily
# intended to support reproducible builds (wiki.debian.org/ReproducibleBuilds) # intended to support reproducible builds (wiki.debian.org/ReproducibleBuilds)
# and will additionally ensure that the output date string is UTC. # and will additionally ensure that the output date string is UTC.
my $epoch_secs = time; my $epoch_secs = time;
if (exists $ENV{SOURCE_DATE_EPOCH} and $ENV{SOURCE_DATE_EPOCH} =~ /^(\d+)$/) if (exists $ENV{SOURCE_DATE_EPOCH} and $ENV{SOURCE_DATE_EPOCH} =~ /^(\d+)$/)
{ {
$epoch_secs = $1; $epoch_secs = $1;
$ENV{TZ} = 'UTC'; $ENV{TZ} = 'UTC0';
} }
# Translators: the following message is a strftime(3) format string, which in # Translators: the following message is a strftime(3) format string, which in

View File

@ -3,11 +3,24 @@ make-ca -g
[EXAMPLES] [EXAMPLES]
The make-ca script will process the certificates included in the certdata.txt The make-ca script will process the certificates included in the certdata.txt
file for use in multiple certificate stores (if the associated applications are file for use in multiple certificate stores (if the required prerequisites are
present on the system). Additionally, any local certificates stored in present on the system). Additionally, any local certificates stored in
/etc/ssl/local will be imported to the certificate stores. Certificates in this /etc/ssl/local will be imported to the certificate stores. Certificates in this
directory should be stored as PEM encoded OpenSSL trusted certificates. directory should be stored as PEM encoded OpenSSL trusted certificates.
The make-ca script depends on OpenSSL-1.1.0, P11-Kit-0.23, and optionally,
NSS-3.23 (for the MozTrust exetension). Additionally, Coreutils, gawk, and sed
are used. The default locations for output files can be tailored for your
environment via the /etc/make-ca.conf configuration file.
As of version 1.2, a p11-kit helper, copy-trust-modifications, is included
for use in p11-kit's trust-extract-compat script. Manual creation of OpenSSL
trusted certificates is no longer needed. Instead, import the certificate
using p11-kit's trust utility, and recreate the individual stores using the
update-ca-certificates script. A copy of any modified anchors will be placed
into $LOCALDIR (in the correct format) by the p11-kit helper script. The old
method is left for reference:
To create an OpenSSL trusted certificate from a regular PEM encoded file, To create an OpenSSL trusted certificate from a regular PEM encoded file,
provided by a CA not included in Mozilla's certificate distribution, you need provided by a CA not included in Mozilla's certificate distribution, you need
to add trust arguments to the openssl command, and create a new certificate. to add trust arguments to the openssl command, and create a new certificate.
@ -36,3 +49,4 @@ particular use, replace the -addtrust flag with the -addreject flag.
Local trust overrides are handled entirely using the /etc/ssl/local directory. Local trust overrides are handled entirely using the /etc/ssl/local directory.
To override Mozilla's trust values, simply make a copy of the certificate in To override Mozilla's trust values, simply make a copy of the certificate in
the local directory with alternate trust values. the local directory with alternate trust values.

View File

@ -237,8 +237,8 @@ function check_arg(){
function showhelp(){ function showhelp(){
echo "" echo ""
echo "`basename ${0}` is a utility to deliver and manage a complete PKI configuration" echo "`basename ${0}` is a utility to deliver and manage a complete PKI configuration"
echo "for workstaitons and servers using only standard Unix utilities and OpenSSL. It" echo "for workstaitons and servers using only standard GNU utilities, OpenSSL, and"
echo "will optionally generate keystores for OpenJDK and NSS if already installed," echo "P11-Kit. It will optionally generate keystores for NSS if already installed,"
echo "using a Mozilla cacerts.txt or like formatted file. It was originally developed" echo "using a Mozilla cacerts.txt or like formatted file. It was originally developed"
echo "for use with Linux From Scratch to minimize dependencies for early system" echo "for use with Linux From Scratch to minimize dependencies for early system"
echo "build, but has been written to be generic enough for any Linux distribution." echo "build, but has been written to be generic enough for any Linux distribution."