emo/make-ca
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
152 Commits 1 Branch 0 Tags 220 KiB
62ce400648
Commit Graph

152 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
DJ Lucas
62ce400648
Update CS.txt before release 2022-11-23 09:59:23 -06:00
DJ Lucas
accd6b49fb
Merge pull request #22 from xry111/ship-mozilla-ca-root 
verify hg.mozilla.org with bundled CA root
 2022-11-23 08:31:07 -06:00
Xi Ruoyao
d3562bc2f0
verify hg.mozilla.org with bundled CA root 
Before this, make-ca does not verify the certificate of hg.mozilla.org
at all.  It makes sense as make-ca often runs on systems without trust
anchor.  But, a MIM can easily fake hg.mozilla.org and completely hijack
the trust anchor of a BLFS system.

To improve the situation, we ship the certificate of the CA root for
hg.mozilla.org (DigiCert Global Root CA) in the make-ca package, and use
it to verify hg.mozilla.org.
 2022-01-31 19:07:08 +08:00
DJ Lucas
3093851fdd
Update CHANGELOG 2022-01-10 00:17:38 -06:00
DJ Lucas
76fa47f5d0
Don't install systemd timers on non-systemd 
Fixes #18
 2022-01-10 00:16:47 -06:00
DJ Lucas
a7ceb85300
Update CS.txt (no changes since last release) 2022-01-10 00:12:39 -06:00
DJ Lucas
23daa436c8
Merge pull request #20 from xry111/fix-19 
make-ca: use --filter=ca-anchors for all stores
 2022-01-09 22:56:51 -06:00
Xi Ruoyao
151af87198
make-ca: use --filter=ca-anchors for all stores 
Fixes #19.
 2022-01-09 00:00:22 +08:00
DJ Lucas
6d1c729972 CHANGELOG: all current updates. 2021-09-16 18:56:59 -05:00
DJ Lucas
92dbb064c5 CS.txt,update-mscertsign.sh: Add update script for CS.txt now that MS has update CCADB. 2021-09-16 18:56:30 -05:00
DJ Lucas
1ff5a0a672 make-ca: Update help text for -i/--mscodesign switch. 2021-09-13 22:05:16 -05:00
DJ Lucas
4ee256bfb9 README,Makefile: move distfiles to /etc/make-ca. 
Closes #16.
 2021-09-13 22:01:58 -05:00
DJ Lucas
c3620b3636 make-ca: guard overrides on first run. 
Closes #17.
 2021-09-13 21:50:21 -05:00
DJ Lucas
c22c228e3e
Update README 2021-09-13 21:16:41 -05:00
DJ Lucas
aacfcb6b69 make-ca,CHANGELOG: Post-release version bump. 2021-08-29 23:46:04 -05:00
DJ Lucas
1ba7f4319b make-ca: bump version. 2021-08-29 23:33:15 -05:00
DJ Lucas
79082f4814 Changelog 2021-08-29 23:32:18 -05:00
DJ Lucas
3eca3a7dba make-ca: set default for code signing to 0. 2021-08-29 23:31:20 -05:00
DJ Lucas
4bbde9a90b make-ca: Remove unneeded variable (leftover from testing). 2021-08-09 22:17:29 -05:00
DJ Lucas
b138f67112 make-ca: Backup and restore anchors with PKIX extensions. 2021-08-09 22:14:46 -05:00
DJ Lucas
c2a3d1d837 make-ca: Fix typo. 2021-08-08 22:32:37 -05:00
DJ Lucas
c41b7f3d4b Makefile,make-ca: Use Microsoft's trust for code signing with -i | --mscodesign. 2021-08-08 11:03:12 -05:00
DJ Lucas
53ac95f8fd make-ca: remove workarounds and use certdata.txt values first, remove trailing spaces from x509 Subject derived p11label. 2021-08-08 00:26:59 -05:00
DJ Lucas
2c1da33970 make-ca: Special case for poorly named 'NetLock Arany' certs. 2021-08-07 20:16:17 -05:00
DJ Lucas
6e7e5a391c CHANGELOG: yet another typo. 2021-08-07 20:01:19 -05:00
DJ Lucas
5d764d2756 CHANGELOG: typo 2021-08-07 19:59:16 -05:00
DJ Lucas
3fc0a03bb5 :-) Properly thank miijoost for forcing me to fix all of the issues in get_p11_label(). 2021-08-07 19:58:24 -05:00
DJ Lucas
47d1fea7c4 CHANGELOG: clarify changes. 2021-08-07 19:53:35 -05:00
DJ Lucas
94c44961b8 make-ca: Revert change to use p11label for naming anchors. 2021-08-07 19:37:23 -05:00
DJ Lucas
0ea74dd846 make-ca: Additional normalizaton of p11label and fix a few corner cases. Thank you to Michael Joost for brining the issue to my attention. 2021-08-07 19:34:33 -05:00
DJ Lucas
e02c930e6c make-ca: Fix DESTDIR if using a relative path. 2021-08-07 19:32:18 -05:00
DJ Lucas
51ffa79fa4 Fix help output for -a/--anchordir. 2021-08-07 01:48:22 -05:00
DJ Lucas
c79ee2ff79 make-ca: Handle getopt style short options in get_args(). 2021-08-07 00:40:39 -05:00
DJ Lucas
de5bf4a332
CS.txt: Updated code signing list 2021-08-06 23:31:39 -05:00
DJ Lucas
f3913cb756 make-ca: minor text fixups to assiste with man-page output. 2021-08-05 23:56:09 -05:00
DJ Lucas
6938b0f70e README: change comment. 2021-08-05 23:34:27 -05:00
DJ Lucas
16c01c3249 make-ca: don't copy use -v when instaling cacerts.p12. 2021-08-05 23:28:54 -05:00
DJ Lucas
f7a8c9f2f3 README,include.h2m: Sync documentation and fix typos. 2021-08-05 22:43:41 -05:00
DJ Lucas
8baf93dc22 make-ca: Use p11label value and .p11-kit extension for anchor naming. 2021-08-05 22:31:13 -05:00
DJ Lucas
0faf62233b copy-trust-modifications: Use X509v3 Key Usage section to determine local trust for anchros added using tust utiltiy. 2021-08-05 22:27:20 -05:00
DJ Lucas
62864a82a5 LICENSE,CHANGELOG: Fix grammar and typos. 2021-08-05 20:48:55 -05:00
DJ Lucas
26dabca6f0 CHANGELOG,README: udpate version requirements for p11-kit to 0.23.19. 2021-08-05 20:40:36 -05:00
DJ Lucas
6a96f18a6f LICENSE{,.MIT}:Clarify dual license. 2021-08-05 20:06:50 -05:00
DJ Lucas
0c4cc4ab0d README: clarify functionality. 2021-08-05 19:57:31 -05:00
DJ Lucas
d7c3b6f28b make-ca: Correct incorrectly named get_p11_val(). 2021-08-05 19:39:08 -05:00
DJ Lucas
2284b419ed make-ca: Fix output of NSSDB and Java PCKS#12 stores. 2021-08-05 01:13:05 -05:00
DJ Lucas
d857f7c530 make-ca: Use --filter=certificates for all stores. 2021-08-05 00:33:04 -05:00
DJ Lucas
6ee8e5316e make-ca: Add nss-{server,email}-distrust-after values in anchors. 2021-08-05 00:04:05 -05:00
DJ Lucas
e38a575d03 CHANGELOG: add entry for previous commit. 2021-08-04 22:20:37 -05:00
DJ Lucas
e4b5db9b34 make-ca,copy-trust-modifications: omit x-certificate-extension.p11kit and assume serverAuth 2021-08-04 22:17:50 -05:00