./security/mozilla-rootcerts, Root CA certificates from the Mozilla Project

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.0.20170121nb6, Package name: mozilla-rootcerts-1.0.20170121nb6, Maintainer: pkgsrc-users

This package provides a script which can be used to extract the root
CA certificates distributed by the Mozilla Project into the current
working directory and to rehash the existing certificates. The directory
can be used by most SSL-aware programs that expect a "CA certificate
path".


Required to build:
[pkgtools/cwrappers]

Master sites:


Version history: (Expand)


CVS history: (Expand)


   2017-07-06 02:58:35 by Greg Troxel | Files touched by this commit (2)
Log message:
Regularize path subsitution and use PREFIX

Use PREFIX rather than LOCALBASE.  What matters is where this packages
prefix is, not anything else.

Substitute all paths the same way, assigning to sh variables in one
place, alphabetically, and then using them.  Sort list of substituted
variables alphabetically also, so it's easier to review the code.

No functional change for any reasonable configuration.

Based on a suggestion by J. Lewis Muir on pkgsrc-users.
   2017-06-22 02:30:10 by Greg Troxel | Files touched by this commit (1)
Log message:
Add comment about multiple install locations

This package installs into either the builtin openssl or the pkgsrc
one, depending on which is chosen.  However, that's not obviously
right (while also not obviously wrong).  If there are two versions of
of openssl, perhaps both should have certificates configured.  Or
perhaps not -- this simply adds a comment that the issue bears
thinking about.
   2017-06-19 02:39:53 by Greg Troxel | Files touched by this commit (1)
Log message:
Adjust comments around ca-certificates.crt

(Ride earlier PKGREVISION.)
   2017-06-19 02:37:48 by Greg Troxel | Files touched by this commit (2)
Log message:
Revert touching of openssl config file

Earlier, code was added to "touch $conffile" to work around openssl
issuing a warning if openssl.conf was not present.  This is
problematic because if the warning is appropriate, 1) we have no way
of knowing that an empty config file is correct and 2) we should not
silence it.  If the warning is buggy, then openssl and/or the base
system should be fixed.  Further, this code changes the modification
date of the config file on every run, even when there is a valid
config file.

(There was no discussion prior, three objections and no concurrences,
and no response, so reverting seems ok.)
   2017-06-19 02:32:38 by Greg Troxel | Files touched by this commit (2)
Log message:
Rationalize directory handling around ca-certificates.crt

Now, ca-certificates.crt is always in the main certs dir, because we
have been careful about builtin vs pkgsrc paths.  So the directory
must exist (because it was checked earlier).  Instead, check for the
ca-certificates.crt file existing.  Add more questioning comments.

Based on a patch by J. Lewis Muir.
   2017-06-19 02:20:15 by Greg Troxel | Files touched by this commit (1)
Log message:
Add comments questioning many things

Describe issues with touching the config file and the spurious
directory check surrounding ca-certificates.crt.
   2017-06-19 02:10:21 by Greg Troxel | Files touched by this commit (2)
Log message:
Substitute path to openssl more thoroughly

This package can depend on builtin openssl or pkgsrc openssl.
However, it had paths from the base system hardcoded.  Be more
thorough about using builtin vs pkgsrc paths.  This is a minimal
change to use builtin/pkgsrc paths; future commits will note latent
issues uncovered in the process.

Based on a report to pkgsrc-users by J. Lewis Muir.
   2017-03-15 19:52:56 by Jonathan Perkin | Files touched by this commit (2) | Package updated
Log message:
Limit broken openssl.cnf handling to NetBSD only after no response from
bsiegert@.  There's no reason to pollute other operating systems.

Bump PKGREVISION.