./security/mozilla-rootcerts-openssl, Wedge for installing and managing mozilla-rootcerts

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.14, Package name: mozilla-rootcerts-openssl-2.14, Maintainer: dholland

This package configures the Mozilla rootcerts bundle CAs as trust
anchors in OpenSSL, so that programs using OpenSSL will be able to use
them to validate SSL certificates. It is for manual installation by
the system administrator only.

For pkgsrc-provided OpenSSL, this package modifies
${PREFIX}/etc/ssl/certs, which belongs to another package. This is
somewhat irregular as packages should not modify content under etc.

For native OpenSSL, it modifies the base system OpenSSL certificate
directory, e.g. /etc/openssl/certs or /etc/ssl/certs. This is
necessary to configure trust anchors for native OpenSSL, so that
progams in pkgsrc can use these CA certs in validation. Modification
of /etc is very irregular as pkgsrc should not write anything outside
of ${PREFIX}.

See also the mozilla-rootcerts package (which this one depends on as a
built-time tool) for placing the Mozilla CA list in the filesystem but
not configuring it into OpenSSL, as well as a script to aid in manual
configuration of trust anchors.

It is policy that no other package may depend on
mozilla-rootcerts-openssl, because any such dependency would modify
system configuration as a side effect of that other package.


Required to build:
[security/mozilla-rootcerts] [pkgtools/cwrappers]

Version history: (Expand)


CVS history: (Expand)


   2024-02-20 17:51:45 by Jonathan Perkin | Files touched by this commit (4)
Log message:
mozilla-rootcerts*: Update to 20240214 data.
   2023-11-25 11:32:24 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
mozilla-rootcerts*: update to 20231115 data
   2023-09-03 02:20:04 by Greg Troxel | Files touched by this commit (1)
Log message:
mozilla-rootcerts-openssl: Document longstanding non-dependency policy

This is for manual installation only.  We decided a long time ago that
no other package was allowed to depend on mozilla-rootcerts-openssl,
but apparently never wrote it down.
   2023-08-29 12:08:23 by Greg Troxel | Files touched by this commit (1)
Log message:
mozilla-rootcerts-openssl: Clarify DESCR about dependency

This package likely used to full-depend on mozilla-rootcerts, but now
it uses it only as a build tool, and the resulting binary package
does not have a dependency.  This is not that important, but the
entire situation is confusing, so clean up the wording.
   2023-08-12 09:05:48 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
mozilla-rootcerts-openssl: update to 2.12.

Matches mozilla-rootcerts 20230720 edition.
   2023-06-06 14:42:56 by Taylor R Campbell | Files touched by this commit (1319)
Log message:
Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/.

Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).

No change to BUILD_DEPENDS as used correctly inside buildlink3.

As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html
   2023-06-02 11:10:16 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
mozilla-rootcerts-openssl: fix PLIST; apply pkglint suggestion
   2023-06-01 15:20:40 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
mozilla-rootcert*: update to 20230505 data