pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: pkgsrc/security



Hi Greg,

Thank you for the feedback.

The key difference between ca-certificates and mozilla-rootcerts is
that the former provides a framework for managing /etc/openssl/certs
in a flexible manner: local certificates can be added, and
installation of certificates from both ca-certificates and possible
other packages that provide certificates is configurable by the
sysadmin. The latter refuses to work with anything but an empty
/etc/openssl/certs. And if I understand correctly,
mozilla-rootcerts-openssl uses fixed filenames for installing in
/etc/openssl/certs, which can result in conflicts with certificates
from other sources.

Using a README file sounds like a good idea. I just copied
mozilla-rootcerts as a starting point, and it used MESSAGE for exactly
the same information. I didn't think of changing it yesterday, but now
I think both packages would benefit from using a README file instead.

Kind regards,
+ Kimmo

On Sun, 31 May 2020 at 19:45, Greg Troxel <gdt%lexort.com@localhost> wrote:
>
> "Kimmo Suominen" <kim%netbsd.org@localhost> writes:
>
> > Module Name:  pkgsrc
> > Committed By: kim
> > Date:         Sun May 31 15:53:44 UTC 2020
> >
> > Modified Files:
> >       pkgsrc/security: Makefile
> > Added Files:
> >       pkgsrc/security/ca-certificates: DESCR INSTALL MESSAGE Makefile PLIST
> >           distinfo
> >       pkgsrc/security/ca-certificates/files: ca-certificates.conf
>
> I wonder how and why this is different from mozilla-rootcerts.  I think
> this is an obvious question, and that therefore DESCR should make that
> clear.
>
> Could you install a README instead of MESSAGE?  This is really just
> regular how-to-use-this-package documentation and I don't think it
> merits shouting at the user via MESSSAGE.
>
>
>
> >
> > Log Message:
> > Add ca-certificates-20190110
> >
> > This package provides the certificates distributed by the Mozilla
> > Project.
> >
> > It also provides a script, update-ca-certs, which can be used to manage
> > a location that makes certificates usable by TLS implementations,
> > including installing select certificates from this package.
> >
> >
> > To generate a diff of this commit:
> > cvs rdiff -u -r1.761 -r1.762 pkgsrc/security/Makefile
> > cvs rdiff -u -r0 -r1.1 pkgsrc/security/ca-certificates/DESCR \
> >     pkgsrc/security/ca-certificates/INSTALL \
> >     pkgsrc/security/ca-certificates/MESSAGE \
> >     pkgsrc/security/ca-certificates/Makefile \
> >     pkgsrc/security/ca-certificates/PLIST \
> >     pkgsrc/security/ca-certificates/distinfo
> > cvs rdiff -u -r0 -r1.1 \
> >     pkgsrc/security/ca-certificates/files/ca-certificates.conf
> >
> > Please note that diffs are not public domain; they are subject to the
> > copyright notices on the relevant files.
> >
> > Modified files:
> >
> > Index: pkgsrc/security/Makefile
> > diff -u pkgsrc/security/Makefile:1.761 pkgsrc/security/Makefile:1.762
> > --- pkgsrc/security/Makefile:1.761    Tue May 26 22:33:20 2020
> > +++ pkgsrc/security/Makefile  Sun May 31 15:53:44 2020
> > @@ -1,4 +1,4 @@
> > -# $NetBSD: Makefile,v 1.761 2020/05/26 22:33:20 adam Exp $
> > +# $NetBSD: Makefile,v 1.762 2020/05/31 15:53:44 kim Exp $
> >  #
> >
> >  COMMENT=     Security tools
> > @@ -34,6 +34,7 @@ SUBDIR+=    bitstir
> >  SUBDIR+=     boringssl
> >  SUBDIR+=     botan
> >  SUBDIR+=     botan-devel
> > +SUBDIR+=     ca-certificates
> >  SUBDIR+=     caff
> >  SUBDIR+=     ccid
> >  SUBDIR+=     cfs
> >
> > Added files:
> >
> > Index: pkgsrc/security/ca-certificates/DESCR
> > diff -u /dev/null pkgsrc/security/ca-certificates/DESCR:1.1
> > --- /dev/null Sun May 31 15:53:44 2020
> > +++ pkgsrc/security/ca-certificates/DESCR     Sun May 31 15:53:44 2020
> > @@ -0,0 +1,6 @@
> > +This package provides the certificates distributed by the Mozilla
> > +Project.
> > +
> > +It also provides a script, update-ca-certs, which can be used to manage
> > +a location that makes certificates usable by TLS implementations,
> > +including installing select certificates from this package.
> > Index: pkgsrc/security/ca-certificates/INSTALL
> > diff -u /dev/null pkgsrc/security/ca-certificates/INSTALL:1.1
> > --- /dev/null Sun May 31 15:53:44 2020
> > +++ pkgsrc/security/ca-certificates/INSTALL   Sun May 31 15:53:44 2020
> > @@ -0,0 +1,7 @@
> > +# $NetBSD: INSTALL,v 1.1 2020/05/31 15:53:44 kim Exp $
> > +
> > +case ${STAGE} in
> > +POST-INSTALL)
> > +     @PREFIX@/sbin/update-ca-certificates
> > +     ;;
> > +esac
> > Index: pkgsrc/security/ca-certificates/MESSAGE
> > diff -u /dev/null pkgsrc/security/ca-certificates/MESSAGE:1.1
> > --- /dev/null Sun May 31 15:53:44 2020
> > +++ pkgsrc/security/ca-certificates/MESSAGE   Sun May 31 15:53:44 2020
> > @@ -0,0 +1,24 @@
> > +===========================================================================
> > +$NetBSD: MESSAGE,v 1.1 2020/05/31 15:53:44 kim Exp $
> > +
> > +Execute this command to install and rehash select CA root certificates
> > +distributed by the Mozilla Project, so that they can be used by third
> > +party applications using OpenSSL. It also creates a single file
> > +certificate bundle in PEM format which can be used by applications using
> > +GnuTLS.
> > +
> > +     # update-ca-certificates
> > +
> > +You can edit /etc/ca-certificates.conf to configure which certificates are
> > +installed. Additionally any certificates in /usr/local/share/ca-certificates
> > +will be installed.
> > +
> > +To mark these certificates as trusted for users of gnupg2, do
> > +the following (assuming default PKG_SYSCONFBASE and a Bourne shell):
> > +
> > +     # mkdir -p /usr/pkg/etc/gnupg
> > +     # cd /usr/pkg/etc/gnupg
> > +     # for c in /etc/openssl/certs/*.pem; do
> > +     > openssl x509 -in $c -noout -fingerprint|sed 's|^.*=\(.*\)|\1 S|'
> > +     > done > trustlist.txt
> > +===========================================================================
> > Index: pkgsrc/security/ca-certificates/Makefile
> > diff -u /dev/null pkgsrc/security/ca-certificates/Makefile:1.1
> > --- /dev/null Sun May 31 15:53:44 2020
> > +++ pkgsrc/security/ca-certificates/Makefile  Sun May 31 15:53:44 2020
> > @@ -0,0 +1,68 @@
> > +# $NetBSD: Makefile,v 1.1 2020/05/31 15:53:44 kim Exp $
> > +
> > +PKGNAME=     ca-certificates-20190110
> > +DISTNAME=    ${PKGNAME:C/-([^-]*)$/_\1/}
> > +CATEGORIES=  security
> > +MASTER_SITES=        http://deb.debian.org/debian/pool/main/c/ca-certificates/
> > +EXTRACT_SUFX=        .tar.xz
> > +
> > +MAINTAINER=  pkgsrc-users%NetBSD.org@localhost
> > +HOMEPAGE=    https://packages.debian.org/source/sid/ca-certificates
> > +COMMENT=     Root CA certificates from the Mozilla Project
> > +LICENSE=     gnu-gpl-v2 AND mpl-2.0
> > +
> > +NO_CONFIGURE=                yes
> > +PYTHON_FOR_BUILD_ONLY=       yes
> > +
> > +USE_TOOLS=   awk:run echo:run expr:run ln:run ls:run openssl:run rm:run mkdir:run
> > +
> > +WRKSRC=              ${WRKDIR}/${PKGNAME_NOREV}
> > +DATADIR=     ${PREFIX}/share/${PKGBASE}
> > +EGDIR=               ${PREFIX}/share/examples/${PKGBASE}
> > +
> > +# Set paths depending on whether we depend on builtin or pkgsrc
> > +# openssl.  \todo Arguably, we should consider installing into both
> > +# builtin and pkgsrc, if both exist, but this requires much more
> > +# thought.
> > +CHECK_BUILTIN.openssl=       yes
> > +.include "../../security/openssl/builtin.mk"
> > +CHECK_BUILTIN.openssl=       no
> > +.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
> > +SSLDIR=              /etc/openssl
> > +.else
> > +SSLDIR=              ${PKG_SYSCONFDIR}/openssl
> > +.endif
> > +
> > +SUBST_CLASSES=               conf paths
> > +SUBST_MESSAGE.conf=  Adjusting configuration file.
> > +SUBST_STAGE.conf=    post-build
> > +SUBST_FILES.conf=    ca-certificates.conf
> > +SUBST_SED.conf=              -e 's,^share/ca-certificates/,,'
> > +SUBST_MESSAGE.paths= Replacing hard-coded paths.
> > +SUBST_STAGE.paths=   post-build
> > +SUBST_FILES.paths=   Makefile sbin/Makefile
> > +SUBST_FILES.paths+=  ca-certificates.conf
> > +SUBST_FILES.paths+=  sbin/update-ca-certificates sbin/update-ca-certificates.8
> > +SUBST_SED.paths=     -e 's,/usr/sbin,${PREFIX}/sbin,g'
> > +SUBST_SED.paths+=    -e 's,/etc/ca-certificates.conf,${PKG_SYSCONFDIR}/ca-certificates.conf,g'
> > +SUBST_SED.paths+=    -e 's,/etc/ssl,${SSLDIR},g'
> > +SUBST_SED.paths+=    -e 's,/usr/share/ca-certificates,${DATADIR},g'
> > +
> > +INSTALLATION_DIRS=   sbin ${DATADIR} ${EGDIR} share/man/man8
> > +
> > +CONF_FILES=          ${EGDIR}/ca-certificates.conf \
> > +                     ${PKG_SYSCONFDIR}/ca-certificates.conf
> > +
> > +pre-build:
> > +     @${CP} ${FILESDIR}/ca-certificates.conf ${WRKSRC}/
> > +     @${GREP} '^share/ca-certificates/' ${FILESDIR}/../PLIST \
> > +         >> ${WRKSRC}/ca-certificates.conf
> > +
> > +post-install:
> > +     ${INSTALL_MAN} ${WRKSRC}/sbin/update-ca-certificates.8 \
> > +         ${DESTDIR}${PREFIX}/share/man/man8/update-ca-certificates.8
> > +     ${INSTALL_DATA} ${WRKSRC}/ca-certificates.conf \
> > +         ${DESTDIR}${EGDIR}/ca-certificates.conf
> > +
> > +.include "../../lang/python/tool.mk"
> > +.include "../../mk/bsd.pkg.mk"
> > Index: pkgsrc/security/ca-certificates/PLIST
> > diff -u /dev/null pkgsrc/security/ca-certificates/PLIST:1.1
> > --- /dev/null Sun May 31 15:53:44 2020
> > +++ pkgsrc/security/ca-certificates/PLIST     Sun May 31 15:53:44 2020
> > @@ -0,0 +1,132 @@
> > +@comment $NetBSD: PLIST,v 1.1 2020/05/31 15:53:44 kim Exp $
> > +sbin/update-ca-certificates
> > +share/ca-certificates/mozilla/ACCVRAIZ1.crt
> > +share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt
> > +share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
> > +share/ca-certificates/mozilla/AddTrust_External_Root.crt
> > +share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
> > +share/ca-certificates/mozilla/AffirmTrust_Networking.crt
> > +share/ca-certificates/mozilla/AffirmTrust_Premium.crt
> > +share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt
> > +share/ca-certificates/mozilla/Amazon_Root_CA_1.crt
> > +share/ca-certificates/mozilla/Amazon_Root_CA_2.crt
> > +share/ca-certificates/mozilla/Amazon_Root_CA_3.crt
> > +share/ca-certificates/mozilla/Amazon_Root_CA_4.crt
> > +share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt
> > +share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
> > +share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
> > +share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt
> > +share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt
> > +share/ca-certificates/mozilla/CA_Disig_Root_R2.crt
> > +share/ca-certificates/mozilla/CFCA_EV_ROOT.crt
> > +share/ca-certificates/mozilla/COMODO_Certification_Authority.crt
> > +share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt
> > +share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt
> > +share/ca-certificates/mozilla/Certigna.crt
> > +share/ca-certificates/mozilla/Certinomis_-_Root_CA.crt
> > +share/ca-certificates/mozilla/Certplus_Class_2_Primary_CA.crt
> > +share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt
> > +share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt
> > +share/ca-certificates/mozilla/Chambers_of_Commerce_Root_-_2008.crt
> > +share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt
> > +share/ca-certificates/mozilla/Cybertrust_Global_Root.crt
> > +share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
> > +share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
> > +share/ca-certificates/mozilla/DST_Root_CA_X3.crt
> > +share/ca-certificates/mozilla/Deutsche_Telekom_Root_CA_2.crt
> > +share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
> > +share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt
> > +share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt
> > +share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt
> > +share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt
> > +share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt
> > +share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
> > +share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt
> > +share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt
> > +share/ca-certificates/mozilla/EC-ACC.crt
> > +share/ca-certificates/mozilla/EE_Certification_Centre_Root_CA.crt
> > +share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
> > +share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt
> > +share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
> > +share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt
> > +share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt
> > +share/ca-certificates/mozilla/GeoTrust_Global_CA.crt
> > +share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority.crt
> > +share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
> > +share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
> > +share/ca-certificates/mozilla/GeoTrust_Universal_CA.crt
> > +share/ca-certificates/mozilla/GeoTrust_Universal_CA_2.crt
> > +share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
> > +share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
> > +share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
> > +share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt
> > +share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt
> > +share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt
> > +share/ca-certificates/mozilla/Global_Chambersign_Root_-_2008.crt
> > +share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt
> > +share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
> > +share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
> > +share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
> > +share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
> > +share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt
> > +share/ca-certificates/mozilla/ISRG_Root_X1.crt
> > +share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt
> > +share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
> > +share/ca-certificates/mozilla/Izenpe.com.crt
> > +share/ca-certificates/mozilla/LuxTrust_Global_Root_2.crt
> > +share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt
> > +share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
> > +share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt
> > +share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
> > +share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
> > +share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
> > +share/ca-certificates/mozilla/QuoVadis_Root_CA.crt
> > +share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt
> > +share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt
> > +share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt
> > +share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt
> > +share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt
> > +share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
> > +share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
> > +share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
> > +share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt
> > +share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt
> > +share/ca-certificates/mozilla/SecureSign_RootCA11.crt
> > +share/ca-certificates/mozilla/SecureTrust_CA.crt
> > +share/ca-certificates/mozilla/Secure_Global_CA.crt
> > +share/ca-certificates/mozilla/Security_Communication_RootCA2.crt
> > +share/ca-certificates/mozilla/Security_Communication_Root_CA.crt
> > +share/ca-certificates/mozilla/Sonera_Class_2_Root_CA.crt
> > +share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
> > +share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
> > +share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt
> > +share/ca-certificates/mozilla/Starfield_Class_2_CA.crt
> > +share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
> > +share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
> > +share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt
> > +share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt
> > +share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt
> > +share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt
> > +share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
> > +share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt
> > +share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt
> > +share/ca-certificates/mozilla/Taiwan_GRCA.crt
> > +share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt
> > +share/ca-certificates/mozilla/TrustCor_ECA-1.crt
> > +share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt
> > +share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt
> > +share/ca-certificates/mozilla/Trustis_FPS_Root_CA.crt
> > +share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt
> > +share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt
> > +share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
> > +share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
> > +share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt
> > +share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
> > +share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt
> > +share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt
> > +share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt
> > +share/ca-certificates/mozilla/thawte_Primary_Root_CA.crt
> > +share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G2.crt
> > +share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G3.crt
> > +share/examples/ca-certificates/ca-certificates.conf
> > +share/man/man8/update-ca-certificates.8
> > Index: pkgsrc/security/ca-certificates/distinfo
> > diff -u /dev/null pkgsrc/security/ca-certificates/distinfo:1.1
> > --- /dev/null Sun May 31 15:53:44 2020
> > +++ pkgsrc/security/ca-certificates/distinfo  Sun May 31 15:53:44 2020
> > @@ -0,0 +1,6 @@
> > +$NetBSD: distinfo,v 1.1 2020/05/31 15:53:44 kim Exp $
> > +
> > +SHA1 (ca-certificates_20190110.tar.xz) = 47d4584eae85fc905e4994766eb3930a8a84e2e1
> > +RMD160 (ca-certificates_20190110.tar.xz) = cbf8f474fba527dc96413632ac5874385bd38e17
> > +SHA512 (ca-certificates_20190110.tar.xz) = 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372
> > +Size (ca-certificates_20190110.tar.xz) = 243472 bytes
> >
> > Index: pkgsrc/security/ca-certificates/files/ca-certificates.conf
> > diff -u /dev/null pkgsrc/security/ca-certificates/files/ca-certificates.conf:1.1
> > --- /dev/null Sun May 31 15:53:44 2020
> > +++ pkgsrc/security/ca-certificates/files/ca-certificates.conf        Sun May 31 15:53:44 2020
> > @@ -0,0 +1,8 @@
> > +# $NetBSD: ca-certificates.conf,v 1.1 2020/05/31 15:53:44 kim Exp $
> > +#
> > +# This file lists certificates that update-ca-certificates(8) will
> > +# select or deselect for installing in /etc/ssl/certs.
> > +#
> > +# A line beginning with # is a comment.
> > +# A line beginning with ! deselects the matching certificate file.
> > +#



Home | Main Index | Thread Index | Old Index