pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/mozilla-rootcerts-openssl



Module Name:    pkgsrc
Committed By:   gdt
Date:           Fri Mar 27 13:42:53 UTC 2020

Modified Files:
        pkgsrc/security/mozilla-rootcerts-openssl: DESCR

Log Message:
mozilla-rootcerts-openssl: Revise and extend DESCR

Explain the purpose, and then explain the mechanism and why it is
somewhat and very irregular in the pkgsrc and native cases.

Point to mozilla-rootcerts as providing certificates without
configuring them as trust anchors.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/mozilla-rootcerts-openssl/DESCR

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/mozilla-rootcerts-openssl/DESCR
diff -u pkgsrc/security/mozilla-rootcerts-openssl/DESCR:1.1 pkgsrc/security/mozilla-rootcerts-openssl/DESCR:1.2
--- pkgsrc/security/mozilla-rootcerts-openssl/DESCR:1.1 Sat Apr 18 20:21:25 2015
+++ pkgsrc/security/mozilla-rootcerts-openssl/DESCR     Fri Mar 27 13:42:53 2020
@@ -1,7 +1,18 @@
-This is a hack for managing the certificate files installed into
-the OpenSSL certs directory by the mozilla-rootcerts package.
+This package configures the Mozilla rootcerts bundle CAs as trust
+anchors in OpenSSL, so that programs using OpenSSL will be able to use
+them to validate SSL certificates.
 
-For native OpenSSL it operates directly in /etc/ssl/certs (because it
-has to) and not under the pkgsrc prefix, and even for pkgsrc OpenSSL
-it still scribbles in $PREFIX/etc/ssl/certs where packages normally
-shouldn't. Be advised.
+For pkgsrc-provided OpenSSL, this package operates modifies
+${PREFIX}/etc/ssl/certs as installed by another package.  This is
+somewhat irregular as packages should not modify content under etc.
+
+For native OpenSSL, it modifies the base system OpenSSL certificate
+directory, e.g. /etc/openssl/certs or /etc/ssl/certs.  This is
+necessary to configure trust anchors for native OpenSSL, so that
+progams in pkgsrc can use these CA certs in validation.  Modification
+of /etc is very irregular as pkgsrc should not write anything outside
+of ${PREFIX}.
+
+See also the mozilla-rootcerts package (which this one depends on) for
+placing the Mozilla CA list in the filesystem but not configuring it
+into OpenSSL.
\ No newline at end of file



Home | Main Index | Thread Index | Old Index