1. 06 Jan, 2023 6 commits
    • Kevin Daudt's avatar
      === release 20230106 === · d6227d61
      Kevin Daudt authored
      d6227d61
    • Kevin Daudt's avatar
      c_rehash: fix indentation · 58851018
      Kevin Daudt authored
      58851018
    • Kevin Daudt's avatar
      merge: fix c_rehash, correct manpage, remove blacklist.txt · 3d6c04f9
      Kevin Daudt authored
      Modify c_rehash to ignore the /etc/ssl/certs/certs/ca-certificates.crt
      file when created hash softlinks in the /etc/ssl/certs/ directory.
      There are 3 reasons for this: (1) normally whenever
      "update-ca-certificates" is run (whether by a script/trigger or by an
      end-user) a warning will appear:
      
      ```
      WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
      ```
      
      which is annoying but not problematic, however (2) in some circumstances
      such as where that file only contains a single certificate, i.e. where
      you disable *all* the system certificates and only use your own "local"
      CA file, then c_rehash may wrongly create a softlink to the
      ca-certificates.crt file rather than to the correct CA file if c_rehash
      finds the ca-certificates.crt file first in the /etc/ssl/certs/
      directory.
      
      In the "single CA cert" situation if however c_rehash finds the correct
      (single CA) file first then (3) when it does find the ca-certificates.crt
      file it will generate the following warning:
      
      ```
      WARNING: Skipping duplicate certificate in file ca-certificates.crt
      ```
      
      The changes in this MR prevent all 3 scenarios from occurring.
      
      Remove the blacklist.txt file - this has not been updated since it was
      added to the repo 5+ years ago. Also this file is not used for any
      purpose - it was previously used/read by the certdata2pem.py Python
      script but that was replaced by by the mk-ca-bundle.pl Perl script
      which makes no use of blacklist.txt.
      
      Correct update-ca-certificates manpage - this was copied from Debian,
      however the Alpine program does NOT support any cli options, so remove
      these from the manpage.
      
      Fixes #2.
      
      Closes #2
      
      See merge request !5
      3d6c04f9
    • Dermot Bradley's avatar
      correct update-ca-certificates manpage · 1f39f12a
      Dermot Bradley authored
      Correct update-ca-certificates manpage - this was copied from Debian,
      however the Alpine program does NOT support any cli options, so remove
      these from the manpage.
      1f39f12a
    • Dermot Bradley's avatar
      remove blacklist.txt · 6160a6f2
      Dermot Bradley authored
      Remove the blacklist.txt file - this has not been updated since it was
      added to the repo 5+ years ago. Also this file is not used for any
      purpose - it was previously used/read by the certdata2pem.py Python
      script but that was replaced by by the mk-ca-bundle.pl Perl script
      which makes no use of blacklist.txt.
      6160a6f2
    • Dermot Bradley's avatar
      fix c_rehash · 68f6d62b
      Dermot Bradley authored
      Modify c_rehash to ignore the /etc/ssl/certs/certs/ca-certificates.crt
      file when created hash softlinks in the /etc/ssl/certs/ directory.
      There are 3 reasons for this: (1) normally whenever
      "update-ca-certificates" is run (whether by a script/trigger or by an
      end-user) a warning will appear:
      
        WARNING: ca-certificates.crt does not contain exactly one certificate
        or CRL: skipping
      
      which is annoying but not problematic, however (2) in some circumstances
      such as where that file only contains a single certificate, i.e. where
      you disable *all* the system certificates and only use your own "local"
      CA file, then c_rehash may wrongly create a softlink to the
      ca-certificates.crt file rather than to the correct CA file if c_rehash
      finds the ca-certificates.crt file first in the /etc/ssl/certs/
      directory and it will generate a warning when it then finds the actual
      certificate file:
      
        WARNING: Skipping duplicate certificate in file
        ca-cert-cloud-init-ca-cert-01.crt
      
      In the "single CA cert" situation if however c_rehash finds the correct
      (single CA) file first then (3) when it does find the ca-certificates.crt
      file it will generate the following warning:
      
        WARNING: Skipping duplicate certificate in file ca-certificates.crt
      
      The changes in this MR prevent all 3 scenarios from occurring.
      
      Fixes #2.
      68f6d62b
  2. 16 Dec, 2022 1 commit
  3. 15 Dec, 2022 1 commit
  4. 29 Jul, 2022 2 commits
  5. 11 Jan, 2022 2 commits
  6. 20 Dec, 2021 1 commit
  7. 06 Feb, 2020 1 commit
  8. 05 Feb, 2020 3 commits
  9. 18 Dec, 2019 1 commit
  10. 08 Jan, 2019 2 commits
  11. 24 Sep, 2018 2 commits
  12. 14 Nov, 2017 2 commits
  13. 02 Aug, 2017 3 commits
  14. 31 Jul, 2017 1 commit