Shared System Certificates followup: Packaging Guidelines?
Kai Engert
kaie at kuix.de
Wed Jan 8 17:56:57 UTC 2014
On Mi, 2014-01-08 at 09:16 -0800, Adam Williamson wrote:
> > Packages, that would like to use a default list of CA certificates,
> > should be changed to use (consume) the new consolidated data that we
> > provide as part of SharedSystemCertificates.
>
> This could do with some specifics:
>
> [adamw at adam libtorrent (master)]$ rpm -ql ca-certificates | grep -c -e
> 'pem' -e 'crt'
> 11
> [adamw at adam libtorrent (master)]$
>
> which one of those 11 files, exactly, should we have packages use when?
> When I came up against this situation recently I threw a dart and
> picked /etc/pki/tls/certs/ca-bundle.crt , but I'm hardly certain.
The manual page explains which files are intended for which purpose, and
also mentions the availability of a smarter pkcs#11 module for
applications that are able to use it.
$ rpm -ql ca-certificates |grep -w man
/usr/share/man/man8/update-ca-trust.8.gz
$ man update-ca-trust
Kai
More information about the devel
mailing list