cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Retire the ca-roots ports, which expired long ago.

Browse Source 
The port is deprecated since it is not supported by the FreeBSD
Security Officer anymore.  The reason for this is that the ca-roots
port makes promises with regard to CA verification which the current
Security Officer (and deputy) do not want to make.

For people who need a general root certificate list see the
security/ca_root_ns, but note that the difference in guarantees with
regard to which CAs are included in ca_root_ns vs. ca-roots.  The
ca_root_ns port basically makes no guarantees other than that the
certificates comes from the Mozilla project.

Note that the ca-roots MOVED file entry on purpose does not point at
ca_root_ns due to the change in CA guarantees.

With hat:	security-officer
This commit is contained in:
Simon L. B. Nielsen 2008-06-29 16:48:01 +00:00
parent a5e70d1ac8
commit 0cb1d7b8dc
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=215953
6 changed files with 1 additions and 4079 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
MOVED
View File

@ -3517,3 +3517,4 @@ security/barnyard-sguil6|security/barnyard-sguil|2008-06-22|Moved to security/ba
java/bsh|lang/bsh|2008-06-22|Moved to lang/bsh
www/mod_security2|www/mod_security21|2008-06-22|Moved to www/mod_security2.
security/gnutls-devel||2008-06-23|Removed
security/ca-roots||2008-06-29|No longer supported by FreeBSD Security Officer

1
security/Makefile
View File

@ -50,7 +50,6 @@
SUBDIR += bsp_upektfmess
SUBDIR += bubblegum
SUBDIR += bugs
SUBDIR += ca-roots
SUBDIR += ca_root_nss
SUBDIR += calife
SUBDIR += calife-devel

26
security/ca-roots/Makefile
View File

@ -1,26 +0,0 @@
# Ports collection makefile for: ca-roots
# Date created: Sep 5, 2000
# Whom: nsayer
#
# $FreeBSD$
#
PORTNAME= ca-roots
PORTVERSION= 1.2
CATEGORIES= security
DISTFILES= # none
MAINTAINER= secteam@FreeBSD.org
COMMENT= A list of SSL CA root certificates
DEPRECATED= Not supported by FreeBSD Security Officer anymore
EXPIRATION_DATE=2007-07-07
NO_BUILD= yes
do-install:
${MKDIR} ${PREFIX}/share/certs
${INSTALL_DATA} ${FILESDIR}/ca-root.crt ${PREFIX}/share/certs
${LN} -sf ${PREFIX}/share/certs/ca-root.crt /etc/ssl/cert.pem
.include <bsd.port.mk>

4036
security/ca-roots/files/ca-root.crt
View File

File diff suppressed because it is too large Load Diff

11
security/ca-roots/pkg-descr
View File

@ -1,11 +0,0 @@
This port simply contains a list of SSL Certificate Authority root
certificates. Such a list performs a similar role for SSL Certificate
verfication that the root cache does for DNS servers.
This list originally came from mod_ssl (where it was ca-bundle.crt. They
originally got their list from Netscape Communicator/Navigator),
but will be maintained separately. The maintainer will apply strict
criteria to suggestions for additions to this list (in concert with
the FreeBSD security officer). CAs wishing to be added will need
to assure the FreeBSD user community that their certification procedures
are sufficiently secure to render their certificates trustworthy.

5
security/ca-roots/pkg-plist
View File

@ -1,5 +0,0 @@
@exec mkdir -p %D/share/certs
share/certs/ca-root.crt
@exec ln -s %D/share/certs/ca-root.crt /etc/ssl/cert.pem
@unexec [ -L /etc/ssl/cert.pem ] && rm -f /etc/ssl/cert.pem
@unexec rmdir %D/share/certs