Author: boyska Date: To: freepto Subject: Re: [Freepto] v1.0beta2 released
On Mon, Oct 13, 2014 at 09:20:11PM +0000, vinc3nt wrote: >>> * Create a Freepto CA and include It
>>> https://github.com/AvANa-BBS/freepto-lb/issues/146 >>> assigned to vinc3nt
>> It seems that there has been some love on this (the freepto-certificates
>> package has been created).
>> vinc3nt, can you clarify if it is going to be a RFT or if there is still
>> something to do?
>the freepto-certificates package has been created, and it will keep
>simple manage and update the system-side certificates. [...] >Unfortunately this package isn't able to manage the icedove/iceweasel
>certificates, since those certificates are stored into a binary db
Thanks for remembering me why I DID NOT like that solution :P
cert8.db is a database, which:
* is not easily reviewable by developers
* is hard to keep in sync with freepto-certificates
>It can be handled with the certutil utility, therefore I wrote a simple
>wrapper in order to handle it:
the problem of this wrapper is that it is meant to be run by developers,
to create binary blob to be put under version control. I find this quite
I created a script similar to that one, but which runs as a chroot hook.
If everything works as expected, we can now stop providing a binary
cert8.db, and just let the script create it. You can find it on commit
cd41b414 branch certificates_iceweasel
This is still far from perfect:
* the script is not run when you upgrade freepto-certificates
* it is not even provided to the user
* even if we had a simple method to run it, it's not completely clear
how we should handle upgrades. Remove old version of certificates in
all firefox profiles we find in /home/paranoid?
>the same certificate should be added on icedove as well, this can be a
>good chance to review it for someone else.
ooops, I forgot icedove. I'll patch the script if I found that it works.
This message was posted to the following mailing lists: