From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@altlinux.org>
Date: Sat, 23 Dec 2017 01:37:09 +0300
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: ALT Devel discussion list <devel@lists.altlinux.org>
Message-ID: <20171222223709.GB29859@altlinux.org>
Mail-Followup-To: ALT Devel discussion list <devel@lists.altlinux.org>
References: <20171221184816.2968172e@sem.office.basealt.ru>
 <20171222003606.GJ4981@comp-core-i7-2640m-0182e6.fortress>
 <20171222012805.GA16098@altlinux.org>
 <20171222022648.GA30110@comp-core-i7-2640m-0182e6.fortress>
 <20171222193346.035680ab@sem.office.basealt.ru>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="XF85m9dhOBO43t/C"
Content-Disposition: inline
In-Reply-To: <20171222193346.035680ab@sem.office.basealt.ru>
Subject: Re: [devel] RFC: ca-certificates a la Fedora
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Dec 2017 22:37:10 -0000
Archived-At: <http://lore.altlinux.org/devel/20171222223709.GB29859@altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--XF85m9dhOBO43t/C
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 22, 2017 at 07:33:46PM +0300, Mikhail Efremov wrote:
> On Fri, 22 Dec 2017 03:26:48 +0100 Alexey Gladkov wrote:
> > On Fri, Dec 22, 2017 at 04:28:05AM +0300, Dmitry V. Levin wrote:
> > > > =EE=C5=D4=D5. =F0=CC=C0=D3 =D0=CF=D1=D7=CC=C5=CE=C9=C5 =CE=C5=D3=CF=
=D7=CD=C5=D3=D4=C9=CD=CF=D3=D4=C9 =D3=D4=C1=CE=C5=D4 =C2=CC=CF=CB=C9=D2=CF=
=CB=C5=D2=CF=CD =CB =CF=C2=CE=CF=D7=CC=C5=CE=C9=C0 nss,
> > > > =DE=D4=CF =D3 =D4=CF=DE=CB=C5 =DA=D2=C5=CE=C9=D1 =C2=C5=DA=CF=D0=C1=
=D3=CE=CF=D3=D4=C9 =CD=CE=C5 =CE=C5 =CE=D2=C1=D7=C9=D4=D3=D1.
> > > >=20
> > > > =E5=D3=CC=C9 =C9=C4=D4=C9 =D0=CF =DC=D4=CF=CD=D5 =D0=D5=D4=C9, =D4=
=CF =D1 =C2=D9 =D3=C4=C5=CC=C1=CC =C1=CC=D8=D4=C5=D2=CE=C1=D4=C9=D7=D9 =C4=
=CC=D1 =DC=D4=CF=CA =C2=C9=C2=CC=C9=CF=D4=C5=CB=C9. =20
> > >=20
> > > =E1=CC=D8=D4=C5=D2=CE=C1=D4=C9=D7=D9 =C4=CC=D1 =C2=C9=C2=CC=C9=CF=D4=
=C5=CB -- =DC=D4=CF =D7=CF=CF=C2=DD=C5 =D0=CC=CF=C8=C1=D1 =C9=C4=C5=D1, =D1=
 =D7=D3=A3 =CE=C9=CB=C1=CB =CE=C5
> > > =D0=D2=C9=C4=D5=CD=C1=C0 =D3=D0=CF=D3=CF=C2=C1 =C9=C8 =DC=C6=C6=C5=CB=
=D4=C9=D7=CE=CF =DA=C1=D0=D2=C5=D4=C9=D4=D8. =20
> >=20
> > =E5=D3=CC=C9 =D7=D3=A3 =CB=C1=CB =D3=CB=C1=DA=C1=CC sem@ =C9 =C4=C5=CA=
=D3=D4=D7=C9=D4=C5=CC=D8=CE=CF =C5=D3=D4=D8 =D0=CF=CC=CE=C1=D1 =D3=CF=D7=CD=
=C5=D3=D4=C9=CD=CF=D3=D4=D8, =D4=CF
> > =D0=D2=CF=C2=CC=C5=CD =CE=C5 =C2=D5=C4=C5=D4. =E5=D3=CC=C9 =CE=C5=D3=CF=
=D7=CD=C5=D3=D4=C9=CD=CF=D3=D4=D8 =D7=D3=A3-=D4=C1=CB=C9 =D0=CF=D1=D7=C9=D4=
=D3=D1/=CD=CF=D6=C5=D4 =D0=CF=D1=D7=C9=D4=D8=D3=D1,
> > =D4=CF =D0=CF=CC=D8=DA=CF=D7=C1=D4=C5=CC=C9 =D3=CD=CF=C7=D5=D4 =D0=C5=
=D2=C5=CB=CC=C0=DE=C9=D4=D8=D3=D1 =CE=C1 =C1=D0=D3=D4=D2=C9=CD=CE=D5=C0 =C2=
=C9=C2=CC=C9=CF=D4=C5=CB=D5 (=C8=CF=D4=D1 =C2=D9
> > =D7=D2=C5=CD=C5=CE=CE=CF). =FC=D4=CF =CC=D5=DE=DB=C5, =DE=C5=CD =CB=CC=
=C1=D3=D4=D8 =D7=D3=C5 =D1=CA=C3=C1 =D7 =CF=C4=CE=D5 =CB=CF=D2=DA=C9=CE=D5.
>=20
> =E5=D3=CC=C9 =D3=C4=C5=CC=C1=D4=D8 =D4=C1=CB:
> ln -s /usr/lib64/pkcs11/p11-kit-trust.so /etc/pki/nssdb/libnssckbi.so
> =D4=CF certutil -L -d sql:/etc/pki/nssdb/ -h 'Builtin Object Token'
> =CE=C1=DE=C9=CE=C1=C5=D4 =D7=D9=C4=C1=D7=C1=D4=D8 =D3=D0=C9=D3=CF=CB =D3=
=C5=D2=D4=C9=C6=C9=CB=C1=D4=CF=D7 =C9=DA p11-kit.

libnssckbi.so =D7 /etc - =DC=D4=CF =CF=D2=C9=C7=C9=CE=C1=CC=D8=CE=CF, =CE=
=CF =D0=CF =D5=CD=CF=CC=DE=C1=CE=C9=C0 =D7 /etc/pki/nssdb
=CE=C9=CB=D4=CF =CE=C5 =D3=CD=CF=D4=D2=C9=D4, =D4=C1=CB =D7=C5=C4=D8?

[...]
> > > > =EE=D5 =C9=CC=C9 =C1=CC=D8=D4=C5=D2=D4=C1=CE=D4=C9=D7=D9 =C4=CC=D1 =
libnssckbi.so. =20
> > >=20
> > > =EC=C9=C2=CF =D2=C1=DA=CE=D9=C5 =D2=C5=C1=CC=C9=DA=C1=C3=C9=C9 libnss=
ckbi.so =CF=CB=C1=D6=D5=D4=D3=D1 =CE=C1=D3=D4=CF=CC=D8=CB=CF =D3=CF=D7=CD=
=C5=D3=D4=C9=CD=D9, =DE=D4=CF
> > > =C2=D5=C4=C5=D4 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=D4=D8=D3=D1 =D4=CF=CC=
=D8=CB=CF =CF=C4=CE=C1, =CC=C9=C2=CF =CE=C5=D4, =C9 =D4=CF=C7=C4=C1 =D0=D2=
=C9=C4=A3=D4=D3=D1 =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=D4=D8
> > > =D2=C1=DA=CE=D9=C5 =D2=C5=C1=CC=C9=DA=C1=C3=C9=C9 =CF=C4=CE=CF=D7=D2=
=C5=CD=C5=CE=CE=CF =C9 =CD=D9 =D7=C5=D2=CE=A3=CD=D3=D1 =CB =CE=D9=CE=C5=DB=
=CE=C5=CA =D3=C9=D4=D5=C1=C3=C9=C9. =20
> >=20
> > =E9=CD=C5=CE=CE=CF, =CE=CF =CF=D4=CB=C1=D4 =D0=CF=CC=D8=DA=CF=D7=C1=D4=
=C5=CC=D1 =CB =C1=D0=D3=D4=D2=C9=CD=CE=CF=CA =C2=C9=C2=CC=C9=CF=D4=C5=CB=C5=
 =CD=CE=C5 =CB=C1=D6=C5=D4=D3=D1 =C2=CF=CC=C5=C5
> > =D5=C4=C1=DE=CE=D9=CD =D7=C1=D2=C9=C1=CE=D4=CF=CD, =DE=C5=CD =CE=C5=D7=
=CF=DA=CD=CF=D6=CE=CF=D3=D4=D8 =D0=CF=CC=D8=DA=CF=D7=C1=D4=D8=D3=D1 =C2=D2=
=C1=D5=DA=C5=D2=CF=CD/=D0=CF=DE=D4=CF=CA =D7=CF=CF=C2=DD=C5,
> > =D7 =D3=CC=D5=DE=C1=C5, =CB=CF=C7=C4=C1 =D7=CD=C5=D3=D4=CF libnssckbi.s=
o =C2=D5=C4=C5=D4 =CE=C5=D3=CF=D7=CD=C5=D3=D4=C9=CD=C1=D1 =C2=C9=C2=CC=C9=
=CF=D4=C5=CB=C1.
>=20
> =F5=DE=C9=D4=D9=D7=C1=D1, =DE=D4=CF =DC=D4=CF =CE=C5 =D3=CF=D7=D3=C5=CD =
=C2=C9=C2=CC=C9=CF=D4=C5=CB=C1, =CE=C1=D3=CB=CF=CC=D8=CB=CF =D1 =D0=CF=CE=
=C9=CD=C1=C0, =D4.=C5. =D3 =CE=C5=CA
> =CE=C9=CB=D4=CF =CE=C5 =CC=C9=CE=CB=D5=C5=D4=D3=D1, =D4=CF =CD=CF=D6=C5=
=D4 =C1=CC=D8=D4=C5=D2=CE=C1=D4=C9=D7=D9 =C9 =CE=C5 =D3=C1=CD=D9=CA =D0=CC=
=CF=C8=CF=CA =D7=C1=D2=C9=C1=CE=D4.
> =EC=D5=DE=DB=C5 =C2=D9, =CB=CF=CE=C5=DE=CE=CF, =D5=C2=D2=C1=D4=D8 =C5=C5 =
=C9=DA nss =D3=CF=D7=D3=C5=CD, =DA=C1=CD=C5=CE=C9=D7 =D3=D3=D9=CC=CB=CF=CA =
=CE=C1
> p11-kit-trust.so, =C1 =D7 =D3=CC=D5=DE=C1=C5 =D2=C1=DA=CC=CF=CD=C1 =CD=CF=
=D6=CE=CF =D7=D2=C5=CD=C5=CE=CE=CF =D7=C5=D2=CE=D5=D4=D8
> libnssckbi.so. =F0=D2=CF=C2=CC=C5=CD=C1 =D7 =D4=CF=CD, =CB=C1=CB =CF=C2=
=CE=C1=D2=D5=D6=C9=D4=D8 =DC=D4=CF=D4 =D2=C1=DA=CC=CF=CD.

=F1 =C2=D9 =D3=CB=C1=DA=C1=CC, =DE=D4=CF =D3=CF=D7=D3=C5=CD =CE=C5 =C2=C9=
=C2=CC=C9=CF=D4=C5=CB=C1:
$ nm -D /usr/lib64/libnssckbi.so |grep '^[[:xdigit:]]'
0000000000020fb0 T C_GetFunctionList
0000000000000000 A NSS_3.1

=E5=D3=CC=C9 libnssckbi.so - =DC=D4=CF =CE=C5 =C2=C9=C2=CC=C9=CF=D4=C5=CB=
=C1, =D4=CF =D0=CF=DE=C5=CD=D5 =CF=CE=C1 lib*.so,
=C9 =D0=CF=DE=C5=CD=D5 =CF=CE=C1 =D5=D0=C1=CB=CF=D7=C1=CE=C1 =CE=C5=D0=CF=
=D3=D2=C5=C4=D3=D4=D7=C5=CE=CE=CF =D7 %_libdir?
=EB=C1=CB =C5=A3 =DA=C1=C7=D2=D5=D6=C1=C0=D4 - dlopen'=CF=CD?

=F0=CF=CC=D5=DE=C1=C5=D4=D3=D1, =DE=D4=CF =C5=C4=C9=CE=D3=D4=D7=C5=CE=CE=CF=
=C5 =C4=CF=D3=D4=D5=D0=CE=CF=C5 =CE=C1=CD =D2=C5=DB=C5=CE=C9=C5 =DA=C1=C4=
=C1=DE=C9, =DE=D4=CF=C2=D9 =D7 nss
=C2=D9=CC=C9 =D4=C5 =D6=C5 =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4=D9, =DE=D4=CF =C9=
 =D7 openssl =D3 gnutls - =DC=D4=CF =DA=C1=CD=C5=CE=C9=D4=D8
libnssckbi.so, =CB=CF=D4=CF=D2=D9=CA =C9=D3=D0=CF=CC=D8=DA=D5=C5=D4 nss, =
=D3=D3=D9=CC=CB=CF=CA =CE=C1 =C1=CC=D8=D4=C5=D2=CE=C1=D4=C9=D7=CE=CF=C7=CF
=D0=D2=CF=D7=C1=CA=C4=C5=D2=C1 (/usr/lib64/pkcs11/p11-kit-trust.so), =CB=CF=
=D4=CF=D2=D9=CA =DC=D4=CF =D2=C5=C1=CC=C9=DA=D5=C5=D4.

=ED=CF=D6=CE=CF, =CB=CF=CE=C5=DE=CE=CF, =D5=D0=D2=C1=D7=CC=D1=D4=D8 =DC=D4=
=CF=CA =D3=D3=D9=CC=CB=CF=CA =D3 =D0=CF=CD=CF=DD=D8=C0 =CD=C5=C8=C1=CE=C9=
=DA=CD=C1 =C1=CC=D8=D4=C5=D2=CE=C1=D4=C9=D7,
=CE=CF =D1 =CE=C5 =D7=C9=D6=D5 =D7 =DC=D4=CF=CD =D3=CD=D9=D3=CC=C1.
=E5=D3=CC=C9 =CB=C1=CB=C1=D1-=D4=CF =D7=C5=D2=D3=C9=D1 nss =D0=C5=D2=C5=D3=
=D4=C1=CE=C5=D4 =D2=C1=C2=CF=D4=C1=D4=D8 =D3 p11-kit-trust.so, =D4=CF =DC=
=D4=D5
=D3=D3=D9=CC=CB=D5 =D0=D2=C9=C4=A3=D4=D3=D1 =D7=D2=C5=CD=C5=CE=CE=CF =DA=C1=
=CD=C5=CE=C9=D4=D8 =CE=C1 =C6=C1=CA=CC, =D0=CF=D3=D4=C1=D7=CC=D1=C5=CD=D9=
=CA =D3 libnss, =C4=CF =D4=C5=C8
=D0=CF=D2, =D0=CF=CB=C1 p11-kit-trust.so =D3=CE=CF=D7=C1 =CE=C5 =DA=C1=D2=
=C1=C2=CF=D4=C1=C5=D4, =D0=CF=D3=CC=C5 =DE=C5=C7=CF =D3=D3=D9=CC=CB=D5 =CD=
=CF=D6=CE=CF
=C2=D5=C4=C5=D4 =D7=C5=D2=CE=D5=D4=D8, =D0=CF=D3=D4=C1=D7=C9=D7 =D3=CF=CF=
=D4=D7=C5=D4=D3=D4=D7=D5=C0=DD=C9=C5 =DA=C1=D7=C9=D3=C9=CD=CF=D3=D4=C9 (=D7=
 =C4=C1=CE=CE=CF=CD =D3=CC=D5=DE=C1=C5,
=CE=C1=D7=C5=D2=CE=CF=C5, =CB=CF=CE=C6=CC=C9=CB=D4=D9).
=FE=C5=CD =D7 =DC=D4=CF=CA =D3=C9=D4=D5=C1=C3=C9=C9 =D0=CF=CD=CF=D6=C5=D4 =
=CD=C5=C8=C1=CE=C9=DA=CD =C1=CC=D8=D4=C5=D2=CE=C1=D4=C9=D7?


--=20
ldv

--XF85m9dhOBO43t/C
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJaPYkVAAoJEAVFT+BVnCUIFvAP+wXbsX8ZLeSvnLEpLni00W6V
CKgMpIY0zO9ik1wANONaTgm12/j/0okZ12Ag3v5Pf78vPasN/tdytCEUtVKB/mew
iwZBZUuF23d0+4ifvjmjptZ0mR8VgbYpWcxCvM5jbXxzbwzcDJmHy+7nnoIHr+I8
Wp9/mXmCZ9ER64vcQw/tYJNJWWKZo/xsa8AvdedJss/ChDlyXtZ56ANFjRfBOBII
XJDh9UbXuLa9tU6D9BlW0UF33Skifh41fcLP2BfSLwZDvFdQf+XxUxs3mJdWJgJ/
T1Ut29012x4X4BRvXIeoXN72ZKb0LbERIZb9w4rEeYyRwqQjqWtXK6wY/2MOPGLm
GshxU4WNntHE8n29LUc23XIB/dhoFebDQVJJGs3zYdXirGPIYjaDzKVYKg8i855b
dfGIjieP/aF3GbOVOf+hXNqUah8+U+UxTGDPWg4D5KUybiyXLoBmKyxtv9Bkkdrr
0CF2fH+xWjQ7PQ2c/PPETqAWaTw/c+3m6JE857zh5QkcFcWLYmfnzjdlHCEuPqY4
gMV8rc5WX9RklyM14hr3eeypcVeal8+/OHFIJSDvz2GnGxcG3v4VOq2Q5VH+eib8
4pVym6yMw8nyLFOjoVp0R6zb1wdhwQ6qUwsiC+I6sc7EoSQeVCsx2GhxOnV9vyR7
hLVWXFcmEpGYoDIjZHlG
=UT55
-----END PGP SIGNATURE-----

--XF85m9dhOBO43t/C--