head 1.3; access; symbols pkgsrc-2026Q1:1.3.0.40 pkgsrc-2026Q1-base:1.3 pkgsrc-2025Q4:1.3.0.38 pkgsrc-2025Q4-base:1.3 pkgsrc-2025Q3:1.3.0.36 pkgsrc-2025Q3-base:1.3 pkgsrc-2025Q2:1.3.0.34 pkgsrc-2025Q2-base:1.3 pkgsrc-2025Q1:1.3.0.32 pkgsrc-2025Q1-base:1.3 pkgsrc-2024Q4:1.3.0.30 pkgsrc-2024Q4-base:1.3 pkgsrc-2024Q3:1.3.0.28 pkgsrc-2024Q3-base:1.3 pkgsrc-2024Q2:1.3.0.26 pkgsrc-2024Q2-base:1.3 pkgsrc-2024Q1:1.3.0.24 pkgsrc-2024Q1-base:1.3 pkgsrc-2023Q4:1.3.0.22 pkgsrc-2023Q4-base:1.3 pkgsrc-2023Q3:1.3.0.20 pkgsrc-2023Q3-base:1.3 pkgsrc-2023Q2:1.3.0.18 pkgsrc-2023Q2-base:1.3 pkgsrc-2023Q1:1.3.0.16 pkgsrc-2023Q1-base:1.3 pkgsrc-2022Q4:1.3.0.14 pkgsrc-2022Q4-base:1.3 pkgsrc-2022Q3:1.3.0.12 pkgsrc-2022Q3-base:1.3 pkgsrc-2022Q2:1.3.0.10 pkgsrc-2022Q2-base:1.3 pkgsrc-2022Q1:1.3.0.8 pkgsrc-2022Q1-base:1.3 pkgsrc-2021Q4:1.3.0.6 pkgsrc-2021Q4-base:1.3 pkgsrc-2021Q3:1.3.0.4 pkgsrc-2021Q3-base:1.3 pkgsrc-2021Q2:1.3.0.2 pkgsrc-2021Q2-base:1.3 pkgsrc-2021Q1:1.2.0.98 pkgsrc-2021Q1-base:1.2 pkgsrc-2020Q4:1.2.0.96 pkgsrc-2020Q4-base:1.2 pkgsrc-2020Q3:1.2.0.94 pkgsrc-2020Q3-base:1.2 pkgsrc-2020Q2:1.2.0.90 pkgsrc-2020Q2-base:1.2 pkgsrc-2020Q1:1.2.0.70 pkgsrc-2020Q1-base:1.2 pkgsrc-2019Q4:1.2.0.92 pkgsrc-2019Q4-base:1.2 pkgsrc-2019Q3:1.2.0.88 pkgsrc-2019Q3-base:1.2 pkgsrc-2019Q2:1.2.0.86 pkgsrc-2019Q2-base:1.2 pkgsrc-2019Q1:1.2.0.84 pkgsrc-2019Q1-base:1.2 pkgsrc-2018Q4:1.2.0.82 pkgsrc-2018Q4-base:1.2 pkgsrc-2018Q3:1.2.0.80 pkgsrc-2018Q3-base:1.2 pkgsrc-2018Q2:1.2.0.78 pkgsrc-2018Q2-base:1.2 pkgsrc-2018Q1:1.2.0.76 pkgsrc-2018Q1-base:1.2 pkgsrc-2017Q4:1.2.0.74 pkgsrc-2017Q4-base:1.2 pkgsrc-2017Q3:1.2.0.72 pkgsrc-2017Q3-base:1.2 pkgsrc-2017Q2:1.2.0.68 pkgsrc-2017Q2-base:1.2 pkgsrc-2017Q1:1.2.0.66 pkgsrc-2017Q1-base:1.2 pkgsrc-2016Q4:1.2.0.64 pkgsrc-2016Q4-base:1.2 pkgsrc-2016Q3:1.2.0.62 pkgsrc-2016Q3-base:1.2 pkgsrc-2016Q2:1.2.0.60 pkgsrc-2016Q2-base:1.2 pkgsrc-2016Q1:1.2.0.58 pkgsrc-2016Q1-base:1.2 pkgsrc-2015Q4:1.2.0.56 pkgsrc-2015Q4-base:1.2 pkgsrc-2015Q3:1.2.0.54 pkgsrc-2015Q3-base:1.2 pkgsrc-2015Q2:1.2.0.52 pkgsrc-2015Q2-base:1.2 pkgsrc-2015Q1:1.2.0.50 pkgsrc-2015Q1-base:1.2 pkgsrc-2014Q4:1.2.0.48 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.46 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.44 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.42 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.40 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.38 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.36 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.34 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.32 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.30 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.28 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.26 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.24 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.2.0.22 pkgsrc-2011Q3-base:1.2 pkgsrc-2011Q2:1.2.0.20 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.2.0.18 pkgsrc-2011Q1-base:1.2 pkgsrc-2010Q4:1.2.0.16 pkgsrc-2010Q4-base:1.2 pkgsrc-2010Q3:1.2.0.14 pkgsrc-2010Q3-base:1.2 pkgsrc-2010Q2:1.2.0.12 pkgsrc-2010Q2-base:1.2 pkgsrc-2010Q1:1.2.0.10 pkgsrc-2010Q1-base:1.2 pkgsrc-2009Q4:1.2.0.8 pkgsrc-2009Q4-base:1.2 pkgsrc-2009Q3:1.2.0.6 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.4 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.2 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.1.0.8 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.6 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.4 cube-native-xorg-base:1.1 pkg_install-renovation:1.1.0.2; locks; strict; comment @# @; 1.3 date 2021.05.17.15.38.55; author martin; state Exp; branches; next 1.2; commitid aN5E7duRXBBd3wTC; 1.2 date 2009.02.02.12.49.16; author joerg; state Exp; branches; next 1.1; 1.1 date 2008.08.06.23.51.32; author joerg; state dead; branches 1.1.2.1; next ; 1.1.2.1 date 2008.08.06.23.51.32; author joerg; state Exp; branches; next ; desc @@ 1.3 log @Adapt outdated defaults to recent openssl versions @ text @# $NetBSD: pkgsrc.cnf,v 1.2 2009/02/02 12:49:16 joerg Exp $ # # OpenSSL sample configuration file for use by pkgsrc.sh # # This definition stops the following lines choking if HOME isn't # defined. HOME = . RANDFILE = $ENV::HOME/.rnd #################################################################### [ ca ] default_ca = CA_default # The default ca section #################################################################### [ CA_default ] dir = ./pkgsrc # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. #unique_subject = no # Set to 'no' to allow creation of # several ctificates with same subject. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file # Comment out the following two lines for the "traditional" # (and highly broken) format. name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options # Extension copying option: use with caution. # copy_extensions = copy # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crlnumber must also be commented out to leave a V1 CRL. # crl_extensions = crl_ext default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = default # use public key default MD preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look # For type CA, the listed attributes must be the same, and the optional # and supplied fields are just that :-) policy = policy_match # For the CA policy [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional # For the 'anything' policy # At this point in time, you must list all acceptable 'object' # types. [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional #################################################################### [ req ] default_bits = 4096 default_keyfile = privkey.pem distinguished_name = req_distinguished_name x509_extensions = v3_ca # The extentions to add to the self signed cert string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Some-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Internet Widgits Pty Ltd # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.organizationName_default = World Wide Web Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 [ pkgkey ] nsComment = "Certificate for binary pkgsrc packages" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer subjectAltName=email:move extendedKeyUsage = codeSigning, emailProtection [ pkgsec ] nsComment = "Certificate for pkg-vulnerabilities" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer subjectAltName=email:move [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = critical,CA:true @ 1.2 log @Merge x509 setup and documentation from pkg_install-renovation. @ text @d1 1 a1 1 # $NetBSD: pkgsrc.cnf,v 1.1.2.1 2008/08/06 23:51:32 joerg Exp $ d80 1 a80 1 default_bits = 2048 a81 1 default_md = sha1 @ 1.1 log @file pkgsrc.cnf was initially added on branch pkg_install-renovation. @ text @d1 136 @ 1.1.2.1 log @Get the OpenSSL setup to create a simple CA, pkg-vulnerabilities signing and package signing keys under version control. @ text @a0 136 # $NetBSD$ # # OpenSSL sample configuration file for use by pkgsrc.sh # # This definition stops the following lines choking if HOME isn't # defined. HOME = . RANDFILE = $ENV::HOME/.rnd #################################################################### [ ca ] default_ca = CA_default # The default ca section #################################################################### [ CA_default ] dir = ./pkgsrc # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. #unique_subject = no # Set to 'no' to allow creation of # several ctificates with same subject. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file # Comment out the following two lines for the "traditional" # (and highly broken) format. name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options # Extension copying option: use with caution. # copy_extensions = copy # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crlnumber must also be commented out to leave a V1 CRL. # crl_extensions = crl_ext default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = default # use public key default MD preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look # For type CA, the listed attributes must be the same, and the optional # and supplied fields are just that :-) policy = policy_match # For the CA policy [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional # For the 'anything' policy # At this point in time, you must list all acceptable 'object' # types. [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional #################################################################### [ req ] default_bits = 2048 default_keyfile = privkey.pem default_md = sha1 distinguished_name = req_distinguished_name x509_extensions = v3_ca # The extentions to add to the self signed cert string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Some-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Internet Widgits Pty Ltd # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.organizationName_default = World Wide Web Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 [ pkgkey ] nsComment = "Certificate for binary pkgsrc packages" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer subjectAltName=email:move extendedKeyUsage = codeSigning, emailProtection [ pkgsec ] nsComment = "Certificate for pkg-vulnerabilities" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer subjectAltName=email:move [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = critical,CA:true @