add a hint for gnupg2 users (as claws-mail with the s/mime plugin)

author: drochner <drochner@pkgsrc.org> 2011-06-10 16:23:45 +0000
committer: drochner <drochner@pkgsrc.org> 2011-06-10 16:23:45 +0000
commit: 364969841448006ff1a230e4152f2b5fd7c5969c (patch)
tree: 6802a6f2940648bd85622cb11778c710efee4894 /security
parent: 74f72b02c9448c9ee2107989537a2d9937c43c39 (diff)
download: pkgsrc-364969841448006ff1a230e4152f2b5fd7c5969c.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/security/mozilla-rootcerts/MESSAGE b/security/mozilla-rootcerts/MESSAGE
index 68205f16a1a..2212f38d438 100644
--- a/security/mozilla-rootcerts/MESSAGE
+++ b/security/mozilla-rootcerts/MESSAGE
@@ -1,5 +1,5 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.2 2011/03/11 21:00:06 drochner Exp $
+$NetBSD: MESSAGE,v 1.3 2011/06/10 16:23:45 drochner Exp $
 
 Execute these commands to extract and rehash all CA root certificates
 distributed by the Mozilla Project, so that they can be used by third
@@ -15,4 +15,13 @@ be used by applications using GnuTLS, do the following:
 	# mkdir -p /etc/ssl/certs
 	# cd /etc/ssl/certs
 	# cat ../../openssl/certs/*.pem >ca-certificates.crt
+
+To mark these certificates as trusted for users of gnupg2, do
+the following (assuming default PKG_SYSCONFBASE and a Bourne shell):
+
+	# mkdir /usr/pkg/etc/gnupg
+	# cd /usr/pkg/etc/gnupg
+	# for c in /etc/openssl/certs/*.pem; do
+	> openssl x509 -in $c -noout -fingerprint|sed 's|^.*=\(.*\)|\1 S|'
+	> done > trustlist.txt
 ===========================================================================
author	drochner <drochner@pkgsrc.org>	2011-06-10 16:23:45 +0000
committer	drochner <drochner@pkgsrc.org>	2011-06-10 16:23:45 +0000
commit	364969841448006ff1a230e4152f2b5fd7c5969c (patch)
tree	6802a6f2940648bd85622cb11778c710efee4894 /security
parent	74f72b02c9448c9ee2107989537a2d9937c43c39 (diff)
download	pkgsrc-364969841448006ff1a230e4152f2b5fd7c5969c.tar.gz