nss should ship certutil

[lotheac]

The nss packages don't include certutil, which is needed eg. for configuring ldapclient certificates.

[danmcd]

I'd have to inspect it more, but it looks like build/mozilla-nss-nspr/nss.mog needs to call out certutil & friends for packaging.

[lotheac]

On Wed, Oct 28 2015 03:40:36 -0700, Dan McDonald wrote:

I'd have to inspect it more, but it looks like build/mozilla-nss-nspr/nss.mog needs to call out certutil & friends for packaging.

I looked at it briefly and upon seeing the nss/nspr packaging script decided that it's best to defer to your expertise on the subject :) Thanks.

Lauri Tirkkonen | lotheac @ IRCnet

[danmcd]

BTW, this won't make r151016 except maybe as an update.

[lotheac]

On Wed, Oct 28 2015 04:59:22 -0700, Dan McDonald wrote:

BTW, this won't make r151016 except maybe as an update.

That's okay, it's not a big issue for us right now as we currently just ship a known-good trusted cert db file via config management (ie. can use another OS to create it). It would probably be good to have a working way to configure trusted LDAP CAs in the OS itself at some point though :)

Lauri Tirkkonen | lotheac @ IRCnet

[idodeclare]

I'm trying to connect omnios to ldaps, but I'm stymied by omnios-151018's lack of certutil. I'll build a transient VM with another distro (I see joyent's illumos-extra) in order to export to omnios à la @lotheac, but I agree it would be nice to have it in the omnios base.