[Bug 246069] net-im/jicofo: need trust installation instructions and refinement of keystore

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri May 1 00:15:33 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246069

            Bug ID: 246069
           Summary: net-im/jicofo: need trust installation instructions
                    and refinement of keystore
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: acm at FreeBSD.org
          Reporter: mandree at FreeBSD.org
          Assignee: acm at FreeBSD.org
             Flags: maintainer-feedback?(acm at FreeBSD.org)

Greetings,

I've needed to invest quite a bit of time to get jicofo to talk to prosody
because the upstream documentation is specific to Debian, and Java certificate
handling is quite different on Debian-based systems vs. FreeBSD.

I am proposing to add some documentation to save users some digging.

Please check if the instructions below are correct, and then put them into a
pkg-message file and/or a post-install documentation referenced from
pkg-message.

These links aren't exactly helpful for FreeBSD.

https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md#install-jitsi-conference-focus-jicofo

https://github.com/jitsi/jicofo/blob/master/README.md#certificates

Here's what I needed to do:

openssl x509 -in  /var/db/prosody/auth.jitsi.example.org.crt -outform der \
 -out  /var/db/prosody/auth.jitsi.example.org.der

keytool -import -trustcacerts -file /var/db/prosody/auth.jitsi.example.org.der
\
 -alias auth.jitsi.example.org -keystore /usr/local/etc/ssl/java.pem

and as password I used the default "changeme".

However, the file is misnamed and should be called trust.jsk or something, and
possibly we should move it outside /usr/local/etc/ssl, and rather into
.../etc/jitsi/trust.jsk:

# file /usr/local/etc/ssl/java.pem
/usr/local/etc/ssl/java.pem: Java KeyStore

I think we would need a full deployment instruction set for FreeBSD, and
possibly a rapid-deployment meta-port.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list