Google Summer of Code/2019/Ideas/X509 Trust Store
From Gentoo Wiki
< Google Summer of Code | 2019 | IdeasJump to:navigation Jump to:search
X509 Trust Store
Currently, there is not centralized X.509 trust store in Gentoo to allow easy control of the various of cryptographic frameworks:
- Probably Python and Go
Fedora has a mechanism of having `/etc/pki/anchors` to be source of truth and `update-ca-certificates` scripts to generate the various of framework specific structure, for example each JVM JAVA_HOME/lib/security/cacerts is a synlink to a file at /etc which is generated by the script.
We should have a similar mechanism in Gentoo, as these certificates are system width configuration and not part of a specific package. However, we should have this smarter, so that packages can extend support by using drop-in scriptlet.