On Tue, 26 Sept 2023 at 12:21, Greg Troxel <g...@lexort.com> wrote: > > Chavdar Ivanov <ci4...@gmail.com> writes: > > > lack cause anything? On top of this, I seem not to be able to remove > > mozilla-rootcerts-openssl, as it is required by hs-x509-system, itself > > required eventually by converters/pandoc. (I sorted this out by > > That's a bug. It is against policy for a package to require > mozilla-rootcerts-openssl. > > > replacing the latter package after cvs updating - the NetBSD > > condiitional in the Makefile has been removed so after that nothing > > stopped me from removing mozilla-rootcerts-openssl; leaving the > > comments in the mail as someone else may find himself in the same > > situation). > > And it's fixed.
sure, > > > The query is then about the 198 certificates present in the package > > but missing in base - are they likely to cause any problems? > > I would uninstall mozilla-rootcerts-openssl and then make sure your cert > dir is ok. > > Are you saying that mozilla-rootcerts-openssl has CAs that base does > not, separately from the history of how your system got be how it is? I just did a clean installation of -current from yesterday. This leaves /etc/openssl/certs with one single file and 280 links to files and links is /usr/share/certs/mozilla. However, the real files in that directory are 170 - exactly the number of real files in the package (which contains 169 links and 170 files). As the number of files appears the same, I'd say that base provides what is needed, even if it looks much different... I will replace /etc/openssl/certs on my historical system with the contents from the cleanly installed one, that should do the job. I believe no other package should have added anything there. The confusion was created by the package which was still dependent on mozilla-rootcerts-openssl at the time of invoking 'pkg_admin rebuild' prior to pkg_rolling-replace. There are other small bits which can cause trouble - e.g. my yesterday's -current works just fine (as a VMWare Workstation guest), but when I selected the option of setting up pkgin during the installation (my build host serves it locally via ftp), it did all the setting up but could not actually invoke pkgin - as it was missing /usr/lib/libarchive.so.4.0 - the system now has 5.0 and pkgin was still not updated - I was about to start the rolling replace. I copied the older version onto the new system until the rolling replace completes on the build one. It is -current, after all; I build it usually every two weeks or so and it usually is very stable, but one has to be prepared to deal with such issues from time to time. -- ----
