Module Name: src
Committed By: riastradh
Date: Mon Aug 28 22:25:50 UTC 2023
Modified Files:
src: UPDATING
src/tests/usr.sbin/certctl: t_certctl.sh
src/usr.sbin/certctl: certctl.sh
Log Message:
certctl(8): Avoid clobbering prepopulated /etc/openssl/certs.
Also avoid clobbering some other edge cases like symlinks or
non-directories there.
This way, we have the following transitions on system updates:
- If /etc/openssl/certs is empty (as in default NetBSD<10 installs):
quietly populated on rehash.
- If /etc/openssl/certs is nonempty (you've added things to it,
e.g. by hand or with mozilla-rootcerts) and has never been managed
by certctl(8): left alone on rehash, with an error message to
explain what you need to do.
- If /etc/openssl/certs has been managed by certctl(8): quietly
updated on rehash.
Note: This means current installations made since certctl(8) was
added will be treated like /etc/openssl/certs is nonempty and has
never been managed by certctl(8). To work around this, you can just
delete /etc/openssl/certs and rerun `certctl rehash'.
To generate a diff of this commit:
cvs rdiff -u -r1.342 -r1.343 src/UPDATING
cvs rdiff -u -r1.4 -r1.5 src/tests/usr.sbin/certctl/t_certctl.sh
cvs rdiff -u -r1.2 -r1.3 src/usr.sbin/certctl/certctl.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
