svn commit: r365837 - head

Thu, 17 Sep 2020 08:59:22 -0700 

Author: kevans
Date: Thu Sep 17 15:58:42 2020
New Revision: 365837
URL: https://svnweb.freebsd.org/changeset/base/365837

Log:
  Promote the installworld `certctl rehash` to distributeworld
  
  Contrary to my belief, installworld is not sufficient for getting certs
  installed into VM images. Promote the rehash to both installworld and
  distributeworld (notably: not stageworld) and rehash the base distdir so we
  end up with /etc/ssl/certs populated in the base dist archive. A future
  commit will remove the rehash from bsdinstall, which doesn't really need to
  happen if they're installed into base.txz.
  
  While here, fix a minor typo: s/CERTCLTFLAGS/CERTCTLFLAGS/
  
  MFC after:    1 week

Modified:
  head/Makefile.inc1

Modified: head/Makefile.inc1
==============================================================================
--- head/Makefile.inc1  Thu Sep 17 15:07:25 2020        (r365836)
+++ head/Makefile.inc1  Thu Sep 17 15:58:42 2020        (r365837)
@@ -926,7 +926,7 @@ METALOG:=   ${METALOG:C,//+,/,g}
 IMAKE+=                -DNO_ROOT METALOG=${METALOG}
 METALOG_INSTALLFLAGS=  -U -M ${METALOG} -D ${INSTALL_DDIR}
 INSTALLFLAGS+= ${METALOG_INSTALLFLAGS}
-CERTCLTFLAGS=  ${METALOG_INSTALLFLAGS}
+CERTCTLFLAGS=  ${METALOG_INSTALLFLAGS}
 MTREEFLAGS+=   -W
 .endif
 .if defined(BUILD_PKGS)
@@ -936,6 +936,11 @@ INSTALLFLAGS+=     -h sha256
 IMAKE_INSTALL= INSTALL="${INSTALL_CMD} ${INSTALLFLAGS}"
 IMAKE_MTREE=   MTREE_CMD="${MTREE_CMD} ${MTREEFLAGS}"
 .endif
+.if make(distributeworld)
+CERTCTLDESTDIR=        ${DESTDIR}/${DISTDIR}/base
+.else
+CERTCTLDESTDIR=        ${DESTDIR}
+.endif
 
 DESTDIR_MTREEFLAGS=    -deU
 # When creating worldtmp we don't need to set the directories as owned by root
@@ -1443,13 +1448,15 @@ distributeworld installworld stageworld: _installcheck
        ${DESTDIR}/${DISTDIR}/${dist}.debug.meta
 .endfor
 .endif
-.elif make(installworld) && ${MK_CAROOT} != "no"
+.endif # make(distributeworld)
+.if !make(packageworld) && ${MK_CAROOT} != "no"
        @if which openssl>/dev/null; then \
-               sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCLTFLAGS} rehash 
\
+               DESTDIR=${CERTCTLDESTDIR} \
+                   sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCTLFLAGS} 
rehash \
        else \
                echo "No openssl on the host, not rehashing certificates target 
-- /etc/ssl may not be populated."; \
        fi
-.endif # make(distributeworld)
+.endif
 
 packageworld: .PHONY
 .for dist in base ${EXTRA_DISTRIBUTIONS}
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to