Date: Sat, 9 May 2020 02:01:29 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r360833 - head Message-ID: <202005090201.04921Tpf028388@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Sat May 9 02:01:29 2020 New Revision: 360833 URL: https://svnweb.freebsd.org/changeset/base/360833 Log: installworld: attempt a certctl rehash at the tail end This can be run as root or normal user with no problem; if they hadn't twisted the WITHOUT_CAROOT knob, we'll attempt to use the host certctl to rehash the DESTDIR. This would allow one to build systems WITHOUT_OPENSSL + WITH_CAROOT with a populated /etc/ssl that they can then use with an appropriate *ssl from somewhere else. Cross-builds are fine because this will always use the host certctl, or just nag if it's missing and it wasn't a WITHOUT_CAROOT build. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D24641 Modified: head/Makefile.inc1 Modified: head/Makefile.inc1 ============================================================================== --- head/Makefile.inc1 Sat May 9 01:48:08 2020 (r360832) +++ head/Makefile.inc1 Sat May 9 02:01:29 2020 (r360833) @@ -1403,6 +1403,16 @@ distributeworld installworld stageworld: _installcheck ${DESTDIR}/${DISTDIR}/${dist}.debug.meta .endfor .endif +.elif make(installworld) && ${MK_CAROOT} != "no" + # We could make certctl a bootstrap tool, but it requires OpenSSL and + # friends, which we likely don't want. We'll rehash on a best-effort + # basis, otherwise we'll just mention that we're not doing it to raise + # awareness. + @if which certctl>/dev/null; then \ + certctl rehash \ + else \ + echo "No certctl on the host, not rehashing target -- /etc/ssl may not be populated."; \ + fi .endif packageworld: .PHONY
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005090201.04921Tpf028388>