Date: Thu, 17 Sep 2020 02:18:22 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r365829 - head Message-ID: <202009170218.08H2IMm5006244@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Thu Sep 17 02:18:21 2020 New Revision: 365829 URL: https://svnweb.freebsd.org/changeset/base/365829 Log: installworld: run `certctl rehash` after installation completes This was originally introduced back in r360833, and subsequently reverted because it was broken for -DNO_ROOT builds and it may not have been the correct place for it. While debatably this may still not be 'the correct place,' it's much cleaner than scattering rehashes all throughout the tree. brooks has fixed the issue with -DNO_ROOT by properly writing to the METALOG in r361397. Do note that this is different than what was originally committed; brooks had revisions in D24932 that made it actually use the revised unprivileged mode and write to METALOG, along with being a little more friendly to foreign crossbuilds and just using the certctl in-tree. With this change, I believe we should now have a populated /etc/ssl/certs in the VM images. MFC after: 1 week Modified: head/Makefile.inc1 Modified: head/Makefile.inc1 ============================================================================== --- head/Makefile.inc1 Thu Sep 17 02:03:51 2020 (r365828) +++ head/Makefile.inc1 Thu Sep 17 02:18:21 2020 (r365829) @@ -924,7 +924,9 @@ INSTALL_DDIR= ${_INSTALL_DDIR:S://:/:g:C:/$::} METALOG?= ${DESTDIR}/${DISTDIR}/METALOG METALOG:= ${METALOG:C,//+,/,g} IMAKE+= -DNO_ROOT METALOG=${METALOG} -INSTALLFLAGS+= -U -M ${METALOG} -D ${INSTALL_DDIR} +METALOG_INSTALLFLAGS= -U -M ${METALOG} -D ${INSTALL_DDIR} +INSTALLFLAGS+= ${METALOG_INSTALLFLAGS} +CERTCLTFLAGS= ${METALOG_INSTALLFLAGS} MTREEFLAGS+= -W .endif .if defined(BUILD_PKGS) @@ -1441,6 +1443,12 @@ distributeworld installworld stageworld: _installcheck ${DESTDIR}/${DISTDIR}/${dist}.debug.meta .endfor .endif +.elif make(installworld) && ${MK_CAROOT} != "no" + @if which openssl>/dev/null; then \ + sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCLTFLAGS} rehash \ + else \ + echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \ + fi .endif # make(distributeworld) packageworld: .PHONY
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009170218.08H2IMm5006244>