Date: Mon, 31 Jul 2023 07:29:25 +0000 From: bugzilla-noreply@freebsd.org To: pkgbase@FreeBSD.org Subject: [Bug 272816] pkgbase: caroot and openssl packages need reorganising Message-ID: <bug-272816-36141-TOzL0fWPPC@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-272816-36141@https.bugs.freebsd.org/bugzilla/> References: <bug-272816-36141@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272816 --- Comment #2 from dfr@rabson.org --- In my (admittedly specialised) example, I'm installing FreeBSD-caroot into an empty directory using 'pkg --rootdir' (actually not quite empty - I use mtree to create a directory structure). In this usage, pkg runs the host certctl with a DESTDIR env var to tell it what to work on. This also pulls in FreeBSD-openssl as an explict dependency added by generate-ucl.sh and FreeBSD-clibs, probably as an implicit dependency from FreeBSD-openssl. While the resulting image does contain the certctl script, it doesn't work since the image doesn't have /bin/sh. What I'm proposing is to split out the certificate data from caroot e.g. into FreeBSD-certificates which caroot would explicitly depend on. For my image building I can install FreeBSD-certificates and then run certctl manually to create the required structure. This is enough to build a suitable image for statically linked workloads. Splitting the libraries out from FreeBSD-openssl is straightforward and will let me build a similar image for dynamically linked workloads without having to add the openssl binary. I'll hack on this a little today and see if this works out. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272816-36141-TOzL0fWPPC>