From owner-svn-src-stable-12@freebsd.org Thu Feb 6 18:37:39 2020 Return-Path: Delivered-To: svn-src-stable-12@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EE5602339A3; Thu, 6 Feb 2020 18:37:39 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48D6cM3RYDz4QDp; Thu, 6 Feb 2020 18:37:39 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7158D1FF74; Thu, 6 Feb 2020 18:37:39 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 016Ibdrd011994; Thu, 6 Feb 2020 18:37:39 GMT (envelope-from kevans@FreeBSD.org) Received: (from kevans@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 016Ibdbe011993; Thu, 6 Feb 2020 18:37:39 GMT (envelope-from kevans@FreeBSD.org) Message-Id: <202002061837.016Ibdbe011993@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kevans set sender to kevans@FreeBSD.org using -f From: Kyle Evans Date: Thu, 6 Feb 2020 18:37:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r357633 - in stable: 11/secure/caroot/blacklisted 12/secure/caroot/blacklisted X-SVN-Group: stable-12 X-SVN-Commit-Author: kevans X-SVN-Commit-Paths: in stable: 11/secure/caroot/blacklisted 12/secure/caroot/blacklisted X-SVN-Commit-Revision: 357633 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-12@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 12-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Feb 2020 18:37:40 -0000 Author: kevans Date: Thu Feb 6 18:37:38 2020 New Revision: 357633 URL: https://svnweb.freebsd.org/changeset/base/357633 Log: MFC r357193: caroot: blacklisted: automatically pick up *.pem in the tree This kind of automagica got picked up in trusted/ prior to the initial commit, but never got applied over in blacklisted. Ideally no one will be using blacklisted/ to store arbitrary certs that they don't intend to blacklist, so we should just install anything that's in here rather than force consumer to first copy cert into place and then modify the file listing in the Makefile. Wise man once say: "it is better to restrict too much, than not enough. sometimes." Modified: stable/12/secure/caroot/blacklisted/Makefile Directory Properties: stable/12/ (props changed) Changes in other areas also in this revision: Modified: stable/11/secure/caroot/blacklisted/Makefile Directory Properties: stable/11/ (props changed) Modified: stable/12/secure/caroot/blacklisted/Makefile ============================================================================== --- stable/12/secure/caroot/blacklisted/Makefile Thu Feb 6 18:04:45 2020 (r357632) +++ stable/12/secure/caroot/blacklisted/Makefile Thu Feb 6 18:37:38 2020 (r357633) @@ -2,6 +2,8 @@ BINDIR= /usr/share/certs/blacklisted -FILES= +BLACKLISTED_CERTS!= ls ${.CURDIR}/*.pem 2> /dev/null || true + +FILES+= ${BLACKLISTED_CERTS} .include