Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Jul 2025 19:08:30 GMT
From:      Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 5fe15d7cf39b - main - release: Don't install caroot in OCI images.
Message-ID:  <202507221908.56MJ8UY3038482@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=5fe15d7cf39b7c29d0bad3839bbdafe29d5aa33d

commit 5fe15d7cf39b7c29d0bad3839bbdafe29d5aa33d
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2025-07-22 19:06:51 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-07-22 19:07:07 +0000

    release: Don't install caroot in OCI images.
    
    Instead, use certctl to install certificates directly from the source
    tree into the image.
    
    Reviewed by:    dfr
    Differential Revision:  https://reviews.freebsd.org/D51404
---
 release/tools/oci-image-static.conf | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/release/tools/oci-image-static.conf b/release/tools/oci-image-static.conf
index 753a03af653b..8e642d9defce 100644
--- a/release/tools/oci-image-static.conf
+++ b/release/tools/oci-image-static.conf
@@ -14,7 +14,7 @@ oci_image_build() {
 	mtree -deU -p $m/usr -f ${srcdir}/etc/mtree/BSD.usr.dist > /dev/null
 	mtree -deU -p $m/usr/include -f ${srcdir}/etc/mtree/BSD.include.dist > /dev/null
 	mtree -deU -p $m/usr/lib -f ${srcdir}/etc/mtree/BSD.debug.dist > /dev/null
-	install_packages ${abi} ${workdir} FreeBSD-caroot FreeBSD-zoneinfo
+	install_packages ${abi} ${workdir} FreeBSD-zoneinfo
 	cp ${srcdir}/etc/master.passwd $m/etc
 	pwd_mkdb -p -d $m/etc $m/etc/master.passwd || return $?
 	cp ${srcdir}/etc/group $m/etc || return $?
@@ -22,7 +22,10 @@ oci_image_build() {
 	# working directory to OBJDIR/release
 	cp ../etc/termcap/termcap.small $m/etc/termcap.small || return $?
 	cp ../etc/termcap/termcap.small $m/usr/share/misc/termcap || return $?
-	env DESTDIR=$m /usr/sbin/certctl rehash
+	env DESTDIR=$m \
+	    TRUSTPATH=${srcdir}/secure/caroot/trusted \
+	    UNTRUSTPATH=${srcdir}/secure/caroot/untrusted \
+	    certctl -c rehash
 	# Generate a suitable repo config for pkgbase
 	case ${branch} in
 		CURRENT|STABLE|BETA*)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202507221908.56MJ8UY3038482>