git: 483e74f44b82 - main - security/ca_root_nss: Use certctl instead of a symlink.
Date: Fri, 06 Oct 2023 15:49:08 UTC
The branch main has been updated by des:
URL: https://cgit.FreeBSD.org/ports/commit/?id=483e74f44b82f20bddd5608beef74b2a5ab38a88
commit 483e74f44b82f20bddd5608beef74b2a5ab38a88
Author: Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2023-10-06 15:45:21 +0000
Commit: Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2023-10-06 15:48:57 +0000
security/ca_root_nss: Use certctl instead of a symlink.
MFH: 2023Q4
Reviewed by: fluffy, sunpoet
Differential Revision: https://reviews.freebsd.org/D42045
---
security/ca_root_nss/Makefile | 12 +-----------
security/ca_root_nss/files/pkg-message.in | 14 --------------
security/ca_root_nss/pkg-plist | 6 ++----
3 files changed, 3 insertions(+), 29 deletions(-)
diff --git a/security/ca_root_nss/Makefile b/security/ca_root_nss/Makefile
index db98535229c1..3abe00856c78 100644
--- a/security/ca_root_nss/Makefile
+++ b/security/ca_root_nss/Makefile
@@ -1,6 +1,6 @@
PORTNAME= ca_root_nss
PORTVERSION= ${VERSION_NSS}
-PORTREVISION= 0
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX}
@@ -17,14 +17,8 @@ USE_PERL5= build
NO_ARCH= yes
WRKSRC_SUBDIR= nss
-OPTIONS_DEFINE= ETCSYMLINK
-OPTIONS_DEFAULT= ETCSYMLINK
-
OPTIONS_SUB= yes
-ETCSYMLINK_DESC= Add symlink to /etc/ssl/cert.pem
-ETCSYMLINK_CONFLICTS_INSTALL= ca-roots-[0-9]*
-
CERTDIR?= share/certs
PLIST_SUB+= CERTDIR=${CERTDIR}
@@ -49,8 +43,4 @@ do-install:
${MKDIR} ${STAGEDIR}${PREFIX}/openssl
${LN} -sf ../${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/openssl/cert.pem.sample
-do-install-ETCSYMLINK-on:
- ${MKDIR} ${STAGEDIR}/etc/ssl
- ${LN} -sf ../..${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}/etc/ssl/cert.pem
-
.include <bsd.port.mk>
diff --git a/security/ca_root_nss/files/pkg-message.in b/security/ca_root_nss/files/pkg-message.in
index d937df3a0922..a28b233e6599 100644
--- a/security/ca_root_nss/files/pkg-message.in
+++ b/security/ca_root_nss/files/pkg-message.in
@@ -7,20 +7,6 @@ audited for trustworthiness or RFC 3647 compliance.
Assessment and verification of trust is the complete responsibility of the
system administrator.
-
-
-This package installs symlinks to support root certificates discovery by
-default for software that uses OpenSSL.
-
-This enables SSL Certificate Verification by client software without manual
-intervention.
-
-If you prefer to do this manually, replace the following symlinks with
-either an empty file or your site-local certificate bundle.
-
- * /etc/ssl/cert.pem
- * %%PREFIX%%/etc/ssl/cert.pem
- * %%PREFIX%%/openssl/cert.pem
EOM
}
]
diff --git a/security/ca_root_nss/pkg-plist b/security/ca_root_nss/pkg-plist
index e8111772d308..ef04e1ffd140 100644
--- a/security/ca_root_nss/pkg-plist
+++ b/security/ca_root_nss/pkg-plist
@@ -1,6 +1,4 @@
%%CERTDIR%%/ca-root-nss.crt
-@sample etc/ssl/cert.pem.sample
-@sample openssl/cert.pem.sample
-%%ETCSYMLINK%%/etc/ssl/cert.pem
-%%ETCSYMLINK%%@dir /etc/ssl
+@postexec certctl rehash
+@postunexec certctl rehash
@postexec [ ! -e %%LOCALBASE%%/bin/cert-sync ] || %%LOCALBASE%%/bin/cert-sync --quiet %%PREFIX%%/share/certs/ca-root-nss.crt