From nobody Mon Feb 17 12:12:46 2025
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YxM3z4YnDz5nXw9;
	Mon, 17 Feb 2025 12:12:47 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YxM3y2MGbz4CMN;
	Mon, 17 Feb 2025 12:12:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1739794366;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=KwigzZ5uS4zoFVffdhSN4ju0NVFrVDkrShrzE8R0sA4=;
	b=t3P7B84zBjTPaCTQb/Ufn2fOtxYKUkSOgsk5Rf/1LpYJkBEQI4fr3HAYn42cg62/B1+RHl
	njiw7J0POu6zJQtkNLB9bIcKIi+sT9wojK7w6fPYuG18HOHE2S7pNQKAjoQF8VaumpULWW
	RSbVe418auma2olAdx7PQMQFDeWn7VAZGOzrt2c3KzmZzVhLp9JPLP4VYpvHWm+N3KHyeW
	9ERdHLju5y2XfYTs3RW82c7SkzJIyNDhjrV1dX14Vr90qbT3i4ctXuj+RKHEumVWOTf5L5
	EhSZbj5cxoO+vPlYNv08zxU3U8MGGDBG87iPbCypD/PXHEliN3XP0EQiGH4V+Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1739794366; a=rsa-sha256; cv=none;
	b=xgX1m5ZX3TRR0Cn9kk+IWJ7WAa7hFY/+poGTHdIq2hXhvZXHnAeSVTjyX5GW3a2d6AKvsY
	2GRVi6Q+Q813w3n51/Wt0NOIHUZzXeuUJLcMTU3uAkBoEHxaOrNqv500Y0dTTXIjRZGNFG
	C5Me/q3IG64tUuZmL7WMRPFupELG0W7FzEiT8J0rSRLft/vmC/VNs6PttfBS6rkca3zAlo
	/B1OsTfXfBtCaMrQWSmqbkgUlxd5iMKQxhBjwyWIRZOsOLeJ0jBG8Ws5x/iAgag5IZxDAO
	vlhG+c3AaJ0DiTSfxwUHI9oIpqKMSC586Lc3HLLTICvhDclfxAbu/8z4y03ArA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1739794366;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=KwigzZ5uS4zoFVffdhSN4ju0NVFrVDkrShrzE8R0sA4=;
	b=brsIt0uiV7r+OIGGwm1sqh4rsjvzv1VxIRrqcFlWh5xcEy5YboG9W2b/Xc7ROvs1PllQu/
	IrkQGNTbsuTBSAXfjYCRwLGxmxlCesk3egkFRopeq1IDdSuZDwPI/x38GGCVt6ac2S85Gc
	iTVOVH9+bHr7hJJsD1eKR7dKE/Z3EWTo1tKnwBSvMQ64tdNnj0vm59G+eHu1IG/VLFyQRo
	cHHTa7HhWzRlX6ZaGmwTATNguPVeNK6gwNdRoy2odNSIs/HhKxG9BlOVZ04lswZ4xOnyQn
	uL75TZEVfBe3qW9kPzkpo13ZKJKhOXPsNj0jXukkWhZFKZekvFUeMn3AQ+ql5Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YxM3y1W3XzZLr;
	Mon, 17 Feb 2025 12:12:46 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 51HCCkpN092253;
	Mon, 17 Feb 2025 12:12:46 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 51HCCknE092250;
	Mon, 17 Feb 2025 12:12:46 GMT
	(envelope-from git)
Date: Mon, 17 Feb 2025 12:12:46 GMT
Message-Id: <202502171212.51HCCknE092250@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org>
Subject: git: 1abc6bb68665 - main - security/ca_root_nss: handle
  bundle links consistently for ETCSYMLINK
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: des
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 1abc6bb68665c59c26a5cc65fc5e336d34bb7d88
Auto-Submitted: auto-generated

The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1abc6bb68665c59c26a5cc65fc5e336d34bb7d88

commit 1abc6bb68665c59c26a5cc65fc5e336d34bb7d88
Author:     Franco Fichtner <franco@opnsense.org>
AuthorDate: 2025-02-17 11:48:39 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-02-17 12:12:15 +0000

    security/ca_root_nss: handle bundle links consistently for ETCSYMLINK
    
    /usr/local/openssl/cert.pem is the default location for security/openssl
    so it should be handled just like /etc/ssl/cert.pem base OpenSSL. To
    avoid having samples and copies with differing contents point both files
    to the actual /usr/local/etc/ssl/cert.pem created by the sample. If users
    have set their own content that is likely intended and should be enforced
    across all three files.
    
    MFH:            2025Q1
    PR:             283161
    Differential Revision:  https://reviews.freebsd.org/D47908
---
 security/ca_root_nss/Makefile  | 9 +++++----
 security/ca_root_nss/pkg-plist | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/security/ca_root_nss/Makefile b/security/ca_root_nss/Makefile
index ce23fe17c535..6c67b741717e 100644
--- a/security/ca_root_nss/Makefile
+++ b/security/ca_root_nss/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	ca_root_nss
 PORTVERSION=	${VERSION_NSS}
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
 DISTNAME=	nss-${VERSION_NSS}${NSS_SUFFIX}
@@ -21,7 +22,7 @@ OPTIONS_DEFAULT=	ETCSYMLINK
 
 OPTIONS_SUB=		yes
 
-ETCSYMLINK_DESC=	Add symlink to /etc/ssl/cert.pem
+ETCSYMLINK_DESC=	Add symlinks to default bundle locations
 ETCSYMLINK_CONFLICTS_INSTALL=	ca-roots-[0-9]*
 
 CERTDIR?=	share/certs
@@ -45,11 +46,11 @@ do-install:
 	${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/${CERTDIR}
 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/ssl
 	${LN} -sf ../../${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem.sample
-	${MKDIR} ${STAGEDIR}${PREFIX}/openssl
-	${LN} -sf ../${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/openssl/cert.pem.sample
 
 do-install-ETCSYMLINK-on:
+	${MKDIR} ${STAGEDIR}${PREFIX}/openssl
+	${LN} -sf ../etc/ssl/cert.pem ${STAGEDIR}${PREFIX}/openssl/cert.pem
 	${MKDIR} ${STAGEDIR}/etc/ssl
-	${LN} -sf ../..${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}/etc/ssl/cert.pem
+	${LN} -sf ../..${PREFIX}/etc/ssl/cert.pem ${STAGEDIR}/etc/ssl/cert.pem
 
 .include <bsd.port.mk>
diff --git a/security/ca_root_nss/pkg-plist b/security/ca_root_nss/pkg-plist
index 81d723328b37..7899413567aa 100644
--- a/security/ca_root_nss/pkg-plist
+++ b/security/ca_root_nss/pkg-plist
@@ -1,6 +1,6 @@
 %%CERTDIR%%/ca-root-nss.crt
 @sample etc/ssl/cert.pem.sample
-@sample openssl/cert.pem.sample
+%%ETCSYMLINK%%openssl/cert.pem
 %%ETCSYMLINK%%/etc/ssl/cert.pem
 @postexec certctl rehash
 @postunexec certctl rehash