git: 5fe15d7cf39b - main - release: Don't install caroot in OCI images.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 22 Jul 2025 19:08:30 UTC
The branch main has been updated by des:
URL: https://cgit.FreeBSD.org/src/commit/?id=5fe15d7cf39b7c29d0bad3839bbdafe29d5aa33d
commit 5fe15d7cf39b7c29d0bad3839bbdafe29d5aa33d
Author: Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2025-07-22 19:06:51 +0000
Commit: Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-07-22 19:07:07 +0000
release: Don't install caroot in OCI images.
Instead, use certctl to install certificates directly from the source
tree into the image.
Reviewed by: dfr
Differential Revision: https://reviews.freebsd.org/D51404
---
release/tools/oci-image-static.conf | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/release/tools/oci-image-static.conf b/release/tools/oci-image-static.conf
index 753a03af653b..8e642d9defce 100644
--- a/release/tools/oci-image-static.conf
+++ b/release/tools/oci-image-static.conf
@@ -14,7 +14,7 @@ oci_image_build() {
mtree -deU -p $m/usr -f ${srcdir}/etc/mtree/BSD.usr.dist > /dev/null
mtree -deU -p $m/usr/include -f ${srcdir}/etc/mtree/BSD.include.dist > /dev/null
mtree -deU -p $m/usr/lib -f ${srcdir}/etc/mtree/BSD.debug.dist > /dev/null
- install_packages ${abi} ${workdir} FreeBSD-caroot FreeBSD-zoneinfo
+ install_packages ${abi} ${workdir} FreeBSD-zoneinfo
cp ${srcdir}/etc/master.passwd $m/etc
pwd_mkdb -p -d $m/etc $m/etc/master.passwd || return $?
cp ${srcdir}/etc/group $m/etc || return $?
@@ -22,7 +22,10 @@ oci_image_build() {
# working directory to OBJDIR/release
cp ../etc/termcap/termcap.small $m/etc/termcap.small || return $?
cp ../etc/termcap/termcap.small $m/usr/share/misc/termcap || return $?
- env DESTDIR=$m /usr/sbin/certctl rehash
+ env DESTDIR=$m \
+ TRUSTPATH=${srcdir}/secure/caroot/trusted \
+ UNTRUSTPATH=${srcdir}/secure/caroot/untrusted \
+ certctl -c rehash
# Generate a suitable repo config for pkgbase
case ${branch} in
CURRENT|STABLE|BETA*)