git: f20cf1e5dcbb - stable/13 - Makefile.inc1: Fix -DNO_ROOT distributeworld certctl usage

From: Jessica Clarke <>
Date: Tue, 01 Aug 2023 21:06:42 UTC
The branch stable/13 has been updated by jrtc27:


commit f20cf1e5dcbbc458846376451baae282f29b0c41
Author:     Jessica Clarke <>
AuthorDate: 2022-07-14 00:25:50 +0000
Commit:     Jessica Clarke <>
CommitDate: 2023-08-01 20:42:52 +0000

    Makefile.inc1: Fix -DNO_ROOT distributeworld certctl usage
    Currently for distributeworld we pass DESTDIR to as an
    environment variable, which sets the default value in the script.
    which includes -D ${DESTDIR}, overriding the custom DESTDIR pointing at
    the base dist directory.
    Moreover, in order to ensure that the METALOG includes the base/ prefix
    for all the files, we need to have certctl call install with -D set to
    DESTDIR/DISTDIR without the /base suffix but also ensure the files get
    installed to DESTDIR/DISTDIR/base.
    Fix these by passing the custom DESTDIR to certctl via -D rather than in
    the environment and to pass the /base suffix in the distributeworld case
    via the newly-added -d option.
    We also need to run certctl rehash before we generate the .meta files
    from the METALOG, not after, otherwise they won't include the METALOG
    additions, so move the certctl rehash call.
    Finally, add a missing semicolon that results in no message being
    printed in the missing openssl case. By not including the semicolon,
    else echo "..." is treated as extra arguments to certctl, which is lax
    in its argument parsing and ignores additional arguments, and the
    semicolon and fi after the intended echo terminate the if statement as
    normal so there's no syntax error at the shell level. This is harmless
    as we weren't trying to do anything other than echo anyway, all that
    happens is the echo doesn't actually get run.
    Reported by:    markj (missing semicolon)
    Reviewed by:    brooks, kevans
    Obtained from:  CheriBSD
    MFC after:      1 week
    Differential Revision:
    (cherry picked from commit 7e45839aca7157a73b0309e8cf4cb811d2cb5512)
 Makefile.inc1 | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/Makefile.inc1 b/Makefile.inc1
index 1328b7177a71..3f858b182238 100644
--- a/Makefile.inc1
+++ b/Makefile.inc1
 .if make(distributeworld)
+CERTCTLFLAGS+=	-d /base
 # When creating worldtmp we don't need to set the directories as owned by root
@@ -1450,6 +1452,14 @@ distributeworld installworld stageworld: _installcheck_world .PHONY
 .endif # make(distributeworld)
 	${_+_}cd ${.CURDIR}; ${IMAKE} re${.TARGET:S/world$//}; \
 	    ${IMAKEENV} rm -rf ${INSTALLTMP}
+.if !make(packageworld) && ${MK_CAROOT} != "no"
+	@if which openssl>/dev/null; then \
+		    sh ${SRCTOP}/usr.sbin/certctl/ ${CERTCTLFLAGS} rehash; \
+	else \
+		echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \
+	fi
 .if make(distributeworld)
 .for dist in ${EXTRA_DISTRIBUTIONS}
 	find ${DESTDIR}/${DISTDIR}/${dist} -mindepth 1 -type d -empty -delete
@@ -1477,14 +1487,6 @@ distributeworld installworld stageworld: _installcheck_world .PHONY
 .endif # make(distributeworld)
-.if !make(packageworld) && ${MK_CAROOT} != "no"
-	@if which openssl>/dev/null; then \
-		    sh ${SRCTOP}/usr.sbin/certctl/ ${CERTCTLFLAGS} rehash \
-	else \
-		echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \
-	fi
 packageworld: .PHONY
 .for dist in base ${EXTRA_DISTRIBUTIONS}