svn commit: r360833 - head
Kyle Evans
kevans at FreeBSD.org
Sat May 9 02:01:29 UTC 2020
Author: kevans
Date: Sat May 9 02:01:29 2020
New Revision: 360833
URL: https://svnweb.freebsd.org/changeset/base/360833
Log:
installworld: attempt a certctl rehash at the tail end
This can be run as root or normal user with no problem; if they hadn't
twisted the WITHOUT_CAROOT knob, we'll attempt to use the host certctl to
rehash the DESTDIR. This would allow one to build systems WITHOUT_OPENSSL +
WITH_CAROOT with a populated /etc/ssl that they can then use with an
appropriate *ssl from somewhere else.
Cross-builds are fine because this will always use the host certctl, or just
nag if it's missing and it wasn't a WITHOUT_CAROOT build.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D24641
Modified:
head/Makefile.inc1
Modified: head/Makefile.inc1
==============================================================================
--- head/Makefile.inc1 Sat May 9 01:48:08 2020 (r360832)
+++ head/Makefile.inc1 Sat May 9 02:01:29 2020 (r360833)
@@ -1403,6 +1403,16 @@ distributeworld installworld stageworld: _installcheck
${DESTDIR}/${DISTDIR}/${dist}.debug.meta
.endfor
.endif
+.elif make(installworld) && ${MK_CAROOT} != "no"
+ # We could make certctl a bootstrap tool, but it requires OpenSSL and
+ # friends, which we likely don't want. We'll rehash on a best-effort
+ # basis, otherwise we'll just mention that we're not doing it to raise
+ # awareness.
+ @if which certctl>/dev/null; then \
+ certctl rehash \
+ else \
+ echo "No certctl on the host, not rehashing target -- /etc/ssl may not be populated."; \
+ fi
.endif
packageworld: .PHONY
More information about the svn-src-all
mailing list