svn commit: r365837 - head

Kyle Evans kevans at FreeBSD.org
Thu Sep 17 15:58:43 UTC 2020


Author: kevans
Date: Thu Sep 17 15:58:42 2020
New Revision: 365837
URL: https://svnweb.freebsd.org/changeset/base/365837

Log:
  Promote the installworld `certctl rehash` to distributeworld
  
  Contrary to my belief, installworld is not sufficient for getting certs
  installed into VM images. Promote the rehash to both installworld and
  distributeworld (notably: not stageworld) and rehash the base distdir so we
  end up with /etc/ssl/certs populated in the base dist archive. A future
  commit will remove the rehash from bsdinstall, which doesn't really need to
  happen if they're installed into base.txz.
  
  While here, fix a minor typo: s/CERTCLTFLAGS/CERTCTLFLAGS/
  
  MFC after:	1 week

Modified:
  head/Makefile.inc1

Modified: head/Makefile.inc1
==============================================================================
--- head/Makefile.inc1	Thu Sep 17 15:07:25 2020	(r365836)
+++ head/Makefile.inc1	Thu Sep 17 15:58:42 2020	(r365837)
@@ -926,7 +926,7 @@ METALOG:=	${METALOG:C,//+,/,g}
 IMAKE+=		-DNO_ROOT METALOG=${METALOG}
 METALOG_INSTALLFLAGS=	-U -M ${METALOG} -D ${INSTALL_DDIR}
 INSTALLFLAGS+=	${METALOG_INSTALLFLAGS}
-CERTCLTFLAGS=	${METALOG_INSTALLFLAGS}
+CERTCTLFLAGS=	${METALOG_INSTALLFLAGS}
 MTREEFLAGS+=	-W
 .endif
 .if defined(BUILD_PKGS)
@@ -936,6 +936,11 @@ INSTALLFLAGS+=	-h sha256
 IMAKE_INSTALL=	INSTALL="${INSTALL_CMD} ${INSTALLFLAGS}"
 IMAKE_MTREE=	MTREE_CMD="${MTREE_CMD} ${MTREEFLAGS}"
 .endif
+.if make(distributeworld)
+CERTCTLDESTDIR=	${DESTDIR}/${DISTDIR}/base
+.else
+CERTCTLDESTDIR=	${DESTDIR}
+.endif
 
 DESTDIR_MTREEFLAGS=	-deU
 # When creating worldtmp we don't need to set the directories as owned by root
@@ -1443,13 +1448,15 @@ distributeworld installworld stageworld: _installcheck
 	${DESTDIR}/${DISTDIR}/${dist}.debug.meta
 .endfor
 .endif
-.elif make(installworld) && ${MK_CAROOT} != "no"
+.endif # make(distributeworld)
+.if !make(packageworld) && ${MK_CAROOT} != "no"
 	@if which openssl>/dev/null; then \
-		sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCLTFLAGS} rehash \
+		DESTDIR=${CERTCTLDESTDIR} \
+		    sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCTLFLAGS} rehash \
 	else \
 		echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \
 	fi
-.endif # make(distributeworld)
+.endif
 
 packageworld: .PHONY
 .for dist in base ${EXTRA_DISTRIBUTIONS}


More information about the svn-src-all mailing list