svn commit: r365837 - head
Kyle Evans
kevans at FreeBSD.org
Thu Sep 17 15:58:43 UTC 2020
Author: kevans
Date: Thu Sep 17 15:58:42 2020
New Revision: 365837
URL: https://svnweb.freebsd.org/changeset/base/365837
Log:
Promote the installworld `certctl rehash` to distributeworld
Contrary to my belief, installworld is not sufficient for getting certs
installed into VM images. Promote the rehash to both installworld and
distributeworld (notably: not stageworld) and rehash the base distdir so we
end up with /etc/ssl/certs populated in the base dist archive. A future
commit will remove the rehash from bsdinstall, which doesn't really need to
happen if they're installed into base.txz.
While here, fix a minor typo: s/CERTCLTFLAGS/CERTCTLFLAGS/
MFC after: 1 week
Modified:
head/Makefile.inc1
Modified: head/Makefile.inc1
==============================================================================
--- head/Makefile.inc1 Thu Sep 17 15:07:25 2020 (r365836)
+++ head/Makefile.inc1 Thu Sep 17 15:58:42 2020 (r365837)
@@ -926,7 +926,7 @@ METALOG:= ${METALOG:C,//+,/,g}
IMAKE+= -DNO_ROOT METALOG=${METALOG}
METALOG_INSTALLFLAGS= -U -M ${METALOG} -D ${INSTALL_DDIR}
INSTALLFLAGS+= ${METALOG_INSTALLFLAGS}
-CERTCLTFLAGS= ${METALOG_INSTALLFLAGS}
+CERTCTLFLAGS= ${METALOG_INSTALLFLAGS}
MTREEFLAGS+= -W
.endif
.if defined(BUILD_PKGS)
@@ -936,6 +936,11 @@ INSTALLFLAGS+= -h sha256
IMAKE_INSTALL= INSTALL="${INSTALL_CMD} ${INSTALLFLAGS}"
IMAKE_MTREE= MTREE_CMD="${MTREE_CMD} ${MTREEFLAGS}"
.endif
+.if make(distributeworld)
+CERTCTLDESTDIR= ${DESTDIR}/${DISTDIR}/base
+.else
+CERTCTLDESTDIR= ${DESTDIR}
+.endif
DESTDIR_MTREEFLAGS= -deU
# When creating worldtmp we don't need to set the directories as owned by root
@@ -1443,13 +1448,15 @@ distributeworld installworld stageworld: _installcheck
${DESTDIR}/${DISTDIR}/${dist}.debug.meta
.endfor
.endif
-.elif make(installworld) && ${MK_CAROOT} != "no"
+.endif # make(distributeworld)
+.if !make(packageworld) && ${MK_CAROOT} != "no"
@if which openssl>/dev/null; then \
- sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCLTFLAGS} rehash \
+ DESTDIR=${CERTCTLDESTDIR} \
+ sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCTLFLAGS} rehash \
else \
echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \
fi
-.endif # make(distributeworld)
+.endif
packageworld: .PHONY
.for dist in base ${EXTRA_DISTRIBUTIONS}
More information about the svn-src-all
mailing list