aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKyle Evans <kevans@FreeBSD.org>2020-09-17 15:58:42 +0000
committerKyle Evans <kevans@FreeBSD.org>2020-09-17 15:58:42 +0000
commitca4b73c348f39898d6949023e569169ddd92d9e0 (patch)
treeb288d5b3ccb4bfec2cfe3202c283af00e3649dac
parent0e1e341b486cdf4769195ba1e5b3cb32e7387873 (diff)
downloadsrc-ca4b73c348f39898d6949023e569169ddd92d9e0.tar.gz
src-ca4b73c348f39898d6949023e569169ddd92d9e0.zip
Promote the installworld `certctl rehash` to distributeworld
Contrary to my belief, installworld is not sufficient for getting certs installed into VM images. Promote the rehash to both installworld and distributeworld (notably: not stageworld) and rehash the base distdir so we end up with /etc/ssl/certs populated in the base dist archive. A future commit will remove the rehash from bsdinstall, which doesn't really need to happen if they're installed into base.txz. While here, fix a minor typo: s/CERTCLTFLAGS/CERTCTLFLAGS/ MFC after: 1 week
Notes
Notes: svn path=/head/; revision=365837
-rw-r--r--Makefile.inc115
1 files changed, 11 insertions, 4 deletions
diff --git a/Makefile.inc1 b/Makefile.inc1
index 23b196eb2391..46cecc5a9d1f 100644
--- a/Makefile.inc1
+++ b/Makefile.inc1
@@ -926,7 +926,7 @@ METALOG:= ${METALOG:C,//+,/,g}
IMAKE+= -DNO_ROOT METALOG=${METALOG}
METALOG_INSTALLFLAGS= -U -M ${METALOG} -D ${INSTALL_DDIR}
INSTALLFLAGS+= ${METALOG_INSTALLFLAGS}
-CERTCLTFLAGS= ${METALOG_INSTALLFLAGS}
+CERTCTLFLAGS= ${METALOG_INSTALLFLAGS}
MTREEFLAGS+= -W
.endif
.if defined(BUILD_PKGS)
@@ -936,6 +936,11 @@ INSTALLFLAGS+= -h sha256
IMAKE_INSTALL= INSTALL="${INSTALL_CMD} ${INSTALLFLAGS}"
IMAKE_MTREE= MTREE_CMD="${MTREE_CMD} ${MTREEFLAGS}"
.endif
+.if make(distributeworld)
+CERTCTLDESTDIR= ${DESTDIR}/${DISTDIR}/base
+.else
+CERTCTLDESTDIR= ${DESTDIR}
+.endif
DESTDIR_MTREEFLAGS= -deU
# When creating worldtmp we don't need to set the directories as owned by root
@@ -1443,13 +1448,15 @@ distributeworld installworld stageworld: _installcheck_world .PHONY
${DESTDIR}/${DISTDIR}/${dist}.debug.meta
.endfor
.endif
-.elif make(installworld) && ${MK_CAROOT} != "no"
+.endif # make(distributeworld)
+.if !make(packageworld) && ${MK_CAROOT} != "no"
@if which openssl>/dev/null; then \
- sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCLTFLAGS} rehash \
+ DESTDIR=${CERTCTLDESTDIR} \
+ sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCTLFLAGS} rehash \
else \
echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \
fi
-.endif # make(distributeworld)
+.endif
packageworld: .PHONY
.for dist in base ${EXTRA_DISTRIBUTIONS}