aboutsummaryrefslogtreecommitdiffstats
path: root/Makefile.inc1
diff options
context:
space:
mode:
authorKyle Evans <kevans@FreeBSD.org>2020-09-17 02:18:21 +0000
committerKyle Evans <kevans@FreeBSD.org>2020-09-17 02:18:21 +0000
commit185e8af021c62becd3029045655d2b84447d0375 (patch)
tree59d7fcd39be3ca2fa8777569c1d5e1f3e2043ca6 /Makefile.inc1
parentdd90d96342e20e14e2a0dd3ded4189fd14452c69 (diff)
downloadsrc-185e8af021c62becd3029045655d2b84447d0375.tar.gz
src-185e8af021c62becd3029045655d2b84447d0375.zip
installworld: run `certctl rehash` after installation completes
This was originally introduced back in r360833, and subsequently reverted because it was broken for -DNO_ROOT builds and it may not have been the correct place for it. While debatably this may still not be 'the correct place,' it's much cleaner than scattering rehashes all throughout the tree. brooks has fixed the issue with -DNO_ROOT by properly writing to the METALOG in r361397. Do note that this is different than what was originally committed; brooks had revisions in D24932 that made it actually use the revised unprivileged mode and write to METALOG, along with being a little more friendly to foreign crossbuilds and just using the certctl in-tree. With this change, I believe we should now have a populated /etc/ssl/certs in the VM images. MFC after: 1 week
Notes
Notes: svn path=/head/; revision=365829
Diffstat (limited to 'Makefile.inc1')
-rw-r--r--Makefile.inc110
1 files changed, 9 insertions, 1 deletions
diff --git a/Makefile.inc1 b/Makefile.inc1
index 99d1204da5c6..23b196eb2391 100644
--- a/Makefile.inc1
+++ b/Makefile.inc1
@@ -924,7 +924,9 @@ INSTALL_DDIR= ${_INSTALL_DDIR:S://:/:g:C:/$::}
METALOG?= ${DESTDIR}/${DISTDIR}/METALOG
METALOG:= ${METALOG:C,//+,/,g}
IMAKE+= -DNO_ROOT METALOG=${METALOG}
-INSTALLFLAGS+= -U -M ${METALOG} -D ${INSTALL_DDIR}
+METALOG_INSTALLFLAGS= -U -M ${METALOG} -D ${INSTALL_DDIR}
+INSTALLFLAGS+= ${METALOG_INSTALLFLAGS}
+CERTCLTFLAGS= ${METALOG_INSTALLFLAGS}
MTREEFLAGS+= -W
.endif
.if defined(BUILD_PKGS)
@@ -1441,6 +1443,12 @@ distributeworld installworld stageworld: _installcheck_world .PHONY
${DESTDIR}/${DISTDIR}/${dist}.debug.meta
.endfor
.endif
+.elif make(installworld) && ${MK_CAROOT} != "no"
+ @if which openssl>/dev/null; then \
+ sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCLTFLAGS} rehash \
+ else \
+ echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \
+ fi
.endif # make(distributeworld)
packageworld: .PHONY