From 70868d48e8f364c0d0620d2314c9a431699fa538 Mon Sep 17 00:00:00 2001 From: Kyle Evans Date: Sat, 9 May 2020 02:01:29 +0000 Subject: [PATCH] installworld: attempt a certctl rehash at the tail end This can be run as root or normal user with no problem; if they hadn't twisted the WITHOUT_CAROOT knob, we'll attempt to use the host certctl to rehash the DESTDIR. This would allow one to build systems WITHOUT_OPENSSL + WITH_CAROOT with a populated /etc/ssl that they can then use with an appropriate *ssl from somewhere else. Cross-builds are fine because this will always use the host certctl, or just nag if it's missing and it wasn't a WITHOUT_CAROOT build. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D24641 --- Makefile.inc1 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Makefile.inc1 b/Makefile.inc1 index a303bc9d4aa6..e1a8ce883fd8 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -1403,6 +1403,16 @@ distributeworld installworld stageworld: _installcheck_world .PHONY ${DESTDIR}/${DISTDIR}/${dist}.debug.meta .endfor .endif +.elif make(installworld) && ${MK_CAROOT} != "no" + # We could make certctl a bootstrap tool, but it requires OpenSSL and + # friends, which we likely don't want. We'll rehash on a best-effort + # basis, otherwise we'll just mention that we're not doing it to raise + # awareness. + @if which certctl>/dev/null; then \ + certctl rehash \ + else \ + echo "No certctl on the host, not rehashing target -- /etc/ssl may not be populated."; \ + fi .endif packageworld: .PHONY