fbd46fe94a
The original intention for caroot was to be packaged separately, perhaps so that users can have a more/less conservative upgrade policy for this separated from the rest of base. secure/caroot/Makefile doesn't have anything interesting to package, but its subdirectories might. Move the PACKAGE= to Makefile.inc so both blacklisted and trusted get packaged consistently into the correct one rather than the default -utilities. Also tag the directories for package=caroot, as they could also be empty; blacklisted is empty by default, but trusted is not. Add a post-install script to do certctl rehash, along with a note should we eventually come up with a way to detect that files have been added or removed that requires a rehash. -caroot gets a dependency on -utilities, as that's where we provide certctl at the moment. We can perhaps reconsider this and put certctl into this package in the future, but there are some bits within -utilities that unconditionally invoke certctl so let's hold off for now. Reviewed by: manu (earlier version, before -utilities dep added) Differential Revision: https://reviews.freebsd.org/D23352
19 lines
484 B
Makefile
19 lines
484 B
Makefile
# $FreeBSD$
|
|
|
|
CLEANFILES+= certdata.txt
|
|
|
|
SUBDIR+= trusted
|
|
SUBDIR+= blacklisted
|
|
|
|
.include <bsd.obj.mk>
|
|
|
|
# To be used by secteam@ to update the trusted certificates
|
|
fetchcerts: .PHONY
|
|
fetch --no-sslv3 --no-tlsv1 -o certdata.txt 'https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt'
|
|
|
|
cleancerts: .PHONY
|
|
@${MAKE} -C ${.CURDIR}/trusted ${.TARGET}
|
|
|
|
updatecerts: .PHONY cleancerts fetchcerts
|
|
perl ${.CURDIR}/MAca-bundle.pl -i certdata.txt -o ${.CURDIR}/trusted
|