installworld: attempt a certctl rehash at the tail end

This can be run as root or normal user with no problem; if they hadn't twisted the WITHOUT_CAROOT knob, we'll attempt to use the host certctl to rehash the DESTDIR. This would allow one to build systems WITHOUT_OPENSSL + WITH_CAROOT with a populated /etc/ssl that they can then use with an appropriate *ssl from somewhere else. Cross-builds are fine because this will always use the host certctl, or just nag if it's missing and it wasn't a WITHOUT_CAROOT build. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D24641
2020-05-09 02:01:29 +00:00 · 2020-05-09 02:01:29 +00:00 · 70868d48e8
commit 70868d48e8
parent a22a780752
1 changed files with 10 additions and 0 deletions
--- a/Makefile.inc1
+++ b/Makefile.inc1
@ -1403,6 +1403,16 @@ distributeworld installworld stageworld: _installcheck_world .PHONY
 	${DESTDIR}/${DISTDIR}/${dist}.debug.meta
 .endfor
 .endif
+.elif make(installworld) && ${MK_CAROOT} != "no"
+	# We could make certctl a bootstrap tool, but it requires OpenSSL and
+	# friends, which we likely don't want.  We'll rehash on a best-effort
+	# basis, otherwise we'll just mention that we're not doing it to raise
+	# awareness.
+	@if which certctl>/dev/null; then \
+		certctl rehash \
+	else \
+		echo "No certctl on the host, not rehashing target -- /etc/ssl may not be populated."; \
+	fi
 .endif

 packageworld: .PHONY