Promote the installworld certctl rehash to distributeworld

Contrary to my belief, installworld is not sufficient for getting certs
installed into VM images. Promote the rehash to both installworld and
distributeworld (notably: not stageworld) and rehash the base distdir so we
end up with /etc/ssl/certs populated in the base dist archive. A future
commit will remove the rehash from bsdinstall, which doesn't really need to
happen if they're installed into base.txz.

While here, fix a minor typo: s/CERTCLTFLAGS/CERTCTLFLAGS/

MFC after:	1 week
This commit is contained in:
Kyle Evans 2020-09-17 15:58:42 +00:00
parent 0e1e341b48
commit ca4b73c348

View File

@ -926,7 +926,7 @@ METALOG:= ${METALOG:C,//+,/,g}
IMAKE+= -DNO_ROOT METALOG=${METALOG} IMAKE+= -DNO_ROOT METALOG=${METALOG}
METALOG_INSTALLFLAGS= -U -M ${METALOG} -D ${INSTALL_DDIR} METALOG_INSTALLFLAGS= -U -M ${METALOG} -D ${INSTALL_DDIR}
INSTALLFLAGS+= ${METALOG_INSTALLFLAGS} INSTALLFLAGS+= ${METALOG_INSTALLFLAGS}
CERTCLTFLAGS= ${METALOG_INSTALLFLAGS} CERTCTLFLAGS= ${METALOG_INSTALLFLAGS}
MTREEFLAGS+= -W MTREEFLAGS+= -W
.endif .endif
.if defined(BUILD_PKGS) .if defined(BUILD_PKGS)
@ -936,6 +936,11 @@ INSTALLFLAGS+= -h sha256
IMAKE_INSTALL= INSTALL="${INSTALL_CMD} ${INSTALLFLAGS}" IMAKE_INSTALL= INSTALL="${INSTALL_CMD} ${INSTALLFLAGS}"
IMAKE_MTREE= MTREE_CMD="${MTREE_CMD} ${MTREEFLAGS}" IMAKE_MTREE= MTREE_CMD="${MTREE_CMD} ${MTREEFLAGS}"
.endif .endif
.if make(distributeworld)
CERTCTLDESTDIR= ${DESTDIR}/${DISTDIR}/base
.else
CERTCTLDESTDIR= ${DESTDIR}
.endif
DESTDIR_MTREEFLAGS= -deU DESTDIR_MTREEFLAGS= -deU
# When creating worldtmp we don't need to set the directories as owned by root # When creating worldtmp we don't need to set the directories as owned by root
@ -1443,13 +1448,15 @@ distributeworld installworld stageworld: _installcheck_world .PHONY
${DESTDIR}/${DISTDIR}/${dist}.debug.meta ${DESTDIR}/${DISTDIR}/${dist}.debug.meta
.endfor .endfor
.endif .endif
.elif make(installworld) && ${MK_CAROOT} != "no" .endif # make(distributeworld)
.if !make(packageworld) && ${MK_CAROOT} != "no"
@if which openssl>/dev/null; then \ @if which openssl>/dev/null; then \
sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCLTFLAGS} rehash \ DESTDIR=${CERTCTLDESTDIR} \
sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCTLFLAGS} rehash \
else \ else \
echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \ echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \
fi fi
.endif # make(distributeworld) .endif
packageworld: .PHONY packageworld: .PHONY
.for dist in base ${EXTRA_DISTRIBUTIONS} .for dist in base ${EXTRA_DISTRIBUTIONS}