Promote the installworld certctl rehash
to distributeworld
Contrary to my belief, installworld is not sufficient for getting certs installed into VM images. Promote the rehash to both installworld and distributeworld (notably: not stageworld) and rehash the base distdir so we end up with /etc/ssl/certs populated in the base dist archive. A future commit will remove the rehash from bsdinstall, which doesn't really need to happen if they're installed into base.txz. While here, fix a minor typo: s/CERTCLTFLAGS/CERTCTLFLAGS/ MFC after: 1 week
This commit is contained in:
parent
0e1e341b48
commit
ca4b73c348
@ -926,7 +926,7 @@ METALOG:= ${METALOG:C,//+,/,g}
|
|||||||
IMAKE+= -DNO_ROOT METALOG=${METALOG}
|
IMAKE+= -DNO_ROOT METALOG=${METALOG}
|
||||||
METALOG_INSTALLFLAGS= -U -M ${METALOG} -D ${INSTALL_DDIR}
|
METALOG_INSTALLFLAGS= -U -M ${METALOG} -D ${INSTALL_DDIR}
|
||||||
INSTALLFLAGS+= ${METALOG_INSTALLFLAGS}
|
INSTALLFLAGS+= ${METALOG_INSTALLFLAGS}
|
||||||
CERTCLTFLAGS= ${METALOG_INSTALLFLAGS}
|
CERTCTLFLAGS= ${METALOG_INSTALLFLAGS}
|
||||||
MTREEFLAGS+= -W
|
MTREEFLAGS+= -W
|
||||||
.endif
|
.endif
|
||||||
.if defined(BUILD_PKGS)
|
.if defined(BUILD_PKGS)
|
||||||
@ -936,6 +936,11 @@ INSTALLFLAGS+= -h sha256
|
|||||||
IMAKE_INSTALL= INSTALL="${INSTALL_CMD} ${INSTALLFLAGS}"
|
IMAKE_INSTALL= INSTALL="${INSTALL_CMD} ${INSTALLFLAGS}"
|
||||||
IMAKE_MTREE= MTREE_CMD="${MTREE_CMD} ${MTREEFLAGS}"
|
IMAKE_MTREE= MTREE_CMD="${MTREE_CMD} ${MTREEFLAGS}"
|
||||||
.endif
|
.endif
|
||||||
|
.if make(distributeworld)
|
||||||
|
CERTCTLDESTDIR= ${DESTDIR}/${DISTDIR}/base
|
||||||
|
.else
|
||||||
|
CERTCTLDESTDIR= ${DESTDIR}
|
||||||
|
.endif
|
||||||
|
|
||||||
DESTDIR_MTREEFLAGS= -deU
|
DESTDIR_MTREEFLAGS= -deU
|
||||||
# When creating worldtmp we don't need to set the directories as owned by root
|
# When creating worldtmp we don't need to set the directories as owned by root
|
||||||
@ -1443,13 +1448,15 @@ distributeworld installworld stageworld: _installcheck_world .PHONY
|
|||||||
${DESTDIR}/${DISTDIR}/${dist}.debug.meta
|
${DESTDIR}/${DISTDIR}/${dist}.debug.meta
|
||||||
.endfor
|
.endfor
|
||||||
.endif
|
.endif
|
||||||
.elif make(installworld) && ${MK_CAROOT} != "no"
|
.endif # make(distributeworld)
|
||||||
|
.if !make(packageworld) && ${MK_CAROOT} != "no"
|
||||||
@if which openssl>/dev/null; then \
|
@if which openssl>/dev/null; then \
|
||||||
sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCLTFLAGS} rehash \
|
DESTDIR=${CERTCTLDESTDIR} \
|
||||||
|
sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCTLFLAGS} rehash \
|
||||||
else \
|
else \
|
||||||
echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \
|
echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \
|
||||||
fi
|
fi
|
||||||
.endif # make(distributeworld)
|
.endif
|
||||||
|
|
||||||
packageworld: .PHONY
|
packageworld: .PHONY
|
||||||
.for dist in base ${EXTRA_DISTRIBUTIONS}
|
.for dist in base ${EXTRA_DISTRIBUTIONS}
|
||||||
|
Loading…
Reference in New Issue
Block a user