git: 1abc6bb68665 - main - security/ca_root_nss: handle bundle links consistently for ETCSYMLINK

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dag-Erling Smørgrav <des_at_FreeBSD.org>
Date: Mon, 17 Feb 2025 12:12:46 UTC
The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/ports/commit/?id=1abc6bb68665c59c26a5cc65fc5e336d34bb7d88

commit 1abc6bb68665c59c26a5cc65fc5e336d34bb7d88
Author:     Franco Fichtner <franco@opnsense.org>
AuthorDate: 2025-02-17 11:48:39 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2025-02-17 12:12:15 +0000

    security/ca_root_nss: handle bundle links consistently for ETCSYMLINK
    
    /usr/local/openssl/cert.pem is the default location for security/openssl
    so it should be handled just like /etc/ssl/cert.pem base OpenSSL. To
    avoid having samples and copies with differing contents point both files
    to the actual /usr/local/etc/ssl/cert.pem created by the sample. If users
    have set their own content that is likely intended and should be enforced
    across all three files.
    
    MFH:            2025Q1
    PR:             283161
    Differential Revision:  https://reviews.freebsd.org/D47908
---
 security/ca_root_nss/Makefile  | 9 +++++----
 security/ca_root_nss/pkg-plist | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/security/ca_root_nss/Makefile b/security/ca_root_nss/Makefile
index ce23fe17c535..6c67b741717e 100644
--- a/security/ca_root_nss/Makefile
+++ b/security/ca_root_nss/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	ca_root_nss
 PORTVERSION=	${VERSION_NSS}
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
 DISTNAME=	nss-${VERSION_NSS}${NSS_SUFFIX}
@@ -21,7 +22,7 @@ OPTIONS_DEFAULT=	ETCSYMLINK
 
 OPTIONS_SUB=		yes
 
-ETCSYMLINK_DESC=	Add symlink to /etc/ssl/cert.pem
+ETCSYMLINK_DESC=	Add symlinks to default bundle locations
 ETCSYMLINK_CONFLICTS_INSTALL=	ca-roots-[0-9]*
 
 CERTDIR?=	share/certs
@@ -45,11 +46,11 @@ do-install:
 	${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/${CERTDIR}
 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/ssl
 	${LN} -sf ../../${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem.sample
-	${MKDIR} ${STAGEDIR}${PREFIX}/openssl
-	${LN} -sf ../${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/openssl/cert.pem.sample
 
 do-install-ETCSYMLINK-on:
+	${MKDIR} ${STAGEDIR}${PREFIX}/openssl
+	${LN} -sf ../etc/ssl/cert.pem ${STAGEDIR}${PREFIX}/openssl/cert.pem
 	${MKDIR} ${STAGEDIR}/etc/ssl
-	${LN} -sf ../..${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}/etc/ssl/cert.pem
+	${LN} -sf ../..${PREFIX}/etc/ssl/cert.pem ${STAGEDIR}/etc/ssl/cert.pem
 
 .include <bsd.port.mk>
diff --git a/security/ca_root_nss/pkg-plist b/security/ca_root_nss/pkg-plist
index 81d723328b37..7899413567aa 100644
--- a/security/ca_root_nss/pkg-plist
+++ b/security/ca_root_nss/pkg-plist
@@ -1,6 +1,6 @@
 %%CERTDIR%%/ca-root-nss.crt
 @sample etc/ssl/cert.pem.sample
-@sample openssl/cert.pem.sample
+%%ETCSYMLINK%%openssl/cert.pem
 %%ETCSYMLINK%%/etc/ssl/cert.pem
 @postexec certctl rehash
 @postunexec certctl rehash