[Bug 258709] lang/mono6.8: cert-sync doesn't work on iocage style base jails

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 258709] lang/mono6.8: cert-sync doesn"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 18 Oct 2021 16:27:56 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258709

--- Comment #5 from Misso Works <missoline@protonmail.com> ---
I have identified where the problem is. Basically, certificates are stored in
the folder Environment.SpecialFolder.CommonApplicationData/.mono/certs as per
[0]. However the path of Environment.SpecialFolder.CommonApplicationData is set
to "/usr/share" (linuxism).

The mono5.10 port includes the proper patches but for some reason they haven't
been carried over to the mono6.8 port. The issue likely didn't appear earlier
as the certificates shipped by upstream were still valid. You can fix the issue
by adding the below two commands in the post-patch section of the Makefile of
the port:

post-patch:
        ${REINPLACE_CMD} -e 's|/usr/share|${PREFIX}|g' \
                ${WRKSRC}/mcs/class/corlib/System/Environment.cs \
               
${WRKSRC}/external/corefx/src/System.Runtime.Extensions/src/System/Environment.Unix.cs
        ${REINPLACE_CMD} -e 's|/usr/share/.mono|${PREFIX}/share/mono|g' \
                ${WRKSRC}/man/mono-configuration-crypto.1 \
                ${WRKSRC}/man/mono.1 \
                ${WRKSRC}/man/mozroots.1

I am not sure why these changes have been implemented as post-patches instead
of regular patch files, the maintainer may simply have run out of time at the
time.

The first command replaces "/usr/share" with /usr/local/ in the source files
mcs/class/corlib/System.Environment.cs and
external/corefx/src/System.Runtime.Extensions/src/System.Environment.Unix.

The second command replaces /usr/share/.mono with /usr/local/share/mono for a
couple of man files. With regards to replacing "/usr/share/.mono" with
"/usr/local/mono" there is also a need to copy over the following patch files
from the 5.10 ports:

-
patch-mcs_class_Mono.Security_Mono.Security.Cryptography_KeyPairPersistence.cs 
      - patch-mcs_class_Mono.Security_Mono.Security.X509_X509StoreManager.cs
-
patch-mcs_tools_mono-configuration-crypto_lib_Mono.Configuration.Crypto_KeyContainerCollection.cs 

These files directly relate to the certificate manager so applying these
patches is important. Then build from source and cert-sync should work as
expected. At do not have access to a proper FreeBSD lab at the minute to
implement it and propose clean files, but wanted to throw this here in the
meantime in case this helps someone being stuck.

-- 
You are receiving this mail because:
You are the assignee for the bug.