[Bug 272816] pkgbase: caroot and openssl packages need reorganising

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272816

--- Comment #2 from dfr@rabson.org ---
In my (admittedly specialised) example, I'm installing FreeBSD-caroot into an
empty directory using 'pkg --rootdir' (actually not quite empty - I use mtree
to create a directory structure). In this usage, pkg runs the host certctl with
a DESTDIR env var to tell it what to work on. This also pulls in
FreeBSD-openssl as an explict dependency added by generate-ucl.sh and
FreeBSD-clibs, probably as an implicit dependency from FreeBSD-openssl. While
the resulting image does contain the certctl script, it doesn't work since the
image doesn't have /bin/sh.

What I'm proposing is to split out the certificate data from caroot e.g. into
FreeBSD-certificates which caroot would explicitly depend on. For my image
building I can install FreeBSD-certificates and then run certctl manually to
create the required structure. This is enough to build a suitable image for
statically linked workloads.

Splitting the libraries out from FreeBSD-openssl is straightforward and will
let me build a similar image for dynamically linked workloads without having to
add the openssl binary.

I'll hack on this a little today and see if this works out.

-- 
You are receiving this mail because:
You are the assignee for the bug.