From nobody Mon Jul 31 07:29:25 2023 X-Original-To: pkgbase@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RDqd90jYQz4ptYN for ; Mon, 31 Jul 2023 07:29:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RDqck55N2z3NTt for ; Mon, 31 Jul 2023 07:29:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690788567; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4FfsddKJGiU/kfc5OCP5NF5QhIu6iXOuqkHjToW9yPo=; b=Nr6wvMNxY2nffaqr4LqY1u7Leqd4xxplDmhwRiyVQJxNTXjEMkr7qI37PoKWZ3qYcfHkOY Z+PPpTQazy5derTn+UHF/mm4zPWjl8mZEu4xvi8daQfxaNTCJXRJmgAdfUzHBJcCv+3+De 6Ms0/fsrYrjQe9YU6VMkiJdXhGV4wHwTGHYZMfyfKWSkagzLhwi5Wy688GNnBcPRALxmEr 9RktZSnitSr2KG7NH6KjKy4snyCrH8AoTD88rct4h1hMB7fJOH2qBRfeJUr19Z3f7GmFZj r0cvPbL2RxEh5BQdcRxw6OgYw/FGPhLGYJ7gmGEMHLe/tVf68LAYAVkTBc8NZw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1690788567; a=rsa-sha256; cv=none; b=ToMDdZeRW/+cMTXDqU/TKDYg1agDEMQsUvWHDIxXpH1BztHeqvYN2Gmgf7OyckGaGTzOFE NnFrtf4HqASg7WyWf1ZFXfgGbq/uZmapuxvVVXoWiXKmDq0HouRBGgpAw34iocNHOf/7HO mL4z3vfigtUAAyQ34WnFvFRehHmH+J+ImqbXsxXW3dlLBqWyyNq9diPZfUamnYDCyVO0Pp btKuQhJ5B8EpL/YkNX0I3tpzFaHifDzq+xF/QaNMiAylZ5veCq4j/9ez8zrU9yPzISk4ux edQI7PPdw5/MLBw3aPlhHA9o/QKj3R3mBGGC+Y1SxgB/40Q3zYt0bBZEYozdnw== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RDqcj4YLMzmjy for ; Mon, 31 Jul 2023 07:29:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 36V7TPJc070326 for ; Mon, 31 Jul 2023 07:29:25 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 36V7TPtf070325 for pkgbase@FreeBSD.org; Mon, 31 Jul 2023 07:29:25 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pkgbase@FreeBSD.org Subject: [Bug 272816] pkgbase: caroot and openssl packages need reorganising Date: Mon, 31 Jul 2023 07:29:25 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 13.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dfr@rabson.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pkgbase@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Packaging the FreeBSD base system List-Archive: https://lists.freebsd.org/archives/freebsd-pkgbase List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkgbase@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272816 --- Comment #2 from dfr@rabson.org --- In my (admittedly specialised) example, I'm installing FreeBSD-caroot into = an empty directory using 'pkg --rootdir' (actually not quite empty - I use mtr= ee to create a directory structure). In this usage, pkg runs the host certctl = with a DESTDIR env var to tell it what to work on. This also pulls in FreeBSD-openssl as an explict dependency added by generate-ucl.sh and FreeBSD-clibs, probably as an implicit dependency from FreeBSD-openssl. Whi= le the resulting image does contain the certctl script, it doesn't work since = the image doesn't have /bin/sh. What I'm proposing is to split out the certificate data from caroot e.g. in= to FreeBSD-certificates which caroot would explicitly depend on. For my image building I can install FreeBSD-certificates and then run certctl manually to create the required structure. This is enough to build a suitable image for statically linked workloads. Splitting the libraries out from FreeBSD-openssl is straightforward and will let me build a similar image for dynamically linked workloads without havin= g to add the openssl binary. I'll hack on this a little today and see if this works out. --=20 You are receiving this mail because: You are the assignee for the bug.=