freebsd-update complains about changed files: /etc/ssl/certs/0179095f.0

From: Ronald Klop <ronald-lists_at_klop.ws>
Date: Thu, 07 Dec 2023 10:35:52 UTC
Hi,

I have the problem from the forwarded mail below at several installs when I use freebsd-update.
The interesting part is that /etc/ssl/certs/ contains files.

Plain certctl rehash does not solve it.
But "rm /etc/ssl/certs/*; certctl rehash" ends up with all files in /etc/ssl/certs becoming symlinks and the problem is gone.
/etc/ssl/certs/002c0b4f.0 -> ../../../usr/share/certs/trusted/GlobalSign_Root_R46.pem

Maybe I installed my jails in a wrong way so I got files instead of symlinks in /etc/ssl/certs.

Anyway.
What is supposed to be in /etc/ssl/certs? Files or symlinks?

If somebody has a thought about this I'm interested.
Otherwise it is just a data point in the mailinglist for somebody else with this problem to find a solution.

NB: I also found older mention of this on the FreeBSD forums.
https://forums.freebsd.org/threads/getting-the-latest-files-that-were-not-downloaded-during-upgrade.78973/

Regards,
Ronald.

 
Van: zzzzz@xxxxx.yy
Datum: donderdag, 7 december 2023 00:23
Aan: root
Onderwerp: rpi4 security updates
> 
> Looking up update.FreeBSD.org mirrors... 3 mirrors found.
> Fetching metadata signature for 13.2-RELEASE from update2.freebsd.org... done.
> Fetching metadata index... done.
> Inspecting system... done.
> Preparing to download files... done.
> The following files are affected by updates. No changes have
> been downloaded, however, because the files have been modified
> locally:
> /etc/ssl/certs/0179095f.0
> /etc/ssl/certs/08063a00.0
> /etc/ssl/certs/0b9bc432.0
> /etc/ssl/certs/3e359ba6.0
> /etc/ssl/certs/5860aaa6.0
> /etc/ssl/certs/5931b5bc.0
> /etc/ssl/certs/5a7722fb.0
> /etc/ssl/certs/66445960.0
> /etc/ssl/certs/7a3adc42.0
> /etc/ssl/certs/7a780d93.0
> /etc/ssl/certs/8508e720.0
> /etc/ssl/certs/8f103249.0
> /etc/ssl/certs/90c5a3c8.0
> /etc/ssl/certs/9846683b.0
> /etc/ssl/certs/9ef4a08a.0
> /etc/ssl/certs/9f727ac7.0
> /etc/ssl/certs/d52c538d.0
> /etc/ssl/certs/ecccd8db.0
> /etc/ssl/certs/ed858448.0
> /etc/ssl/certs/fd64f3fc.0
> The following files will be updated as part of updating to
> 13.2-RELEASE-p7:
> /usr/share/certs/trusted/BJCA_Global_Root_CA1.pem
> /usr/share/certs/trusted/BJCA_Global_Root_CA2.pem
> /usr/share/certs/trusted/Certainly_Root_E1.pem
> /usr/share/certs/trusted/Certainly_Root_R1.pem
> /usr/share/certs/trusted/D-TRUST_BR_Root_CA_1_2020.pem
> /usr/share/certs/trusted/D-TRUST_EV_Root_CA_1_2020.pem
> /usr/share/certs/trusted/DigiCert_TLS_ECC_P384_Root_G5.pem
> /usr/share/certs/trusted/DigiCert_TLS_RSA4096_Root_G5.pem
> /usr/share/certs/trusted/E-Tugra_Global_Root_CA_ECC_v3.pem
> /usr/share/certs/trusted/E-Tugra_Global_Root_CA_RSA_v3.pem
> /usr/share/certs/trusted/HARICA_TLS_ECC_Root_CA_2021.pem
> /usr/share/certs/trusted/HARICA_TLS_RSA_Root_CA_2021.pem
> /usr/share/certs/trusted/HiPKI_Root_CA_-_G1.pem
> /usr/share/certs/trusted/ISRG_Root_X2.pem
> /usr/share/certs/trusted/Security_Communication_ECC_RootCA1.pem
> /usr/share/certs/trusted/Security_Communication_RootCA3.pem
> /usr/share/certs/trusted/Telia_Root_CA_v2.pem
> /usr/share/certs/trusted/TunTrust_Root_CA.pem
> /usr/share/certs/trusted/vTrus_ECC_Root_CA.pem
> /usr/share/certs/trusted/vTrus_Root_CA.pem
> 
> 
>