#
e9ac4169 |
| 15-Jul-2024 |
Warner Losh <imp@FreeBSD.org> |
Remove residual blank line at start of Makefile
This is a residual of the $FreeBSD$ removal.
MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix
|
Revision tags: release/14.1.0, release/13.3.0, release/14.0.0 |
|
#
d0b2dbfa |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0 |
|
#
64e6e1e4 |
| 18-Jun-2021 |
Ceri Davies <ceri@FreeBSD.org> |
secure/caroot, certctl: Rename secure/caroot/blacklisted
Old certctl commands still work for compatability, but are deprecated.
Approved by: secteam (gordon) Differential Revision: https://reviews.
secure/caroot, certctl: Rename secure/caroot/blacklisted
Old certctl commands still work for compatability, but are deprecated.
Approved by: secteam (gordon) Differential Revision: https://reviews.freebsd.org/D30807
show more ...
|
Revision tags: release/13.0.0, release/12.2.0, release/11.4.0 |
|
#
bb1d0df5 |
| 29-Jan-2020 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r357179 through r357269.
|
#
fbd46fe9 |
| 29-Jan-2020 |
Kyle Evans <kevans@FreeBSD.org> |
pkgbase: fix caroot packaging and add post-install script
The original intention for caroot was to be packaged separately, perhaps so that users can have a more/less conservative upgrade policy for
pkgbase: fix caroot packaging and add post-install script
The original intention for caroot was to be packaged separately, perhaps so that users can have a more/less conservative upgrade policy for this separated from the rest of base.
secure/caroot/Makefile doesn't have anything interesting to package, but its subdirectories might. Move the PACKAGE= to Makefile.inc so both blacklisted and trusted get packaged consistently into the correct one rather than the default -utilities. Also tag the directories for package=caroot, as they could also be empty; blacklisted is empty by default, but trusted is not.
Add a post-install script to do certctl rehash, along with a note should we eventually come up with a way to detect that files have been added or removed that requires a rehash.
-caroot gets a dependency on -utilities, as that's where we provide certctl at the moment. We can perhaps reconsider this and put certctl into this package in the future, but there are some bits within -utilities that unconditionally invoke certctl so let's hold off for now.
Reviewed by: manu (earlier version, before -utilities dep added) Differential Revision: https://reviews.freebsd.org/D23352
show more ...
|
#
051669e8 |
| 25-Jan-2020 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r356931 through r357118.
|
#
0428b669 |
| 24-Jan-2020 |
Kyle Evans <kevans@FreeBSD.org> |
caroot: use bsd.obj.mk, not bsd.prog.mk
This directory stages certdata into .OBJDIR and processes it, but does not actually build a prog-shaped object; bsd.obj.mk provides the minimal support that w
caroot: use bsd.obj.mk, not bsd.prog.mk
This directory stages certdata into .OBJDIR and processes it, but does not actually build a prog-shaped object; bsd.obj.mk provides the minimal support that we actually need, an .OBJDIR and descent into subdirs. This is admittedly the nittiest of nits.
show more ...
|
Revision tags: release/12.1.0 |
|
#
8b3bc70a |
| 08-Oct-2019 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r352764 through r353315.
|
#
f27f39db |
| 02-Oct-2019 |
Kyle Evans <kevans@FreeBSD.org> |
[1/3] Initial infrastructure for SSL root bundle in base
This setup will add the trusted certificates from the Mozilla NSS bundle to base.
This commit includes: - CAROOT option to opt out of instal
[1/3] Initial infrastructure for SSL root bundle in base
This setup will add the trusted certificates from the Mozilla NSS bundle to base.
This commit includes: - CAROOT option to opt out of installation of certs - mtree amendments for final destinations - infrastructure to fetch/update certs, along with instructions
A follow-up commit will add a certctl(8) utility to give the user control over trust specifics. Another follow-up commit will actually commit the initial result of updatecerts.
This work was done primarily by allanjude@, with minor contributions by myself.
No objection from: secteam Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16856
show more ...
|