History log of /freebsd/secure/caroot/Makefile (Results 1 – 9 of 9)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# e9ac4169 15-Jul-2024 Warner Losh <imp@FreeBSD.org>

Remove residual blank line at start of Makefile

This is a residual of the $FreeBSD$ removal.

MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix


Revision tags: release/14.1.0, release/13.3.0, release/14.0.0
# d0b2dbfa 16-Aug-2023 Warner Losh <imp@FreeBSD.org>

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/


Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0
# 64e6e1e4 18-Jun-2021 Ceri Davies <ceri@FreeBSD.org>

secure/caroot, certctl: Rename secure/caroot/blacklisted

Old certctl commands still work for compatability, but are deprecated.

Approved by: secteam (gordon)
Differential Revision: https://reviews.

secure/caroot, certctl: Rename secure/caroot/blacklisted

Old certctl commands still work for compatability, but are deprecated.

Approved by: secteam (gordon)
Differential Revision: https://reviews.freebsd.org/D30807

show more ...


Revision tags: release/13.0.0, release/12.2.0, release/11.4.0
# bb1d0df5 29-Jan-2020 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r357179 through r357269.


# fbd46fe9 29-Jan-2020 Kyle Evans <kevans@FreeBSD.org>

pkgbase: fix caroot packaging and add post-install script

The original intention for caroot was to be packaged separately, perhaps so
that users can have a more/less conservative upgrade policy for

pkgbase: fix caroot packaging and add post-install script

The original intention for caroot was to be packaged separately, perhaps so
that users can have a more/less conservative upgrade policy for this
separated from the rest of base.

secure/caroot/Makefile doesn't have anything interesting to package, but its
subdirectories might. Move the PACKAGE= to Makefile.inc so both blacklisted
and trusted get packaged consistently into the correct one rather than the
default -utilities. Also tag the directories for package=caroot, as they
could also be empty; blacklisted is empty by default, but trusted is not.

Add a post-install script to do certctl rehash, along with a note should we
eventually come up with a way to detect that files have been added or
removed that requires a rehash.

-caroot gets a dependency on -utilities, as that's where we provide certctl
at the moment. We can perhaps reconsider this and put certctl into this
package in the future, but there are some bits within -utilities that
unconditionally invoke certctl so let's hold off for now.

Reviewed by: manu (earlier version, before -utilities dep added)
Differential Revision: https://reviews.freebsd.org/D23352

show more ...


# 051669e8 25-Jan-2020 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r356931 through r357118.


# 0428b669 24-Jan-2020 Kyle Evans <kevans@FreeBSD.org>

caroot: use bsd.obj.mk, not bsd.prog.mk

This directory stages certdata into .OBJDIR and processes it, but does not
actually build a prog-shaped object; bsd.obj.mk provides the minimal support
that w

caroot: use bsd.obj.mk, not bsd.prog.mk

This directory stages certdata into .OBJDIR and processes it, but does not
actually build a prog-shaped object; bsd.obj.mk provides the minimal support
that we actually need, an .OBJDIR and descent into subdirs. This is
admittedly the nittiest of nits.

show more ...


Revision tags: release/12.1.0
# 8b3bc70a 08-Oct-2019 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r352764 through r353315.


# f27f39db 02-Oct-2019 Kyle Evans <kevans@FreeBSD.org>

[1/3] Initial infrastructure for SSL root bundle in base

This setup will add the trusted certificates from the Mozilla NSS bundle
to base.

This commit includes:
- CAROOT option to opt out of instal

[1/3] Initial infrastructure for SSL root bundle in base

This setup will add the trusted certificates from the Mozilla NSS bundle
to base.

This commit includes:
- CAROOT option to opt out of installation of certs
- mtree amendments for final destinations
- infrastructure to fetch/update certs, along with instructions

A follow-up commit will add a certctl(8) utility to give the user control
over trust specifics. Another follow-up commit will actually commit the
initial result of updatecerts.

This work was done primarily by allanjude@, with minor contributions by
myself.

No objection from: secteam
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D16856

show more ...