diff options
author | Kyle Evans <kevans@FreeBSD.org> | 2020-01-29 18:47:08 +0000 |
---|---|---|
committer | Kyle Evans <kevans@FreeBSD.org> | 2020-01-29 18:47:08 +0000 |
commit | fbd46fe94ab7de664fd396144d03d6c6b5e22c19 (patch) | |
tree | 9919c0e722e21cb778fbb40487ff98fc759da821 | |
parent | 4be465ab468ad37003826f11ad3465db5168c95d (diff) | |
download | src-fbd46fe94ab7de664fd396144d03d6c6b5e22c19.tar.gz src-fbd46fe94ab7de664fd396144d03d6c6b5e22c19.zip |
pkgbase: fix caroot packaging and add post-install script
The original intention for caroot was to be packaged separately, perhaps so
that users can have a more/less conservative upgrade policy for this
separated from the rest of base.
secure/caroot/Makefile doesn't have anything interesting to package, but its
subdirectories might. Move the PACKAGE= to Makefile.inc so both blacklisted
and trusted get packaged consistently into the correct one rather than the
default -utilities. Also tag the directories for package=caroot, as they
could also be empty; blacklisted is empty by default, but trusted is not.
Add a post-install script to do certctl rehash, along with a note should we
eventually come up with a way to detect that files have been added or
removed that requires a rehash.
-caroot gets a dependency on -utilities, as that's where we provide certctl
at the moment. We can perhaps reconsider this and put certctl into this
package in the future, but there are some bits within -utilities that
unconditionally invoke certctl so let's hold off for now.
Reviewed by: manu (earlier version, before -utilities dep added)
Differential Revision: https://reviews.freebsd.org/D23352
Notes
Notes:
svn path=/head/; revision=357264
-rw-r--r-- | etc/mtree/BSD.usr.dist | 4 | ||||
-rw-r--r-- | release/packages/caroot.ucl | 31 | ||||
-rwxr-xr-x | release/packages/generate-ucl.sh | 3 | ||||
-rw-r--r-- | secure/caroot/Makefile | 2 | ||||
-rw-r--r-- | secure/caroot/Makefile.inc | 3 |
5 files changed, 39 insertions, 4 deletions
diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist index 522bf1cd5903..5b1360066330 100644 --- a/etc/mtree/BSD.usr.dist +++ b/etc/mtree/BSD.usr.dist @@ -201,9 +201,9 @@ .. .. certs - blacklisted + blacklisted tags=package=caroot .. - trusted + trusted tags=package=caroot .. .. dict diff --git a/release/packages/caroot.ucl b/release/packages/caroot.ucl new file mode 100644 index 000000000000..923601ea0f3e --- /dev/null +++ b/release/packages/caroot.ucl @@ -0,0 +1,31 @@ +# +# $FreeBSD$ +# + +name = "FreeBSD-%PKGNAME%" +origin = "base" +version = "%VERSION%" +comment = "%COMMENT%" +categories = [ base ] +maintainer = "re@FreeBSD.org" +www = "https://www.FreeBSD.org" +prefix = "/" +licenselogic = "single" +licenses = [ BSD2CLAUSE ] +desc = <<EOD +%DESC% +EOD +deps: { + FreeBSD-%PKGDEPS%: { + origin: "base", + version: "%VERSION%" + } +} +scripts: { + # XXX If pkg picks up a mechanism to detect in the post-install script + # files being added or removed, we should use it instead to gate the + # rehash. + post-install = <<EOD + [ -x /usr/sbin/certctl ] && /usr/sbin/certctl rehash +EOD +} diff --git a/release/packages/generate-ucl.sh b/release/packages/generate-ucl.sh index bcf71e9919f6..eff7e3ab8504 100755 --- a/release/packages/generate-ucl.sh +++ b/release/packages/generate-ucl.sh @@ -34,6 +34,9 @@ main() { outname="$(echo ${outname} | tr '-' '_')" case "${outname}" in + caroot) + pkgdeps="utilities" + ;; runtime) outname="runtime" uclfile="${uclfile}" diff --git a/secure/caroot/Makefile b/secure/caroot/Makefile index 7c0831d2ac2f..50f92ecc6542 100644 --- a/secure/caroot/Makefile +++ b/secure/caroot/Makefile @@ -1,7 +1,5 @@ # $FreeBSD$ -PACKAGE= caroot - CLEANFILES+= certdata.txt SUBDIR+= trusted diff --git a/secure/caroot/Makefile.inc b/secure/caroot/Makefile.inc new file mode 100644 index 000000000000..9475e35f5854 --- /dev/null +++ b/secure/caroot/Makefile.inc @@ -0,0 +1,3 @@ +# $FreeBSD$ + +PACKAGE= caroot |