mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-04 23:22:22 +01:00
4ed49b4dcb
This setup will add the trusted certificates from the Mozilla NSS bundle to base. This commit includes: - CAROOT option to opt out of installation of certs - mtree amendments for final destinations - infrastructure to fetch/update certs, along with instructions A follow-up commit will add a certctl(8) utility to give the user control over trust specifics. Another follow-up commit will actually commit the initial result of updatecerts. This work was done primarily by allanjude@, with minor contributions by myself. No objection from: secteam Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16856
42 lines
949 B
Makefile
42 lines
949 B
Makefile
# $FreeBSD$
|
|
|
|
.include <src.opts.mk>
|
|
|
|
SUBDIR= lib .WAIT \
|
|
libexec usr.bin usr.sbin
|
|
SUBDIR_PARALLEL=
|
|
|
|
SUBDIR.${MK_TESTS}+= tests
|
|
|
|
SUBDIR.${MK_CAROOT}+= caroot
|
|
|
|
# These are the programs which depend on crypto, but not Kerberos.
|
|
SPROGS= lib/libfetch lib/libpam lib/libradius lib/libtelnet \
|
|
bin/ed libexec/telnetd usr.bin/fetch usr.bin/telnet \
|
|
usr.sbin/ppp usr.sbin/tcpdump/tcpdump
|
|
.if ${MK_SENDMAIL} != "no"
|
|
SPROGS+=usr.sbin/sendmail
|
|
.endif
|
|
|
|
# This target is used to rebuild these programs with crypto.
|
|
secure: .MAKE .PHONY
|
|
.for entry in ${SPROGS}
|
|
cd ${.CURDIR:H}/${entry}; \
|
|
${MAKE} cleandir; \
|
|
${MAKE} obj; \
|
|
${MAKE} all; \
|
|
${MAKE} install
|
|
.endfor
|
|
|
|
# This target is used to rebuild these programs without crypto.
|
|
insecure: .MAKE .PHONY
|
|
.for entry in ${SPROGS}
|
|
cd ${.CURDIR:H}/${entry}; \
|
|
${MAKE} MK_CRYPT=no cleandir; \
|
|
${MAKE} MK_CRYPT=no obj; \
|
|
${MAKE} MK_CRYPT=no all; \
|
|
${MAKE} MK_CRYPT=no install
|
|
.endfor
|
|
|
|
.include <bsd.subdir.mk>
|