HardenedBSD/secure
Kyle Evans fbd46fe94a pkgbase: fix caroot packaging and add post-install script
The original intention for caroot was to be packaged separately, perhaps so
that users can have a more/less conservative upgrade policy for this
separated from the rest of base.

secure/caroot/Makefile doesn't have anything interesting to package, but its
subdirectories might. Move the PACKAGE= to Makefile.inc so both blacklisted
and trusted get packaged consistently into the correct one rather than the
default -utilities. Also tag the directories for package=caroot, as they
could also be empty; blacklisted is empty by default, but trusted is not.

Add a post-install script to do certctl rehash, along with a note should we
eventually come up with a way to detect that files have been added or
removed that requires a rehash.

-caroot gets a dependency on -utilities, as that's where we provide certctl
at the moment. We can perhaps reconsider this and put certctl into this
package in the future, but there are some bits within -utilities that
unconditionally invoke certctl so let's hold off for now.

Reviewed by:	manu (earlier version, before -utilities dep added)
Differential Revision:	https://reviews.freebsd.org/D23352
2020-01-29 18:47:08 +00:00
..
caroot pkgbase: fix caroot packaging and add post-install script 2020-01-29 18:47:08 +00:00
lib Install man5 and man7 for OpenSSL. 2020-01-22 01:15:57 +00:00
libexec
tests
usr.bin Update Makefile.depend files 2019-12-11 17:37:53 +00:00
usr.sbin Update Makefile.depend files 2019-12-11 17:37:53 +00:00
Makefile [1/3] Initial infrastructure for SSL root bundle in base 2019-10-02 01:05:29 +00:00
Makefile.inc