| 1cac5d57 | 28-Aug-2023 |
riastradh <riastradh@NetBSD.org> |
certctl(8): Avoid clobbering prepopulated /etc/openssl/certs.
Also avoid clobbering some other edge cases like symlinks or non-directories there.
This way, we have the following transitions on syst
certctl(8): Avoid clobbering prepopulated /etc/openssl/certs.
Also avoid clobbering some other edge cases like symlinks or non-directories there.
This way, we have the following transitions on system updates:
- If /etc/openssl/certs is empty (as in default NetBSD<10 installs): quietly populated on rehash.
- If /etc/openssl/certs is nonempty (you've added things to it, e.g. by hand or with mozilla-rootcerts) and has never been managed by certctl(8): left alone on rehash, with an error message to explain what you need to do.
- If /etc/openssl/certs has been managed by certctl(8): quietly updated on rehash.
Note: This means current installations made since certctl(8) was added will be treated like /etc/openssl/certs is nonempty and has never been managed by certctl(8). To work around this, you can just delete /etc/openssl/certs and rerun `certctl rehash'.
show more ...
|