Page MenuHomeFreeBSD
Differential D47908

security/ca_root_nss: handle bundle links consistently for ETCSYMLINK
Needs RevisionPublic
Actions

Authored by franco_opnsense.org on Dec 4 2024, 12:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jan 21, 8:42 PM
Unknown Object (File)
Thu, Dec 26, 12:48 PM
Unknown Object (File)
Thu, Dec 26, 12:06 PM
Unknown Object (File)
Thu, Dec 26, 5:05 AM
Unknown Object (File)
Wed, Dec 25, 7:37 AM
Unknown Object (File)
Dec 18 2024, 12:49 PM
Unknown Object (File)
Dec 9 2024, 1:13 PM
Subscribers
des

Details

Reviewers
des
Group Reviewers
portmgr
Ports Committers
ports secteam
Summary

/usr/local/openssl/cert.pem is the default location for security/openssl
so it should be handled just like /etc/ssl/cert.pem base OpenSSL. To
avoid having samples and copies with differing contents point both files
to the actual /usr/local/etc/ssl/cert.pem created by the sample. If users
have set their own content that is likely intended and should be enforced
across all three files.

PR: 283161

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 61233
Build 58117: arc lint + arc unit

Event Timeline

franco_opnsense.org requested review of this revision.Dec 4 2024, 12:39 PM
franco_opnsense.org created this revision.
Harbormaster completed remote builds in B60951: Diff 147466.Dec 4 2024, 12:39 PM
fernape added reviewers: portmgr, Ports Committers, ports secteam.Dec 11 2024, 6:54 PM
franco_opnsense.org updated this revision to Diff 148190.Dec 18 2024, 12:49 PM

change summary

Harbormaster completed remote builds in B61233: Diff 148190.Dec 18 2024, 12:49 PM
franco_opnsense.org edited the summary of this revision. (Show Details)Dec 18 2024, 12:50 PM
des requested changes to this revision.Dec 20 2024, 5:02 PM
des added a subscriber: des.
des added inline comments.
security/ca_root_nss/Makefile
53

This doesn't look right...

This revision now requires changes to proceed.Dec 20 2024, 5:02 PM
franco_opnsense.org added inline comments.Dec 20 2024, 7:08 PM
security/ca_root_nss/Makefile
53

Can you be specific.

# diff -u /usr/local/etc/ssl/cert.pem{,.sample}
# ls -lah /etc/ssl/cert.pem
lrwxr-xr-x  1 root wheel   32B Dec 20 19:01 /etc/ssl/cert.pem -> ../../usr/local/etc/ssl/cert.pem
# ls -lah /usr/local/openssl/cert.pem
lrwxr-xr-x  1 root wheel   19B Dec 20 19:01 /usr/local/openssl/cert.pem -> ../etc/ssl/cert.pem
# ls -lah /usr/local/etc/ssl/cert.pem
-rw-r--r--  1 root wheel  774K Dec 20 19:01 /usr/local/etc/ssl/cert.pem
# md5 /etc/ssl/cert.pem
MD5 (/etc/ssl/cert.pem) = 5114bb207368fb4f8afb93275db6bf37
# md5 /usr/local/etc/ssl/cert.pem
MD5 (/usr/local/etc/ssl/cert.pem) = 5114bb207368fb4f8afb93275db6bf37
# md5 /usr/local/etc/ssl/cert.pem.sample 
MD5 (/usr/local/etc/ssl/cert.pem.sample) = 5114bb207368fb4f8afb93275db6bf37
# md5 /usr/local/openssl/cert.pem
MD5 (/usr/local/openssl/cert.pem) = 5114bb207368fb4f8afb93275db6bf37
franco_opnsense.org added a comment.Wed, Jan 8, 8:45 AM

@des did you find the time to make a technical assessment? thanks!

Revision Contents
Changeset List

PathSize
security/
ca_root_nss/
8 lines
2 lines

Diff 148190

View Options

security/ca_root_nss/Makefile

Loading...
View Options

security/ca_root_nss/pkg-plist

Loading...