certctl: Add an option to copy files.
ClosedPublic
Actions

Authored by des on Jul 17 2025, 2:26 PM.

Details

Reviewers

Commits

rG986c43bd80e7: certctl: Add an option to copy files.
rG92b9f43c788d: certctl: Add an option to copy files.

Summary

This is slower than linking but is the only method that works for all
cases, including running certctl from outside a jail that does not
contain the raw certificate data.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

des created this revision.Jul 17 2025, 2:26 PM

Herald added subscribers: ziaee, imp. · View Herald TranscriptJul 17 2025, 2:26 PM

des requested review of this revision.Jul 17 2025, 2:26 PM

Harbormaster completed remote builds in B65515: Diff 158667.Jul 17 2025, 2:26 PM

des mentioned this in D42095: release: Let caroot depend on certctl, not vice versa..Jul 17 2025, 2:26 PM

ivy added a subscriber: ivy.Jul 17 2025, 2:44 PM

Looks good. What would happen if someone copies the certs and then later links them - will the copies be removed and replaced with links?

This revision is now accepted and ready to land.Jul 17 2025, 3:50 PM

In D51373#1173281, @dfr wrote:

Looks good. What would happen if someone copies the certs and then later links them - will the copies be removed and replaced with links?

Yes, certctl always starts out by emptying the hash directory.

Closed by commit rG92b9f43c788d: certctl: Add an option to copy files. (authored by des). · Explain WhyJul 17 2025, 6:15 PM

This revision was automatically updated to reflect the committed changes.

des added a commit: rG92b9f43c788d: certctl: Add an option to copy files..

des added a commit: rG986c43bd80e7: certctl: Add an option to copy files..Jul 24 2025, 1:03 PM