certctl: Add an option to copy files.
ClosedPublic
Actions

Authored by des on Jul 17 2025, 2:26 PM.

Details

Reviewers

Commits

rG986c43bd80e7: certctl: Add an option to copy files.
rG92b9f43c788d: certctl: Add an option to copy files.

Summary

This is slower than linking but is the only method that works for all
cases, including running certctl from outside a jail that does not
contain the raw certificate data.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 65515
Build 62398: arc lint + arc unit

Event Timeline

des created this revision.Jul 17 2025, 2:26 PM

Herald added subscribers: ziaee, imp. · View Herald TranscriptJul 17 2025, 2:26 PM

des requested review of this revision.Jul 17 2025, 2:26 PM

Harbormaster completed remote builds in B65515: Diff 158667.Jul 17 2025, 2:26 PM

des mentioned this in D42095: release: Let caroot depend on certctl, not vice versa..Jul 17 2025, 2:26 PM

ivy added a subscriber: ivy.Jul 17 2025, 2:44 PM

Looks good. What would happen if someone copies the certs and then later links them - will the copies be removed and replaced with links?

This revision is now accepted and ready to land.Jul 17 2025, 3:50 PM

In D51373#1173281, @dfr wrote:

Looks good. What would happen if someone copies the certs and then later links them - will the copies be removed and replaced with links?

Yes, certctl always starts out by emptying the hash directory.

Closed by commit rG92b9f43c788d: certctl: Add an option to copy files. (authored by des). · Explain WhyJul 17 2025, 6:15 PM

This revision was automatically updated to reflect the committed changes.

des added a commit: rG92b9f43c788d: certctl: Add an option to copy files..

des added a commit: rG986c43bd80e7: certctl: Add an option to copy files..Jul 24 2025, 1:03 PM