Page MenuHomeFreeBSD
Differential D52398

security/ca_root_nss: Disable ETCSYMLINK on FreeBSD 15
ClosedPublic
Actions

Authored by des on Sep 5 2025, 4:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, May 11, 7:51 PM
Unknown Object (File)
Fri, May 8, 8:26 PM
Unknown Object (File)
Mon, Apr 27, 5:29 PM
Unknown Object (File)
Apr 11 2026, 1:25 PM
Unknown Object (File)
Apr 9 2026, 9:04 PM
Unknown Object (File)
Apr 7 2026, 12:40 PM
Unknown Object (File)
Apr 6 2026, 5:39 PM
Unknown Object (File)
Mar 24 2026, 5:34 PM
View All 33 Files
Subscribers
bdrewery
fluffy

Details

Reviewers
fluffy
michaelo
Group Reviewers
ports secteam
Commits
R11:0fcd1af46685: security/ca_root_nss: Disable ETCSYMLINK on FreeBSD 15

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

des requested review of this revision.Sep 5 2025, 4:34 PM
des created this revision.
Harbormaster completed remote builds in B66845: Diff 161593.Sep 5 2025, 4:34 PM
des added a reviewer: ports secteam.Sep 5 2025, 4:34 PM
fluffy accepted this revision.Sep 5 2025, 4:57 PM
fluffy added a subscriber: fluffy.

LGTM

This revision is now accepted and ready to land.Sep 5 2025, 4:57 PM
michaelo accepted this revision.Sep 5 2025, 6:48 PM
Closed by commit R11:0fcd1af46685: security/ca_root_nss: Disable ETCSYMLINK on FreeBSD 15 (authored by des). · Explain WhySep 7 2025, 7:04 PM
This revision was automatically updated to reflect the committed changes.
des added a commit: R11:0fcd1af46685: security/ca_root_nss: Disable ETCSYMLINK on FreeBSD 15.
bdrewery added a subscriber: bdrewery.Fri, May 15, 6:04 AM

Why? I assume certctl is expected to do the right thing but it doesn't. The port was installing a symlink to /usr/local/openssl/cert.pem but now nothing lands there and node breaks.

des added a comment.Fri, May 15, 9:27 AM

That's a bug in Node then. It should be using /etc/ssl/cert.pem.

michaelo added a comment.Fri, May 15, 11:07 AM

I have worked on node a couple of months ago and verified in its codebase that it does the right thing with OpenSSL, see my ports commits. I am surprised about the finding mentioned here.

bdrewery added a comment.Fri, May 15, 3:57 PM

Even if it's a bug in node, the symlink option installs a symlink to /usr/local/openssl/cert.pem, and now the package does not do that. It's a simple hack to keep locally but there is a behavior change here that was probably not intended.

Revision Contents
Changeset List

PathSize
security/
ca_root_nss/
2 lines

Diff 161685

View Options

security/ca_root_nss/Makefile

Loading...