From 7e45839aca7157a73b0309e8cf4cb811d2cb5512 Mon Sep 17 00:00:00 2001 From: Jessica Clarke Date: Thu, 14 Jul 2022 01:25:50 +0100 Subject: [PATCH] Makefile.inc1: Fix -DNO_ROOT distributeworld certctl usage Currently for distributeworld we pass DESTDIR to certctl.sh as an environment variable, which sets the default value in the script. However, for -DNO_ROOT builds, CERTCTLFLAGS has METALOG_INSTALLFLAGS which includes -D ${DESTDIR}, overriding the custom DESTDIR pointing at the base dist directory. Moreover, in order to ensure that the METALOG includes the base/ prefix for all the files, we need to have certctl call install with -D set to DESTDIR/DISTDIR without the /base suffix but also ensure the files get installed to DESTDIR/DISTDIR/base. Fix these by passing the custom DESTDIR to certctl via -D rather than in the environment and to pass the /base suffix in the distributeworld case via the newly-added -d option. We also need to run certctl rehash before we generate the .meta files from the METALOG, not after, otherwise they won't include the METALOG additions, so move the certctl rehash call. Finally, add a missing semicolon that results in no message being printed in the missing openssl case. By not including the semicolon, else echo "..." is treated as extra arguments to certctl, which is lax in its argument parsing and ignores additional arguments, and the semicolon and fi after the intended echo terminate the if statement as normal so there's no syntax error at the shell level. This is harmless as we weren't trying to do anything other than echo anyway, all that happens is the echo doesn't actually get run. Reported by: markj (missing semicolon) Reviewed by: brooks, kevans Obtained from: CheriBSD MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D35809 --- Makefile.inc1 | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/Makefile.inc1 b/Makefile.inc1 index c384267b0ad..1b3471bb143 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -948,10 +948,12 @@ IMAKE_INSTALL= INSTALL="${INSTALL_CMD} ${INSTALLFLAGS}" IMAKE_MTREE= MTREE_CMD="${MTREE_CMD} ${MTREEFLAGS}" .endif .if make(distributeworld) -CERTCTLDESTDIR= ${DESTDIR}/${DISTDIR}/base +CERTCTLDESTDIR= ${DESTDIR}/${DISTDIR} +CERTCTLFLAGS+= -d /base .else CERTCTLDESTDIR= ${DESTDIR} .endif +CERTCTLFLAGS+= -D "${CERTCTLDESTDIR}" DESTDIR_MTREEFLAGS= -deU # When creating worldtmp we don't need to set the directories as owned by root @@ -1443,6 +1445,14 @@ distributeworld installworld stageworld: _installcheck_world .PHONY .endif # make(distributeworld) ${_+_}cd ${.CURDIR}; ${IMAKE} re${.TARGET:S/world$//}; \ ${IMAKEENV} rm -rf ${INSTALLTMP} +.if !make(packageworld) && ${MK_CAROOT} != "no" + @if which openssl>/dev/null; then \ + PATH=${TMPPATH}:${PATH} \ + sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCTLFLAGS} rehash; \ + else \ + echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \ + fi +.endif .if make(distributeworld) .for dist in ${EXTRA_DISTRIBUTIONS} find ${DESTDIR}/${DISTDIR}/${dist} -mindepth 1 -type d -empty -delete @@ -1470,14 +1480,6 @@ distributeworld installworld stageworld: _installcheck_world .PHONY .endfor .endif .endif # make(distributeworld) -.if !make(packageworld) && ${MK_CAROOT} != "no" - @if which openssl>/dev/null; then \ - DESTDIR=${CERTCTLDESTDIR} PATH=${TMPPATH}:${PATH} \ - sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCTLFLAGS} rehash \ - else \ - echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \ - fi -.endif packageworld: .PHONY .for dist in base ${EXTRA_DISTRIBUTIONS} -- 2.45.2