"J. Lewis Muir" <jlmuir%imca-cat.org@localhost> writes: > But what I don't understand is that mozilla-rootcerts.sh also has: > > certdir="/etc/ssl/certs" > conffile="/etc/openssl/openssl.cnf" > destdir= > > Those don't get substituted with the SUBST framework. SSLDIR and > others are substituted, but certdir and conffile are *not* substituted, > and that's what I'm asking about. For mozilla-rootcerts.sh's install > subcommand, it writes to $destdir$certdir/ca-certificates.crt. > Since certdir is not substituted, it will *always* write to > /etc/ssl/certs/ca-certificates.crt. Is that right, and if so, could > someone explain why? That is not right and I fixed it. It may need further fixes. > For my setup on macOS Sierra, USE_BUILTIN.openssl=no and > PKG_SYSCONFDIR=/opt/pkg/etc, so I get SSLDIR=/opt/pkg/etc/openssl/certs. > When I run "mozilla-rootcerts install" as suggested in MESSAGE, I get > the .pem files extracted to /opt/pkg/etc/openssl/certs (which makes > sense to me), but (this is the part I don't understand) I also get the > concatenation of those .pem files written to ca-certificates.crt in > /etc/ssl/certs. I don't understand /etc/ssl/certs at all. > I would have expected to see something like this in mozilla-rootcerts.sh > instead (with an appropriate SUBST framework substitution for > @PKG_SYSCONFDIR@ configured in the Makefile): > > certdir="@PKG_SYSCONFDIR@/ssl/certs" > conffile="@PKG_SYSCONFDIR@/openssl/openssl.cnf" > destdir= > > What am I missing about how all this works? You are 99% right, I think. But, the certdir should not be PKG_SYSCONFDIR, since it could be from the base system. I have tried to subsitute it appropriately; please have a look and comment.
Attachment:
signature.asc
Description: PGP signature