CVS commit: src

["Taylor R Campbell" <riastradh%netbsd.org@localhost>]

Module Name:    src
Committed By:   riastradh
Date:           Mon Aug 28 22:25:50 UTC 2023

Modified Files:
        src: UPDATING
        src/tests/usr.sbin/certctl: t_certctl.sh
        src/usr.sbin/certctl: certctl.sh

Log Message:
certctl(8): Avoid clobbering prepopulated /etc/openssl/certs.

Also avoid clobbering some other edge cases like symlinks or
non-directories there.

This way, we have the following transitions on system updates:

- If /etc/openssl/certs is empty (as in default NetBSD<10 installs):
  quietly populated on rehash.

- If /etc/openssl/certs is nonempty (you've added things to it,
  e.g. by hand or with mozilla-rootcerts) and has never been managed
  by certctl(8): left alone on rehash, with an error message to
  explain what you need to do.

- If /etc/openssl/certs has been managed by certctl(8): quietly
  updated on rehash.

Note: This means current installations made since certctl(8) was
added will be treated like /etc/openssl/certs is nonempty and has
never been managed by certctl(8).  To work around this, you can just
delete /etc/openssl/certs and rerun `certctl rehash'.


To generate a diff of this commit:
cvs rdiff -u -r1.342 -r1.343 src/UPDATING
cvs rdiff -u -r1.4 -r1.5 src/tests/usr.sbin/certctl/t_certctl.sh
cvs rdiff -u -r1.2 -r1.3 src/usr.sbin/certctl/certctl.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.