Cross Reference: /src/tests/usr.sbin/Makefile

History log of /src/tests/usr.sbin/Makefile
Revision	Date	Author	Comments
1.9	18-Oct-2024	christos	Add a makefs test
1.8	26-Aug-2023	riastradh	branches: 1.8.2; certctl(8): New tool for managing OpenSSL CA certificates. Same command-line syntax as FreeBSD, clearer semantics about which parts are config and which parts are cache.
1.7	29-Aug-2021	christos	branches: 1.7.2; Inetd enhancements by James Browning, Gabe Coffland, Alex Gavin, Solomon Ritzow Described in: https://www.mail-archive.com/tech-userlevel@netbsd.org/msg03114.html And developed in: https://github.com/ritzow/src/pull/1 From their notes: All new functionality should be explained by the updated manpage. The manpage has been refactored a bit: A new section "Directives" has been added and the information about default hostnames and IPsec directives has been moved there, and the new file include directive information is also there. getconfigent has the most major changes. A newline is no longer read immediately, but is called only by a "goto more" (inside an if(false) block). This allows multiple definitions or directives to exist on a single line for anything that doesn't terminate using a newline. This means a key-values service definition can be followed by another key-values service definition, a positional definition, or an ipsec, hostname, or .include directive on the same line. memset is no longer used explicitly to clear the servtab structure, a function init_servtab() is used instead, which uses a C struct initializer. The servtab se_group field is its own allocation now, and not just a pointer into the user:group string. Refactored some stuff out of getconfigent to separate functions for use by parse_v2.c. These functions in inetd.c are named with the form parse_() parse_v2.c only has code for parsing a key-values service definition into a provided servtab. It should not have anything that affects global state other than line and line_number. Some function prototypes, structures, and #defines have been moved from inetd.c to inetd.h. The function config_root replaces config as the function called on a config file load/reload. The code removed from the end of config(void) is now called in config_root, so it is not run on each recursive config call. setconfig(void) was removed and its code added into config_root because that is the only place it is called, and redundant checks for non-null globals were removed because they are always freed by endconfig. The fseek code was also removed because the config files are always closed by endconfig. Rate limiting code was updated to add a per-service per-IP rate limiting form. Some of that code was refactored out of other places into functions with names in the form rl_() We have not added any of the license or version information to the new files parse_v2.c, parse_v2.h, and inetd.h and we have not updated the license or version info for inetd.c. Security related: The behavior when reading invalid IPsec strings has changed. Inetd no longer exits, it quits reading the current config file instead. Could this impact program security? We have not checked for memory leaks. Solomon tried to use dmalloc without success. getconfigent seemed to have a memory leak at each "goto more". It seems like inetd has never free'd allocated strings when throwing away erroneous service definitions during parsing (i.e. when "goto more" is called when parsing fields). OpenBSD's version calls freeconfig on "goto more" (https://github.com/openbsd/src/blob/c5eae130d6c937080c3d30d124e8c8b86db7d625/usr.sbin/inetd/inetd.c#L1049) but NetBSD only calls it when service definitions are no longer needed. This has been fixed. freeconfig is called immediately before any "goto more". There shouldn't be any time when a servtab is in an invalid state where freeconfig would break.
1.6	30-Jun-2020	jruoho	Check that DTrace's execsnoop and opensnoop work (cf. PR kern/53417).
1.5	24-Jun-2020	jruoho	Also install new tests.
1.4	19-Apr-2012	jruoho	Add a test case for PR bin/39546.
1.3	14-Apr-2012	jruoho	Add a test case for PR kern/46328 (tested naively with tcpdump(8)).
1.2	17-Mar-2012	jruoho	Deprecate tests/util.
1.1	15-Dec-2010	haad	branches: 1.1.6; Hook traceroute test case to build. it was added to lists so unbreak build now.
1.1.6.2	23-May-2012	yamt	sync with head.
1.1.6.1	17-Apr-2012	yamt	sync with head
1.7.2.1	04-Sep-2023	martin	Pull up following revision(s) (requested by riastradh in ticket #343): external/mpl/mozilla-certdata/dist/certdata.txt: revision 1.1.1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_G3.pem: revision 1.1 distrib/sets/lists/man/mi: revision 1.1764 external/mpl/mozilla-certdata/share/certs/ACCVRAIZ1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem: revision 1.1 tests/usr.sbin/certctl/certs4/DigiCert_Global_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Server_Authentication_Root_R46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Secure_Mail_Root_E45.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_Root_Certification_Authority_ECC.pem: revision 1.1 tests/usr.sbin/certctl/certs3/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem: revision 1.1 tests/usr.sbin/certctl/certs2/GTS_Root_R1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/BJCA_Global_Root_CA1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Izenpe.com.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_2.pem: revision 1.1 tests/usr.sbin/certctl/certs4/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/Global_Chambersign_Root_-_2008.pem: revision 1.1 distrib/sets/lists/etc/mi: revision 1.272 external/mpl/mozilla-certdata/share/certs/ISRG_Root_X1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TunTrust_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/D-TRUST_BR_Root_CA_1_2020.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_Root_Certification_Authority_RSA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certum_EC-384_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Security_Communication_RootCA3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/IdenTrust_Public_Sector_Root_CA_1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_EC1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SZAFIR_ROOT_CA2.pem: revision 1.1 tests/usr.sbin/certctl/t_certctl.sh: revision 1.1 external/mpl/mozilla-certdata/share/certs/UCA_Global_G2_Root.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/HARICA_Client_ECC_Root_CA_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/COMODO_ECC_Certification_Authority.pem: revision 1.1 tests/usr.sbin/certctl/t_certctl.sh: revision 1.2 tests/usr.sbin/certctl/certs1/DigiCert_Global_Root_CA.pem: revision 1.1 tests/usr.sbin/certctl/t_certctl.sh: revision 1.3 external/mpl/mozilla-certdata/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/DIGITALSIGN_GLOBAL_ROOT_RSA_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GTS_Root_R2.pem: revision 1.1 usr.sbin/certctl/certctl.sh: revision 1.1 tests/usr.sbin/certctl/t_certctl.sh: revision 1.4 external/mpl/mozilla-certdata/share/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SwissSign_Silver_CA_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Starfield_Class_2_CA.pem: revision 1.1 usr.sbin/certctl/certctl.sh: revision 1.2 tests/usr.sbin/certctl/t_certctl.sh: revision 1.5 usr.sbin/certctl/certctl.sh: revision 1.3 tests/usr.sbin/certctl/t_certctl.sh: revision 1.6 usr.sbin/certctl/certctl.sh: revision 1.4 tests/usr.sbin/certctl/t_certctl.sh: revision 1.7 external/mpl/mozilla-certdata/share/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem: revision 1.1 tests/usr.sbin/certctl/t_certctl.sh: revision 1.8 external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Server_Authentication_Root_E46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Hongkong_Post_Root_CA_3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_G4.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Security_Communication_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/ANF_Secure_Server_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Chambers_of_Commerce_Root_-_2008.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Go_Daddy_Class_2_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/USERTrust_RSA_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Trustwave_Global_ECC_P384_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certdata.awk: revision 1.1 external/mpl/mozilla-certdata/share/certs/HARICA_TLS_ECC_Root_CA_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_ECC_G2_2020.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Email_Protection_Root_R46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TrustCor_ECA-1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_ECC_Root_CA_-_R5.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_TLS_ECC_Root_CA_2022.pem: revision 1.1 usr.sbin/Makefile: revision 1.292 external/mpl/mozilla-certdata/share/certs/AffirmTrust_Premium.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/CA_Disig_Root_R2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/emSign_Root_CA_-_C1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA_-_R6.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Trusted_Root_G4.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_RSA_G2_2020.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/vTrus_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/T-TeleSec_GlobalRoot_Class_2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_R46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-2.pem: revision 1.1 etc/mtree/special: revision 1.176 external/mpl/mozilla-certdata/share/certs/USERTrust_ECC_Certification_Authority.pem: revision 1.1 etc/mtree/special: revision 1.177 etc/mtree/special: revision 1.178 external/mpl/mozilla-certdata/share/certs/AffirmTrust_Premium_ECC.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/vTrus_ECC_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_TLS_ECC_P384_Root_G5.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/NAVER_Global_Root_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/server.trust: revision 1.1 external/mpl/mozilla-certdata/share/certs/SecureTrust_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/code.trust: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_TLS_RSA_Root_CA_2022.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_4.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_TLS_RSA4096_Root_G5.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_G2.pem: revision 1.1 tests/usr.sbin/certctl/certs1/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Email_Protection_Root_E46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TWCA_Global_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_SMIME_RSA4096_Root_G5.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_Client_ECC_Root_CA_2022.pem: revision 1.1 share/man/man7/hier.7: revision 1.141 external/mpl/mozilla-certdata/share/certs/Certigna.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/certSIGN_Root_CA_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certigna_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GTS_Root_R4.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/T-TeleSec_GlobalRoot_Class_3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Telia_Root_CA_v2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_3_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/emSign_ECC_Root_CA_-_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Security_Communication_RootCA2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TWCA_Root_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Buypass_Class_2_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/emSign_ECC_Root_CA_-_C3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GTS_Root_R1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_Client_RSA_Root_CA_2022.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/HiPKI_Root_CA_-_G1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Starfield_Root_Certificate_Authority_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SwissSign_Gold_CA_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GB_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/AffirmTrust_Networking.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem: revision 1.1 tests/usr.sbin/certctl/Makefile.inc: revision 1.1 external/mpl/mozilla-certdata/share/certs/COMODO_RSA_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Network_CA_2.pem: revision 1.1 tests/usr.sbin/certctl/certs2/GlobalSign_Root_CA_-_R3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GC_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/AffirmTrust_Commercial.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Buypass_Class_3_Root_CA.pem: revision 1.1 distrib/sets/lists/tests/mi: revision 1.1292 external/mpl/mozilla-certdata/share/certs/UCA_Extended_Validation_Root.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Trustwave_Global_ECC_P256_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Network_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_2.pem: revision 1.1 external/mpl/mozilla-certdata/share/email.trust: revision 1.1 external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_2011.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/D-TRUST_EV_Root_CA_1_2020.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/ePKI_Root_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DIGITALSIGN_GLOBAL_ROOT_ECDSA_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_ECC_Root_CA_-_R4.pem: revision 1.1 tests/usr.sbin/certctl/certs2/Makefile: revision 1.1 tests/usr.sbin/Makefile: revision 1.8 external/mpl/mozilla-certdata/share/certs/Trustwave_Global_Certification_Authority.pem: revision 1.1 tests/usr.sbin/certctl/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/IdenTrust_Commercial_Root_CA_1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_SMIME_ECC_P384_Root_G5.pem: revision 1.1 tests/usr.sbin/certctl/certs1/Explicitly_Distrust_DigiNotar_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Staat_der_Nederlanden_Root_CA_-_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_3.pem: revision 1.1 external/mpl/mozilla-certdata/share/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/Makefile: revision 1.2 external/mpl/mozilla-certdata/share/certs/Microsec_e-Szigno_Root_CA_2009.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/BJCA_Global_Root_CA2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/HARICA_Client_RSA_Root_CA_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GDCA_TrustAUTH_R5_ROOT.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_3.pem: revision 1.1 tests/usr.sbin/certctl/certs4/AC_RAIZ_FNMT-RCM.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/ISRG_Root_X2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_CA_3_2013.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Microsoft_RSA_Root_Certificate_Authority_2017.pem: revision 1.1 etc/mtree/NetBSD.dist.base: revision 1.252 external/mpl/mozilla-certdata/share/certs/CFCA_EV_ROOT.pem: revision 1.1 etc/mtree/NetBSD.dist.base: revision 1.253 external/mpl/mozilla-certdata/share/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/emSign_Root_CA_-_G1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Microsoft_ECC_Root_Certificate_Authority_2017.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Explicitly_Distrust_DigiNotar_Root_CA.pem: revision 1.1 usr.sbin/certctl/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/Security_Communication_ECC_RootCA1.pem: revision 1.1 usr.sbin/certctl/Makefile: revision 1.2 usr.sbin/certctl/Makefile: revision 1.3 external/mpl/mozilla-certdata/share/certs/GTS_Root_R3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/e-Szigno_Root_CA_2017.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/certSIGN_ROOT_CA.pem: revision 1.1 doc/3RDPARTY: revision 1.1949 external/mpl/mozilla-certdata/share/certs/Certainly_Root_R1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TeliaSonera_Root_CA_v1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/HARICA_TLS_RSA_Root_CA_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/NetLock_Arany_Class_Gold.pem: revision 1.1 usr.sbin/postinstall/postinstall.in: revision 1.53 usr.sbin/postinstall/postinstall.in: revision 1.54 tests/usr.sbin/certctl/certs3/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: revision 1.1 etc/Makefile: revision 1.467 usr.sbin/postinstall/postinstall.in: revision 1.55 tests/usr.sbin/certctl/certs3/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/GLOBALTRUST_2020.pem: revision 1.1 etc/mtree/NetBSD.dist.tests: revision 1.200 external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_1_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA_-_R3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Actalis_Authentication_Root_CA.pem: revision 1.1 distrib/sets/lists/base/mi: revision 1.1326 distrib/sets/lists/base/mi: revision 1.1327 external/mpl/mozilla-certdata/share/certs/SecureSign_RootCA11.pem: revision 1.1 distrib/sets/lists/base/mi: revision 1.1328 external/mpl/mozilla-certdata/share/certs/Comodo_AAA_Services_root.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_2_G3.pem: revision 1.1 distrib/sets/lists/base/mi: revision 1.1329 external/mpl/mozilla-certdata/share/certs/COMODO_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certum_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_High_Assurance_EV_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Secure_Mail_Root_R45.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Secure_Global_CA.pem: revision 1.1 usr.sbin/certctl/certctl.8: revision 1.1 external/mpl/mozilla-certdata/share/certs/XRamp_Global_CA_Root.pem: revision 1.1 external/mpl/Makefile: revision 1.5 usr.sbin/certctl/certctl.8: revision 1.2 external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_Class_3_CA_2_2009.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Baltimore_CyberTrust_Root.pem: revision 1.1 usr.sbin/certctl/certs.conf: revision 1.1 external/mpl/mozilla-certdata/share/certs/LAWtrust_Root_CA2_4096.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/AC_RAIZ_FNMT-RCM.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GA_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certainly_Root_E1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_E46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_EV_Root_Certification_Authority_ECC.pem: revision 1.1 certctl(8): New tool for managing OpenSSL CA certificates. Same command-line syntax as FreeBSD, clearer semantics about which parts are config and which parts are cache. mozilla-certdata: Record in doc/3RDPARTY. mozilla-certdata: Makefile infrastructure. mozilla-certdata: regen (actually, just `gen', this first time) mozilla-certdata: Connect it up to the build. postinstall(8): Add opensslcerts item to regen /etc/openssl/certs. Works only with destdir /, since it relies on running openssl(1), which is not available as a tool or required in the cross-build environment. certctl(8): Add xfail test for missing certs.conf. Command should fail, i.e., exit with nonzero status, but it exits with zero instead. certctl(8): Exit nonzero on missing certs.conf. certctl(8): Test prepopulated /etc/openssl/certs. This is the scenario when you have previously populated /etc/openssl/certs manually, or with a package like mozilla-rootcerts or mozilla-rootcerts-openssl, and you update to a version of NetBSD with certctl(8). In this case, certctl(8) should avoid destroying your work. While here, also test some related but less likely edge cases: - nonexistent - symlink - regular file certctl(8): Avoid clobbering prepopulated /etc/openssl/certs. Also avoid clobbering some other edge cases like symlinks or non-directories there. This way, we have the following transitions on system updates: - If /etc/openssl/certs is empty (as in default NetBSD<10 installs): quietly populated on rehash. - If /etc/openssl/certs is nonempty (you've added things to it, e.g. by hand or with mozilla-rootcerts) and has never been managed by certctl(8): left alone on rehash, with an error message to explain what you need to do. - If /etc/openssl/certs has been managed by certctl(8): quietly updated on rehash. Note: This means current installations made since certctl(8) was added will be treated like /etc/openssl/certs is nonempty and has never been managed by certctl(8). To work around this, you can just delete /etc/openssl/certs and rerun `certctl rehash'. postinstall(8): Fail if `certctl rehash' fails. Not using `set -e' here, evidently (maybe we should), so the separate return 0 suppressed the error. distrib/sets/lists: certs.conf belongs in etc, not in base. Oops. certctl(8): Set certs.conf 644 and add it to etc/mtree/special. Now that we have /etc/openssl/certs.conf mentioned here, also list /etc/openssl. hier(7): Document /etc/openssl. certctl(8): Minor man page clarifications. - Specify exactly what /etc/openssl/certs gets populated with. - Change HTTPS to TLS. - Specify the permitted character class in certs.conf. (Maybe more conservative than strictly needed; but let's stay on the safe side.) certctl(8): Fix some bugs with evil pathnames. certctl(8): Fix quoting and whitespace style in evilpath test. No functional change intended. etc/mtree/special: Fix spaces/tabs. No functional change intended. mozilla-certdata: Install relative symlinks. Slightly more compact this way, and you can examine them in a destdir without chrooting. Not terribly important, but a minor convenience. certctl(8): Test more evil pathnames. certctl(8): Install certs.conf in /usr/share/examples too. This way postinstall(8) can refer to the default one when you've done an upgrade without etcupdate or similar to pull in new config files from etc.tgz. Not great -- we should do this systematically for all config files in /etc, but this one-off hack is less risky for 10. postinstall(8): Handle various certs.conf scenarios gracefully. Tested the following scenarios: 1. fresh install empty /etc/openssl/certs default /etc/openssl/certs.conf - opensslcertsconf [x] check: pass [x] fix: pass -- nothing - opensslcertsrehash [x] check: fail -- needs rehash [x] fix: pass -- quietly rehash successfully (go to 4) 2. fresh upgrade empty /etc/openssl/certs no /etc/openssl/certs.conf - opensslcertsconf [x] check: fail -- complain missing /etc/openssl/certs.conf [x] fix: pass -- install default /etc/openssl/certs.conf (go to 1) - opensslcertsrehash [x] check: fail -- complain missing /etc/openssl/certs.conf - [x] fix: fail -- complain missing /etc/openssl/certs.conf 3. upgrade from certctl, changes to certs certctl-managed /etc/openssl/certs default /etc/openssl/certs.conf - opensslcertsconf [x] check: pass [x] fix: pass -- nothing - opensslcertsrehash [x] check: fail -- needs rehash [x] fix: pass -- quietly rehash successfully (go to 4) 4. upgrade from certctl, no changes to certs certctl-managed /etc/openssl/certs default /etc/openssl/certs.conf - opensslcertsconf [x] check: pass [x] fix: pass -- nothing - opensslcertsrehash [x] check: pass [x] fix: pass -- quietly rehash successfully (go to 4) 5. upgrade from mozilla-rootcerts populated /etc/openssl/certs no /etc/openssl/certs.conf - opensslcertsconf: [x] check: fail -- complain missing /etc/openssl/certs.conf [x] fix: pass -- install manual /etc/openssl/certs.conf (go to 7) - opensslcertsrehash: [x] check: fail -- complain missing /etc/openssl/certs.conf [x] fix: fail -- complain missing /etc/openssl/certs.conf 6. upgrade from mozilla-rootcerts with etcupdate naively populated /etc/openssl/certs default /etc/openssl/certs.conf - opensslcertsconf: [x] check: pass [x] fix: pass -- nothing - opensslcertsrehash: [x] check: fail -- complain mismatched certs/ and certs.conf [x] fix: fail -- complain mismatched certs/ and certs.conf 7. upgrade from mozilla-rootcerts with etcupdate manually populated /etc/openssl/certs manual /etc/openssl/certs.conf - opensslcertsconf: [x] check: pass [x] fix: pass -- nothing - opensslcertsrehash: [x] check: pass [x] fix: pass -- skip rehash because manual (go to 7) XXX Someone should draft automatic tests for postinstall. It has a very good track record, but it sure would be nice to automate this testing rather than redo it each time I make a tiny change.
1.8.2.1	02-Aug-2025	perseant	Sync with HEAD

OpenGrok