From owner-freebsd-ports-bugs@FreeBSD.ORG Wed May 14 17:30:00 2014 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A367F569 for ; Wed, 14 May 2014 17:30:00 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7F0182664 for ; Wed, 14 May 2014 17:30:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s4EHU0SE055147 for ; Wed, 14 May 2014 17:30:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s4EHU0Ft055146; Wed, 14 May 2014 17:30:00 GMT (envelope-from gnats) Resent-Date: Wed, 14 May 2014 17:30:00 GMT Resent-Message-Id: <201405141730.s4EHU0Ft055146@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dreamcat4 Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9C104403 for ; Wed, 14 May 2014 17:26:53 +0000 (UTC) Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6E95A264A for ; Wed, 14 May 2014 17:26:53 +0000 (UTC) Received: from cgiserv.freebsd.org ([127.0.1.6]) by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s4EHQr02096876 for ; Wed, 14 May 2014 17:26:53 GMT (envelope-from nobody@cgiserv.freebsd.org) Received: (from nobody@localhost) by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s4EHQrcA096870; Wed, 14 May 2014 17:26:53 GMT (envelope-from nobody) Message-Id: <201405141726.s4EHQrcA096870@cgiserv.freebsd.org> Date: Wed, 14 May 2014 17:26:53 GMT From: Dreamcat4 To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: ports/189811: [enhancement] ca_root_nss - Add the missing symlink for /etc/ssl/cert.pem X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 17:30:00 -0000 >Number: 189811 >Category: ports >Synopsis: [enhancement] ca_root_nss - Add the missing symlink for /etc/ssl/cert.pem >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed May 14 17:30:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Dreamcat4 >Release: ANY >Organization: - >Environment: ANY >Description: I make this PR because I cannot contact the port maintainer. Tried emailing the "FreeBSD GEKO Team" - geko@freebsd.org. The email bounced, was never delivered. Problem: For ca_root_nss there is no /etc/ssl/cert.pem symlink created by default. The PKGNG built pkg of ca_root_nss doesn't create the necessary /etc/ssl/cert.pem file. Most people think "ah" now i know! i'll just "pkg install ca_root_nss". Yet the result simply does not work. It is infuriating, frustrating, and confusing for newcomers. No other operating system does this... If i'm on Windows, Mac, Linux, recognizing the ssl certs "just works". "ca_root_nss" is the only pkg that FreeBSD users are commonly aware of, and will actually install. So it's rather absurd because no alternative or competing SSL cert pkg (that anybody is aware of) is being installed to that same location. For a "non-default-option", the usualy proceedure to build from ports (manually enabling the ETCSYMLINK option by typing "make config") is also a fail. Because compiling that port pulls in huge perl5 build dependency. For the sake of 1 symlink "ln -s" is utterly absurd - when it can install as pkg instead from pkgng repository. >How-To-Repeat: pkg install ca_root_nss Invalid ssl certs. >Fix: Solution: Make ETCSYMLINK the default build option. Problem goes away. Patch file included. Patch attached with submission follows: freenas ca_root_nss/ root^> diff -ruN /usr/ports/security/ca_root_nss/Makefile /usr/ports/security/ca_root_nss/Makefile.new --- /usr/ports/security/ca_root_nss/Makefile 2014-04-29 21:35:24.000000000 +0100 +++ /usr/ports/security/ca_root_nss/Makefile.new 2014-05-14 17:57:45.853932316 +0100 @@ -10,6 +10,8 @@ COMMENT= The root certificate bundle from the Mozilla Project OPTIONS_DEFINE= ETCSYMLINK +OPTIONS_DEFAULT= ETCSYMLINK + ETCSYMLINK_DESC= Add symlink to /etc/ssl/cert.pem USES= perl5 freenas ca_root_nss/ root^> >Release-Note: >Audit-Trail: >Unformatted: