Date: Wed, 14 May 2014 17:26:53 GMT From: Dreamcat4 <dreamcat4@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/189811: [enhancement] ca_root_nss - Add the missing symlink for /etc/ssl/cert.pem Message-ID: <201405141726.s4EHQrcA096870@cgiserv.freebsd.org> Resent-Message-ID: <201405141730.s4EHU0Ft055146@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 189811 >Category: ports >Synopsis: [enhancement] ca_root_nss - Add the missing symlink for /etc/ssl/cert.pem >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed May 14 17:30:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Dreamcat4 >Release: ANY >Organization: - >Environment: ANY >Description: I make this PR because I cannot contact the port maintainer. Tried emailing the "FreeBSD GEKO Team" - geko@freebsd.org. The email bounced, was never delivered. Problem: For ca_root_nss there is no /etc/ssl/cert.pem symlink created by default. The PKGNG built pkg of ca_root_nss doesn't create the necessary /etc/ssl/cert.pem file. Most people think "ah" now i know! i'll just "pkg install ca_root_nss". Yet the result simply does not work. It is infuriating, frustrating, and confusing for newcomers. No other operating system does this... If i'm on Windows, Mac, Linux, recognizing the ssl certs "just works". "ca_root_nss" is the only pkg that FreeBSD users are commonly aware of, and will actually install. So it's rather absurd because no alternative or competing SSL cert pkg (that anybody is aware of) is being installed to that same location. For a "non-default-option", the usualy proceedure to build from ports (manually enabling the ETCSYMLINK option by typing "make config") is also a fail. Because compiling that port pulls in huge perl5 build dependency. For the sake of 1 symlink "ln -s" is utterly absurd - when it can install as pkg instead from pkgng repository. >How-To-Repeat: pkg install ca_root_nss Invalid ssl certs. >Fix: Solution: Make ETCSYMLINK the default build option. Problem goes away. Patch file included. Patch attached with submission follows: freenas ca_root_nss/ root^> diff -ruN /usr/ports/security/ca_root_nss/Makefile /usr/ports/security/ca_root_nss/Makefile.new --- /usr/ports/security/ca_root_nss/Makefile 2014-04-29 21:35:24.000000000 +0100 +++ /usr/ports/security/ca_root_nss/Makefile.new 2014-05-14 17:57:45.853932316 +0100 @@ -10,6 +10,8 @@ COMMENT= The root certificate bundle from the Mozilla Project OPTIONS_DEFINE= ETCSYMLINK +OPTIONS_DEFAULT= ETCSYMLINK + ETCSYMLINK_DESC= Add symlink to /etc/ssl/cert.pem USES= perl5 freenas ca_root_nss/ root^> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405141726.s4EHQrcA096870>