![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / tests / usr.sbin
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Add a makefs test
Pull up following revision(s) (requested by riastradh in ticket #343):
external/mpl/mozilla-certdata/dist/certdata.txt: revision 1.1.1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_G3.pem: revision 1.1
distrib/sets/lists/man/mi: revision 1.1764
external/mpl/mozilla-certdata/share/certs/ACCVRAIZ1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem: revision 1.1
tests/usr.sbin/certctl/certs4/DigiCert_Global_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Server_Authentication_Root_R46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Secure_Mail_Root_E45.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Root_Certification_Authority_ECC.pem: revision 1.1
tests/usr.sbin/certctl/certs3/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem: revision 1.1
tests/usr.sbin/certctl/certs2/GTS_Root_R1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/BJCA_Global_Root_CA1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Izenpe.com.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_2.pem: revision 1.1
tests/usr.sbin/certctl/certs4/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Global_Chambersign_Root_-_2008.pem: revision 1.1
distrib/sets/lists/etc/mi: revision 1.272
external/mpl/mozilla-certdata/share/certs/ISRG_Root_X1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TunTrust_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_BR_Root_CA_1_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Root_Certification_Authority_RSA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_EC-384_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_RootCA3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/IdenTrust_Public_Sector_Root_CA_1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_EC1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SZAFIR_ROOT_CA2.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.1
external/mpl/mozilla-certdata/share/certs/UCA_Global_G2_Root.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_Client_ECC_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/COMODO_ECC_Certification_Authority.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.2
tests/usr.sbin/certctl/certs1/DigiCert_Global_Root_CA.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.3
external/mpl/mozilla-certdata/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/DIGITALSIGN_GLOBAL_ROOT_RSA_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GTS_Root_R2.pem: revision 1.1
usr.sbin/certctl/certctl.sh: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.4
external/mpl/mozilla-certdata/share/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SwissSign_Silver_CA_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Starfield_Class_2_CA.pem: revision 1.1
usr.sbin/certctl/certctl.sh: revision 1.2
tests/usr.sbin/certctl/t_certctl.sh: revision 1.5
usr.sbin/certctl/certctl.sh: revision 1.3
tests/usr.sbin/certctl/t_certctl.sh: revision 1.6
usr.sbin/certctl/certctl.sh: revision 1.4
tests/usr.sbin/certctl/t_certctl.sh: revision 1.7
external/mpl/mozilla-certdata/share/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem: revision 1.1
tests/usr.sbin/certctl/t_certctl.sh: revision 1.8
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Server_Authentication_Root_E46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Hongkong_Post_Root_CA_3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_G4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/ANF_Secure_Server_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Chambers_of_Commerce_Root_-_2008.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Go_Daddy_Class_2_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/USERTrust_RSA_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Trustwave_Global_ECC_P384_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certdata.awk: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_TLS_ECC_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_ECC_G2_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Email_Protection_Root_R46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TrustCor_ECA-1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_ECC_Root_CA_-_R5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_TLS_ECC_Root_CA_2022.pem: revision 1.1
usr.sbin/Makefile: revision 1.292
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Premium.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/CA_Disig_Root_R2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_Root_CA_-_C1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA_-_R6.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Trusted_Root_G4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_RSA_G2_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/vTrus_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/T-TeleSec_GlobalRoot_Class_2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_R46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-2.pem: revision 1.1
etc/mtree/special: revision 1.176
external/mpl/mozilla-certdata/share/certs/USERTrust_ECC_Certification_Authority.pem: revision 1.1
etc/mtree/special: revision 1.177
etc/mtree/special: revision 1.178
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Premium_ECC.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/vTrus_ECC_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_TLS_ECC_P384_Root_G5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/NAVER_Global_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/server.trust: revision 1.1
external/mpl/mozilla-certdata/share/certs/SecureTrust_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/code.trust: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_TLS_RSA_Root_CA_2022.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_TLS_RSA4096_Root_G5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_G2.pem: revision 1.1
tests/usr.sbin/certctl/certs1/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Email_Protection_Root_E46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TWCA_Global_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_SMIME_RSA4096_Root_G5.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Client_ECC_Root_CA_2022.pem: revision 1.1
share/man/man7/hier.7: revision 1.141
external/mpl/mozilla-certdata/share/certs/Certigna.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/certSIGN_Root_CA_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certigna_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GTS_Root_R4.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/T-TeleSec_GlobalRoot_Class_3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Telia_Root_CA_v2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_3_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_ECC_Root_CA_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_RootCA2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TWCA_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Buypass_Class_2_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_ECC_Root_CA_-_C3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GTS_Root_R1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_Client_RSA_Root_CA_2022.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HiPKI_Root_CA_-_G1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Starfield_Root_Certificate_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SwissSign_Gold_CA_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GB_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Networking.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem: revision 1.1
tests/usr.sbin/certctl/Makefile.inc: revision 1.1
external/mpl/mozilla-certdata/share/certs/COMODO_RSA_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Network_CA_2.pem: revision 1.1
tests/usr.sbin/certctl/certs2/GlobalSign_Root_CA_-_R3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GC_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AffirmTrust_Commercial.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Buypass_Class_3_Root_CA.pem: revision 1.1
distrib/sets/lists/tests/mi: revision 1.1292
external/mpl/mozilla-certdata/share/certs/UCA_Extended_Validation_Root.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Trustwave_Global_ECC_P256_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Network_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_2.pem: revision 1.1
external/mpl/mozilla-certdata/share/email.trust: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_2011.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_EV_Root_CA_1_2020.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/ePKI_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DIGITALSIGN_GLOBAL_ROOT_ECDSA_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_ECC_Root_CA_-_R4.pem: revision 1.1
tests/usr.sbin/certctl/certs2/Makefile: revision 1.1
tests/usr.sbin/Makefile: revision 1.8
external/mpl/mozilla-certdata/share/certs/Trustwave_Global_Certification_Authority.pem: revision 1.1
tests/usr.sbin/certctl/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/IdenTrust_Commercial_Root_CA_1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_SMIME_ECC_P384_Root_G5.pem: revision 1.1
tests/usr.sbin/certctl/certs1/Explicitly_Distrust_DigiNotar_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Staat_der_Nederlanden_Root_CA_-_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_3.pem: revision 1.1
external/mpl/mozilla-certdata/share/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/Makefile: revision 1.2
external/mpl/mozilla-certdata/share/certs/Microsec_e-Szigno_Root_CA_2009.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/BJCA_Global_Root_CA2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_Client_RSA_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GDCA_TrustAUTH_R5_ROOT.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_3.pem: revision 1.1
tests/usr.sbin/certctl/certs4/AC_RAIZ_FNMT-RCM.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/ISRG_Root_X2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_CA_3_2013.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Microsoft_RSA_Root_Certificate_Authority_2017.pem: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.252
external/mpl/mozilla-certdata/share/certs/CFCA_EV_ROOT.pem: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.253
external/mpl/mozilla-certdata/share/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/emSign_Root_CA_-_G1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Microsoft_ECC_Root_Certificate_Authority_2017.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Explicitly_Distrust_DigiNotar_Root_CA.pem: revision 1.1
usr.sbin/certctl/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/Security_Communication_ECC_RootCA1.pem: revision 1.1
usr.sbin/certctl/Makefile: revision 1.2
usr.sbin/certctl/Makefile: revision 1.3
external/mpl/mozilla-certdata/share/certs/GTS_Root_R3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/e-Szigno_Root_CA_2017.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/certSIGN_ROOT_CA.pem: revision 1.1
doc/3RDPARTY: revision 1.1949
external/mpl/mozilla-certdata/share/certs/Certainly_Root_R1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/TeliaSonera_Root_CA_v1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/HARICA_TLS_RSA_Root_CA_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/NetLock_Arany_Class_Gold.pem: revision 1.1
usr.sbin/postinstall/postinstall.in: revision 1.53
usr.sbin/postinstall/postinstall.in: revision 1.54
tests/usr.sbin/certctl/certs3/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: revision 1.1
etc/Makefile: revision 1.467
usr.sbin/postinstall/postinstall.in: revision 1.55
tests/usr.sbin/certctl/certs3/Makefile: revision 1.1
external/mpl/mozilla-certdata/share/certs/GLOBALTRUST_2020.pem: revision 1.1
etc/mtree/NetBSD.dist.tests: revision 1.200
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_1_G3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA_-_R3.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Actalis_Authentication_Root_CA.pem: revision 1.1
distrib/sets/lists/base/mi: revision 1.1326
distrib/sets/lists/base/mi: revision 1.1327
external/mpl/mozilla-certdata/share/certs/SecureSign_RootCA11.pem: revision 1.1
distrib/sets/lists/base/mi: revision 1.1328
external/mpl/mozilla-certdata/share/certs/Comodo_AAA_Services_root.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_G2.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_2_G3.pem: revision 1.1
distrib/sets/lists/base/mi: revision 1.1329
external/mpl/mozilla-certdata/share/certs/COMODO_Certification_Authority.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certum_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/DigiCert_High_Assurance_EV_Root_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Secure_Mail_Root_R45.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Secure_Global_CA.pem: revision 1.1
usr.sbin/certctl/certctl.8: revision 1.1
external/mpl/mozilla-certdata/share/certs/XRamp_Global_CA_Root.pem: revision 1.1
external/mpl/Makefile: revision 1.5
usr.sbin/certctl/certctl.8: revision 1.2
external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_Class_3_CA_2_2009.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Baltimore_CyberTrust_Root.pem: revision 1.1
usr.sbin/certctl/certs.conf: revision 1.1
external/mpl/mozilla-certdata/share/certs/LAWtrust_Root_CA2_4096.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/AC_RAIZ_FNMT-RCM.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GA_CA.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Certainly_Root_E1.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_E46.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem: revision 1.1
external/mpl/mozilla-certdata/share/certs/SSL.com_EV_Root_Certification_Authority_ECC.pem: revision 1.1
certctl(8): New tool for managing OpenSSL CA certificates.
Same command-line syntax as FreeBSD, clearer semantics about which
parts are config and which parts are cache.
mozilla-certdata: Record in doc/3RDPARTY.
mozilla-certdata: Makefile infrastructure.
mozilla-certdata: regen
(actually, just `gen', this first time)
mozilla-certdata: Connect it up to the build.
postinstall(8): Add opensslcerts item to regen /etc/openssl/certs.
Works only with destdir /, since it relies on running openssl(1),
which is not available as a tool or required in the cross-build
environment.
certctl(8): Add xfail test for missing certs.conf.
Command should fail, i.e., exit with nonzero status, but it exits
with zero instead.
certctl(8): Exit nonzero on missing certs.conf.
certctl(8): Test prepopulated /etc/openssl/certs.
This is the scenario when you have previously populated
/etc/openssl/certs manually, or with a package like mozilla-rootcerts
or mozilla-rootcerts-openssl, and you update to a version of NetBSD
with certctl(8). In this case, certctl(8) should avoid destroying
your work.
While here, also test some related but less likely edge cases:
- nonexistent
- symlink
- regular file
certctl(8): Avoid clobbering prepopulated /etc/openssl/certs.
Also avoid clobbering some other edge cases like symlinks or
non-directories there.
This way, we have the following transitions on system updates:
- If /etc/openssl/certs is empty (as in default NetBSD<10 installs):
quietly populated on rehash.
- If /etc/openssl/certs is nonempty (you've added things to it,
e.g. by hand or with mozilla-rootcerts) and has never been managed
by certctl(8): left alone on rehash, with an error message to
explain what you need to do.
- If /etc/openssl/certs has been managed by certctl(8): quietly
updated on rehash.
Note: This means current installations made since certctl(8) was
added will be treated like /etc/openssl/certs is nonempty and has
never been managed by certctl(8). To work around this, you can just
delete /etc/openssl/certs and rerun `certctl rehash'.
postinstall(8): Fail if `certctl rehash' fails.
Not using `set -e' here, evidently (maybe we should), so the separate
return 0 suppressed the error.
distrib/sets/lists: certs.conf belongs in etc, not in base.
Oops.
certctl(8): Set certs.conf 644 and add it to etc/mtree/special.
Now that we have /etc/openssl/certs.conf mentioned here, also
list /etc/openssl.
hier(7): Document /etc/openssl.
certctl(8): Minor man page clarifications.
- Specify exactly what /etc/openssl/certs gets populated with.
- Change HTTPS to TLS.
- Specify the permitted character class in certs.conf.
(Maybe more conservative than strictly needed; but let's stay on
the safe side.)
certctl(8): Fix some bugs with evil pathnames.
certctl(8): Fix quoting and whitespace style in evilpath test.
No functional change intended.
etc/mtree/special: Fix spaces/tabs.
No functional change intended.
mozilla-certdata: Install relative symlinks.
Slightly more compact this way, and you can examine them in a destdir
without chrooting. Not terribly important, but a minor convenience.
certctl(8): Test more evil pathnames.
certctl(8): Install certs.conf in /usr/share/examples too.
This way postinstall(8) can refer to the default one when you've done
an upgrade without etcupdate or similar to pull in new config files
from etc.tgz.
Not great -- we should do this systematically for all config files in
/etc, but this one-off hack is less risky for 10.
postinstall(8): Handle various certs.conf scenarios gracefully.
Tested the following scenarios:
1. fresh install
empty /etc/openssl/certs
default /etc/openssl/certs.conf
- opensslcertsconf
[x] check: pass
[x] fix: pass -- nothing
- opensslcertsrehash
[x] check: fail -- needs rehash
[x] fix: pass -- quietly rehash successfully (go to 4)
2. fresh upgrade
empty /etc/openssl/certs
no /etc/openssl/certs.conf
- opensslcertsconf
[x] check: fail -- complain missing /etc/openssl/certs.conf
[x] fix: pass -- install default /etc/openssl/certs.conf (go to 1)
- opensslcertsrehash
[x] check: fail -- complain missing /etc/openssl/certs.conf
- [x] fix: fail -- complain missing /etc/openssl/certs.conf
3. upgrade from certctl, changes to certs
certctl-managed /etc/openssl/certs
default /etc/openssl/certs.conf
- opensslcertsconf
[x] check: pass
[x] fix: pass -- nothing
- opensslcertsrehash
[x] check: fail -- needs rehash
[x] fix: pass -- quietly rehash successfully (go to 4)
4. upgrade from certctl, no changes to certs
certctl-managed /etc/openssl/certs
default /etc/openssl/certs.conf
- opensslcertsconf
[x] check: pass
[x] fix: pass -- nothing
- opensslcertsrehash
[x] check: pass
[x] fix: pass -- quietly rehash successfully (go to 4)
5. upgrade from mozilla-rootcerts
populated /etc/openssl/certs
no /etc/openssl/certs.conf
- opensslcertsconf:
[x] check: fail -- complain missing /etc/openssl/certs.conf
[x] fix: pass -- install manual /etc/openssl/certs.conf (go to 7)
- opensslcertsrehash:
[x] check: fail -- complain missing /etc/openssl/certs.conf
[x] fix: fail -- complain missing /etc/openssl/certs.conf
6. upgrade from mozilla-rootcerts with etcupdate naively
populated /etc/openssl/certs
default /etc/openssl/certs.conf
- opensslcertsconf:
[x] check: pass
[x] fix: pass -- nothing
- opensslcertsrehash:
[x] check: fail -- complain mismatched certs/ and certs.conf
[x] fix: fail -- complain mismatched certs/ and certs.conf
7. upgrade from mozilla-rootcerts with etcupdate manually
populated /etc/openssl/certs
manual /etc/openssl/certs.conf
- opensslcertsconf:
[x] check: pass
[x] fix: pass -- nothing
- opensslcertsrehash:
[x] check: pass
[x] fix: pass -- skip rehash because manual (go to 7)
XXX Someone should draft automatic tests for postinstall. It has a
very good track record, but it sure would be nice to automate this
testing rather than redo it each time I make a tiny change.
certctl(8): New tool for managing OpenSSL CA certificates. Same command-line syntax as FreeBSD, clearer semantics about which parts are config and which parts are cache.
Inetd enhancements by James Browning, Gabe Coffland, Alex Gavin, Solomon Ritzow
Described in:
https://www.mail-archive.com/tech-userlevel@netbsd.org/msg03114.html
And developed in:
https://github.com/ritzow/src/pull/1
From their notes:
All new functionality should be explained by the updated manpage.
The manpage has been refactored a bit: A new section "Directives"
has been added and the information about default hostnames and
IPsec directives has been moved there, and the new file include
directive information is also there.
getconfigent has the most major changes. A newline is no longer
read immediately, but is called only by a "goto more" (inside an
if(false) block). This allows multiple definitions or directives
to exist on a single line for anything that doesn't terminate using
a newline. This means a key-values service definition can be followed
by another key-values service definition, a positional definition,
or an ipsec, hostname, or .include directive on the same line.
memset is no longer used explicitly to clear the servtab structure,
a function init_servtab() is used instead, which uses a C struct
initializer.
The servtab se_group field is its own allocation now, and not just
a pointer into the user:group string.
Refactored some stuff out of getconfigent to separate functions
for use by parse_v2.c. These functions in inetd.c are named with
the form parse_*()
parse_v2.c only has code for parsing a key-values service definition
into a provided servtab. It should not have anything that affects
global state other than line and line_number.
Some function prototypes, structures, and #defines have been moved
from inetd.c to inetd.h.
The function config_root replaces config as the function called on
a config file load/reload. The code removed from the end of
config(void) is now called in config_root, so it is not run on each
recursive config call.
setconfig(void) was removed and its code added into config_root
because that is the only place it is called, and redundant checks
for non-null globals were removed because they are always freed by
endconfig. The fseek code was also removed because the config files
are always closed by endconfig.
Rate limiting code was updated to add a per-service per-IP rate
limiting form. Some of that code was refactored out of other places
into functions with names in the form rl_*()
We have not added any of the license or version information to the
new files parse_v2.c, parse_v2.h, and inetd.h and we have not
updated the license or version info for inetd.c.
Security related:
The behavior when reading invalid IPsec strings has changed. Inetd
no longer exits, it quits reading the current config file instead.
Could this impact program security?
We have not checked for memory leaks. Solomon tried to use dmalloc
without success. getconfigent seemed to have a memory leak at each
"goto more". It seems like inetd has never free'd allocated strings
when throwing away erroneous service definitions during parsing
(i.e. when "goto more" is called when parsing fields). OpenBSD's
version calls freeconfig on "goto more"
(https://github.com/openbsd/src/blob/c5eae130d6c937080c3d30d124e8c8b86db7d625/usr.sbin/inetd/inetd.c#L1049)
but NetBSD only calls it when service definitions are no longer
needed. This has been fixed. freeconfig is called immediately before
any "goto more". There shouldn't be any time when a servtab is in
an invalid state where freeconfig would break.
Check that DTrace's execsnoop and opensnoop work (cf. PR kern/53417).
Also install new tests.
sync with head.
Add a test case for PR bin/39546.
sync with head
Add a test case for PR kern/46328 (tested naively with tcpdump(8)).
Deprecate tests/util.
Hook traceroute test case to build. it was added to lists so unbreak build now.