Since this cert.pem like /etc/ssl/cert.pem is used by services it must be adjustable like it previously was for @sample use. Now the file is registered by the package and ends up being rewritten on upgrades. ETCSYMLINK helps to edit contents of /etc/ssl/cert.pem still, but for ${PREFIX}/etc/ssl/cert.pem this is no longer possible. From the change in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228550 I can't really agree on the whole assumption made for ETCSYMLINK option turned off in this regard.
It is important for me too. Could you change this back? - ${LN} -sf ../../${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem.sample + ${LN} -sf ../../${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem
Created attachment 233392 [details] ETCSYMLINK fix Here is a patch that fixes the use case of ETCSYMLINK=off while trying to emulate what the original commit did. I'm not sure about others CC'ed to this thread, but since there is no official statement I'm sharing this as a base for discussion. Cheers, Franco
(there may be an error in the link structure but as I said I'm not a user of ETCSYMLINK and I did not break it)
(In reply to Franco Fichtner from comment #2) Thank you for your effort. It will solve my problem.
Created attachment 233493 [details] revisited patch Had some time today to test and this one seems to do it.
Created attachment 233494 [details] revisited patch, corrected oops, uploaded partial patch
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=ccb9f933491611faff4958a14b0f03ae64e374bb commit ccb9f933491611faff4958a14b0f03ae64e374bb Author: Jochen Neumeister <joneum@FreeBSD.org> AuthorDate: 2022-05-28 13:56:16 +0000 Commit: Jochen Neumeister <joneum@FreeBSD.org> CommitDate: 2022-05-28 13:59:00 +0000 security/ca_root_nss: Update to 3.78 Update to 3.78 changelog: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/hQUjX_jwbEk While here, fix a problem with ETCSYMLINK (1) PR: 262755 (1) Sponsored by: Netzkommune GmbH security/ca_root_nss/Makefile | 8 +++++--- security/ca_root_nss/distinfo | 6 +++--- security/ca_root_nss/pkg-plist | 6 ++++-- 3 files changed, 12 insertions(+), 8 deletions(-)