Hello,

Could you please let us know which branch the proposed patch will be merged to?

As for me the nanobsd image build succeeded when I added the lines 422-426 in tools/tools/nanobsd/embedded/common
```
        echo "./etc/ssl type=dir uname=root gname=wheel mode=0755"
        echo "./etc/ssl/blacklisted type=dir uname=root gname=wheel mode=0755"
        echo "./etc/ssl/certs type=dir uname=root gname=wheel mode=0755"
        echo "./usr/share/keys/ssl type=dir uname=root gname=wheel mode=0755"
        echo "./usr/share/keys/ssl/certs type=dir uname=root gname=wheel mode=0755"
```
Possibly for better visualization of diff I uploaded it on GitHub
https://github.com/ghostbsd/ghostbsd-src/compare/stable/13...maxsteciuk:ghostbsd:stable/13#diff-ec54d95a1ddfea75136ffd5b2f1a0bd25f300e3effb4b0e54fa89e8132493301

Thanks
Max

Comment 2 Warner Losh 2023-01-24 22:29:18 UTC

(In reply to Max from comment #1)
> Could you please let us know which branch the proposed patch will be merged to?

The changes look good generically, though I'd likely sort them differently.

I just got the same problem, it would be awesome if it could be merged before the release of FreeBSD 14.0! :-)

Thanks!

Yes, it would be nice if it was committed in 14.

Follow a sorted patch :-)

*** common.ori	2023-09-28 17:46:57.376441000 +0200
--- common	2023-09-28 18:00:35.465424000 +0200
*************** fix_pkg ( ) (
*** 410,415 ****
--- 410,420 ----
  	echo "./pkg/cache type=dir uname=root gname=wheel mode=0755"
  	echo "./pkg/db type=dir uname=root gname=wheel mode=0755"
  	echo "./pkg/tmp type=dir uname=root gname=wheel mode=0755"
+ 	echo "./usr/share/keys/ssl type=dir uname=root gname=wheel mode=0755"
+ 	echo "./usr/share/keys/ssl/certs type=dir uname=root gname=wheel mode=0755"
+ 	echo "./etc/ssl type=dir uname=root gname=wheel mode=0755"
+ 	echo "./etc/ssl/blacklisted type=dir uname=root gname=wheel mode=0755"
+ 	echo "./etc/ssl/certs type=dir uname=root gname=wheel mode=0755"
  	) >> ${NANO_METALOG}
  )
  customize_cmd fix_pkg

I had something similar in a non-upstreamed branch:

--- a/tools/tools/nanobsd/embedded/common
+++ b/tools/tools/nanobsd/embedded/common
@@ -411,6 +411,20 @@ fix_pkg ( ) (
 )
 customize_cmd fix_pkg
 
+fix_certctl ( ) (
+	chdir ${NANO_WORLDDIR}
+	mkdir -p etc/ssl/blacklisted
+	mkdir -p etc/ssl/certs
+	mkdir -p etc/ssl/untrusted
+	[ -z ${NANO_NOPRIV_BUILD} ] || (
+	echo "./etc/ssl type=dir uname=root gname=wheel mode=0755"
+	echo "./etc/ssl/blacklisted type=dir uname=root gname=wheel mode=0755"
+	echo "./etc/ssl/certs type=dir uname=root gname=wheel mode=0755"
+	echo "./etc/ssl/untrusted type=dir uname=root gname=wheel mode=0755"
+	) >> ${NANO_METALOG}
+)
+customize_cmd fix_certctl
+
 save_build ( ) (
 	VERSION_FILE=${NANO_WORLDDIR}/etc/version
 	if [ "${SVNREVISION}" = "${REVISION}" ]; then

However, I think the real problem is that this information is missing from the mtree (in /etc/mtree/BSD.root.dist).  I have switched to building images with poudriere, but I may revisit this issue soon-ish, and confirm it.

(In reply to Jose Luis Duran from comment #5)
Note to self: blacklisted -> untrusted (should not need the former).

Suggested fix: https://github.com/freebsd/freebsd-src/pull/912

Comment 8 commit-hook 2023-12-28 06:25:31 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=5b7f73ce16cbd3704b21943ebe6b489b2bc2de1f

commit 5b7f73ce16cbd3704b21943ebe6b489b2bc2de1f
Author:     Jose Luis Duran <jlduran@gmail.com>
AuthorDate: 2023-12-28 05:26:23 +0000
Commit:     Warner Losh <imp@FreeBSD.org>
CommitDate: 2023-12-28 05:26:28 +0000

    mtree: Add missing directories generated by certctl

    PR: 255639
    Reviewed by: imp
    Pull Request: https://github.com/freebsd/freebsd-src/pull/912

 etc/mtree/BSD.root.dist | 4 ++++
 1 file changed, 4 insertions(+)

Comment 9 Mark Linimon 2023-12-31 05:44:20 UTC

^Triage: assign to committer and set mfc flags.

I think the issue is no longer present. At least, I was not able to reproduce it.