Created attachment 264447 [details] proposed patch For some purposes it's useful to be able to build the ca_root_nss with a custom certctl command. It may be desireable for instance to run certctl rehash at the end of a package upgrade rather than in the middle, in which case it's sufficient to substitute CERTCTL_CMD=:. The attached patch implements this.
(In reply to Mark Johnston from comment #0) What is the usecase?
(In reply to Michael Osipov from comment #1) Wanting to use an alternate utility which can output the hashed dirs, and/or wanting to defer processing until after a package upgrade is completely finished.
Take.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=decf02f29df258d94fce0f57351fbe0ec9c645f5 commit decf02f29df258d94fce0f57351fbe0ec9c645f5 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2025-11-12 02:45:45 +0000 Commit: Xavier Beaudouin <kiwi@FreeBSD.org> CommitDate: 2025-11-12 02:49:37 +0000 security/ca_root_nss: Make the certctl command overridable For some purposes it's useful to be able to build the ca_root_nss with a custom certctl command. It may be desireable for instance to run certctl rehash at the end of a package upgrade rather than in the middle, in which case it's sufficient to substitute CERTCTL_CMD=:. Make the certctl command name a variable so that one can override it at port build time. No functional change intended. PR: 290115 Approved by: maintainer (timeout, 1 month) Sponsored by: OPNsense Sponsored by: Klara, Inc. security/ca_root_nss/Makefile | 6 ++++-- security/ca_root_nss/files/pkg-deinstall.in | 2 +- security/ca_root_nss/files/pkg-install.in | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-)