Feature request - certctl(8) from FreeBSD
Aaron LI
aly at aaronly.me
Mon May 5 23:57:39 PDT 2025
Hi Stephen,
On 5/6/25 2:47 PM, Stephen Welker wrote:
> I have observed the pkg (dports) system tries to execute a program
> called certctl - at the moment it errors, without to much harm???
Yes, I also noticed the error message spit by pkg(8) about `certctl` not
found when installing the `ca_root_nss` package. I believe it's no
harm, but a bit annoying.
> Is it possible to have it added to DragonFly base system?
>
> Details:
>
> https://man.freebsd.org/cgi/man.cgi?certctl(8)
> https://cgit.freebsd.org/src/tree/usr.sbin/certctl
Yah, the `certctl` is a base utility in FreeBSD. In principle, we could
port it over. However, DragonFly currently only has `/etc/ssl/cert.pem`
but no `/etc/openssl/certs` and others. So personally, I think the
`certctl utility alone doesn't do much benefits.
I'd like we first patch `ca_root_nss` to not invoke `certctl` and
discuss the `certctl` utility import later.
> NB: There is a version in NetBSD - I do not know if it is the same.
Interesting. I didn't check NetBSD before. Actually, the NetBSD's man
page has a section listing the differences between their version and
FreeBSD. See: https://man.netbsd.org/certctl.8
Cheers,
Aaron
More information about the Users
mailing list