> Date: Sun, 3 Sep 2023 12:21:23 -0700 (PDT) > From: Paul Goyette <p...@whooppee.com> > > If I migrate to this new world order (ie, I delete existing package > and clean out the /etc/openssl/certs directory), what happens to any > packages that currently depend on mozilla-rootcerts? Will they > somehow magically not need to install the mozilla-rootcerts package?
Packages that merely depend on mozilla-rootcerts are unaffected. You don't need to delete mozilla-rootcerts. It can remain installed. The same applies to ca-certificates. After you delete /etc/openssl/certs and run postinstall: - Packages that look to /etc/openssl/certs for trust anchors will begin to see the base ones, not the mozilla-rootcerts package ones. - Packages that look to $LOCALBASE/share/mozilla-rootcerts for trust anchors will continue to see the mozilla-rootcerts package ones. We'll eventually fix most or all of the packages in the second group to stop looking to $LOCALBASE/share/mozilla-rootcerts and to instead look to /etc/openssl/certs on NetBSD, /etc/ssl/certs on FreeBSD, /etc/pki/whatever on Fedora, &c. But that won't happen immediately -- not pkgsrc-2023Q3. (mozilla-rootcerts-openssl is a different story. Nothing should depend on this. I just fixed the one case in pkgsrc of such an incorrect dependency. The new postinstall item for certctl(8) should gracefully handle an existing mozilla-rootcerts-openssl install, though. If you want to let certctl(8) take over, you will have to deinstall mozilla-rootcerts-openssl.)
