From 1d512ca4f770a51c471e571cda104beb2e57442d Mon Sep 17 00:00:00 2001
From: kevans <kevans@FreeBSD.org>
Date: Tue, 28 Jan 2020 03:02:18 +0000
Subject: [PATCH] caroot: blacklisted: automatically pick up *.pem in the tree

This kind of automagica got picked up in trusted/ prior to the initial
commit, but never got applied over in blacklisted. Ideally no one will be
using blacklisted/ to store arbitrary certs that they don't intend to
blacklist, so we should just install anything that's in here rather than
force consumer to first copy cert into place and then modify the file
listing in the Makefile.

Wise man once say: "it is better to restrict too much, than not enough.
sometimes."
---
 secure/caroot/blacklisted/Makefile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/secure/caroot/blacklisted/Makefile b/secure/caroot/blacklisted/Makefile
index 7691993416b3..ab93d2779380 100644
--- a/secure/caroot/blacklisted/Makefile
+++ b/secure/caroot/blacklisted/Makefile
@@ -2,6 +2,8 @@
 
 BINDIR=		/usr/share/certs/blacklisted
 
-FILES=
+BLACKLISTED_CERTS!=	ls ${.CURDIR}/*.pem 2> /dev/null || true
+
+FILES+=	 ${BLACKLISTED_CERTS}
 
 .include <bsd.prog.mk>
-- 
2.41.0