From 8d20be1e22095c27faf8fe8b2f0d089739cc742e Mon Sep 17 00:00:00 2001
From: Bryan Drewery <bdrewery@FreeBSD.org>
Date: Tue, 29 Oct 2013 15:07:54 +0000
Subject: [PATCH] Move /etc/keys to /usr/share/keys where users are less likely
 to modify them.

Requested by:	secteam (cperciva, des)
Approved by:	bapt
---
 etc/Makefile                                  |  1 -
 etc/mtree/BSD.root.dist                       |  8 -------
 etc/mtree/BSD.usr.dist                        |  8 +++++++
 etc/pkg/FreeBSD.conf                          |  2 +-
 share/Makefile                                |  1 +
 {etc => share}/keys/Makefile                  |  0
 {etc => share}/keys/pkg/Makefile              |  0
 {etc => share}/keys/pkg/trusted/Makefile      |  2 +-
 .../pkg/trusted/pkg.freebsd.org.2013102301    |  0
 share/man/man7/hier.7                         | 21 ++++++++++---------
 10 files changed, 22 insertions(+), 21 deletions(-)
 rename {etc => share}/keys/Makefile (100%)
 rename {etc => share}/keys/pkg/Makefile (100%)
 rename {etc => share}/keys/pkg/trusted/Makefile (71%)
 rename {etc => share}/keys/pkg/trusted/pkg.freebsd.org.2013102301 (100%)

diff --git a/etc/Makefile b/etc/Makefile
index 09c28141d83..d763df6d44e 100644
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -224,7 +224,6 @@ distribution:
 	${_+_}cd ${.CURDIR}/defaults; ${MAKE} install
 	${_+_}cd ${.CURDIR}/devd; ${MAKE} install
 	${_+_}cd ${.CURDIR}/gss; ${MAKE} install
-	${_+_}cd ${.CURDIR}/keys; ${MAKE} install
 	${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
 .if ${MK_PKGBOOTSTRAP} != "no"
 	${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
diff --git a/etc/mtree/BSD.root.dist b/etc/mtree/BSD.root.dist
index cc6334bdb21..86b93e13714 100644
--- a/etc/mtree/BSD.root.dist
+++ b/etc/mtree/BSD.root.dist
@@ -34,14 +34,6 @@
         ..
         gss
         ..
-        keys
-            pkg
-                revoked
-                ..
-                trusted
-                ..
-            ..
-        ..
         mail
         ..
         mtree
diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist
index 9b36acc01ed..f6c0306500e 100644
--- a/etc/mtree/BSD.usr.dist
+++ b/etc/mtree/BSD.usr.dist
@@ -478,6 +478,14 @@
         ..
         info
         ..
+        keys
+            pkg
+                revoked
+                ..
+                trusted
+                ..
+            ..
+        ..
         locale
             UTF-8
             ..
diff --git a/etc/pkg/FreeBSD.conf b/etc/pkg/FreeBSD.conf
index 435bcba62fb..47dbd1afdac 100644
--- a/etc/pkg/FreeBSD.conf
+++ b/etc/pkg/FreeBSD.conf
@@ -3,6 +3,6 @@ FreeBSD: {
   url: "pkg+http://pkg.freebsd.org/${ABI}/latest",
   mirror_type: "srv",
   signature_type: "none",
-  fingerprints: "/etc/keys/pkg",
+  fingerprints: "/usr/share/keys/pkg",
   enabled: "yes"
 }
diff --git a/share/Makefile b/share/Makefile
index e39da7f2792..3e613d68caf 100644
--- a/share/Makefile
+++ b/share/Makefile
@@ -11,6 +11,7 @@ SUBDIR=	${_colldef} \
 	dtrace \
 	${_examples} \
 	${_i18n} \
+	keys \
 	${_man} \
 	${_me} \
 	misc \
diff --git a/etc/keys/Makefile b/share/keys/Makefile
similarity index 100%
rename from etc/keys/Makefile
rename to share/keys/Makefile
diff --git a/etc/keys/pkg/Makefile b/share/keys/pkg/Makefile
similarity index 100%
rename from etc/keys/pkg/Makefile
rename to share/keys/pkg/Makefile
diff --git a/etc/keys/pkg/trusted/Makefile b/share/keys/pkg/trusted/Makefile
similarity index 71%
rename from etc/keys/pkg/trusted/Makefile
rename to share/keys/pkg/trusted/Makefile
index fba8de73597..ee0d4c9224c 100644
--- a/etc/keys/pkg/trusted/Makefile
+++ b/share/keys/pkg/trusted/Makefile
@@ -4,7 +4,7 @@ NO_OBJ=
 
 FILES=	pkg.freebsd.org.2013102301
 
-FILESDIR=	/etc/keys/pkg/trusted
+FILESDIR=	/usr/share/keys/pkg/trusted
 FILESMODE=	644
 
 .include <bsd.prog.mk>
diff --git a/etc/keys/pkg/trusted/pkg.freebsd.org.2013102301 b/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
similarity index 100%
rename from etc/keys/pkg/trusted/pkg.freebsd.org.2013102301
rename to share/keys/pkg/trusted/pkg.freebsd.org.2013102301
diff --git a/share/man/man7/hier.7 b/share/man/man7/hier.7
index ba4bf839fab..b1137877331 100644
--- a/share/man/man7/hier.7
+++ b/share/man/man7/hier.7
@@ -32,7 +32,7 @@
 .\"	@(#)hier.7	8.1 (Berkeley) 6/5/93
 .\" $FreeBSD$
 .\"
-.Dd October 23, 2013
+.Dd October 29, 2013
 .Dt HIER 7
 .Os
 .Sh NAME
@@ -94,15 +94,6 @@ bluetooth configuration files
 gnats configuration files;
 see
 .Xr send-pr 1
-.It Pa keys/
-known trusted and revoked keys.
-.Pp
-.Bl -tag -width ".Pa keys/pkg/" -compact
-.It Pa keys/pkg/
-fingerprints for
-.Xr pkg 8
-.El
-.Pp
 .It Pa localtime
 local timezone information;
 see
@@ -556,6 +547,16 @@ ASCII text files used by various games
 device description file for device name
 .It Pa info/
 GNU Info hypertext system
+.It Pa keys/
+known trusted and revoked keys.
+.Bl -tag -width ".Pa keys/pkg/" -compact
+.It Pa keys/pkg/
+fingerprints for
+.Xr pkg 7
+and
+.Xr pkg 8
+.El
+.Pp
 .It Pa locale/
 localization files;
 see