security/ca_root_nss: handle bundle links consistently for ETCSYMLINK

/usr/local/openssl/cert.pem is the default location for security/openssl
so it should be handled just like /etc/ssl/cert.pem base OpenSSL. To
avoid having samples and copies with differing contents point both files
to the actual /usr/local/etc/ssl/cert.pem created by the sample. If users
have set their own content that is likely intended and should be enforced
across all three files.

MFH:		2025Q1
PR:		283161
Differential Revision:	https://reviews.freebsd.org/D47908

Author: fichtner

security/ca_root_nss/Makefile

@@ -1,5 +1,6 @@
 PORTNAME=	ca_root_nss
 PORTVERSION=	${VERSION_NSS}
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
 DISTNAME=	nss-${VERSION_NSS}${NSS_SUFFIX}
@@ -21,7 +22,7 @@ OPTIONS_DEFAULT=	ETCSYMLINK
 
 OPTIONS_SUB=		yes
 
-ETCSYMLINK_DESC=	Add symlink to /etc/ssl/cert.pem
+ETCSYMLINK_DESC=	Add symlinks to default bundle locations
 ETCSYMLINK_CONFLICTS_INSTALL=	ca-roots-[0-9]*
 
 CERTDIR?=	share/certs
@@ -45,11 +46,11 @@ do-install:
 	${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/${CERTDIR}
 	${MKDIR} ${STAGEDIR}${PREFIX}/etc/ssl
 	${LN} -sf ../../${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem.sample
-	${MKDIR} ${STAGEDIR}${PREFIX}/openssl
-	${LN} -sf ../${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/openssl/cert.pem.sample
 
 do-install-ETCSYMLINK-on:
+	${MKDIR} ${STAGEDIR}${PREFIX}/openssl
+	${LN} -sf ../etc/ssl/cert.pem ${STAGEDIR}${PREFIX}/openssl/cert.pem
 	${MKDIR} ${STAGEDIR}/etc/ssl
-	${LN} -sf ../..${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}/etc/ssl/cert.pem
+	${LN} -sf ../..${PREFIX}/etc/ssl/cert.pem ${STAGEDIR}/etc/ssl/cert.pem
 
 .include <bsd.port.mk>

security/ca_root_nss/pkg-plist

@@ -1,6 +1,6 @@
 %%CERTDIR%%/ca-root-nss.crt
 @sample etc/ssl/cert.pem.sample
-@sample openssl/cert.pem.sample
+%%ETCSYMLINK%%openssl/cert.pem
 %%ETCSYMLINK%%/etc/ssl/cert.pem
 @postexec certctl rehash
 @postunexec certctl rehash