Custom CA to be installed in the jail before building

[yannk]

I'd like to install custom/internal trusted certs in the build jail so that the build can fetch distfiles and dependencies from servers outside of the public trust. What's the best way to do this?

I'm contemplating:

cp "*.pem" /usr/local/poudriere/jails/$jail/usr/share/certs/trusted" 
# start the jail, jexec a `certctl rehash`

But I'm wondering if there is a better way...

[igalic]

intuitively, that looks fairly right to me

[yannk]

I didn't get this to work, so I'm using an alternative approach, I'm adding my private certificates directly into $FREEBSD_SRC_DIR/secure/caroot/trusted before building the jail since I'm using that method of building.