Page MenuHomeFreeBSD
Differential D24640

bsdinstall: do a `certctl rehash` upon installation of configuration
ClosedPublic
Actions

Authored by kevans on Apr 30 2020, 6:20 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 16 2024, 2:37 PM
Unknown Object (File)
Sep 30 2024, 9:35 AM
Unknown Object (File)
Sep 13 2024, 5:19 AM
Unknown Object (File)
Sep 10 2024, 8:44 PM
Unknown Object (File)
Sep 7 2024, 11:10 AM
Unknown Object (File)
Aug 13 2024, 1:57 AM
Unknown Object (File)
Jul 14 2024, 11:49 AM
Unknown Object (File)
Jun 8 2024, 7:53 AM
View All 36 Files
Subscribers
allanjude
imp

Details

Reviewers
dteske
nwhitehorn
allanjude
Commits
rS361257: bsdinstall: do a `certctl rehash` upon installation of configuration
Summary

If certctl is installed on the system we're configuring, do a certctl rehash.

Note that certctl may not be present if the world we've installed was built either WITHOUT_OPENSSL or WITHOUT_CAROOT. In this scenario, we don't currently see if the host has a certctl as this may be an indication that the system *shouldn't* have certs installed into /etc/ssl.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kevans created this revision.Apr 30 2020, 6:20 PM
Herald added a subscriber: imp. · View Herald TranscriptApr 30 2020, 6:20 PM
kevans requested review of this revision.Apr 30 2020, 6:20 PM
Harbormaster completed remote builds in B30820: Diff 71200.Apr 30 2020, 6:20 PM
allanjude accepted this revision.Apr 30 2020, 6:22 PM
allanjude added a subscriber: allanjude.

This looks good to me. Although I wonder if we might not want a solution that also covers people who don't run the installer. So that things like the VM Images that are generated by the release have the certs setup

This revision is now accepted and ready to land.Apr 30 2020, 6:22 PM
kevans added a comment.Apr 30 2020, 6:35 PM
In D24640#542360, @allanjude wrote:

This looks good to me. Although I wonder if we might not want a solution that also covers people who don't run the installer. So that things like the VM Images that are generated by the release have the certs setup

Based on discussion from IRC, I think we're leaning towards doing the rehash in installworld after the new certs are installed (since they aren't configuration files), which should put them onto the install media and in the base.txz generated by release(7). That should be sufficient to not need this, right?

dteske accepted this revision.Apr 30 2020, 7:48 PM

LGTM

Closed by commit rS361257: bsdinstall: do a `certctl rehash` upon installation of configuration (authored by kevans). · Explain WhyMay 19 2020, 3:20 PM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rS361257: bsdinstall: do a `certctl rehash` upon installation of configuration.

Revision Contents
Changeset List

PathSize
head/
usr.sbin/
bsdinstall/
scripts/
3 lines

Diff 71995

View Options

head/usr.sbin/bsdinstall/scripts/config

Loading...