Page MenuHomeFreeBSD

bsdinstall: do a `certctl rehash` upon installation of configuration
ClosedPublic

Authored by kevans on Apr 30 2020, 6:20 PM.

Details

Summary

If certctl is installed on the system we're configuring, do a certctl rehash.

Note that certctl may not be present if the world we've installed was built either WITHOUT_OPENSSL or WITHOUT_CAROOT. In this scenario, we don't currently see if the host has a certctl as this may be an indication that the system *shouldn't* have certs installed into /etc/ssl.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

allanjude added a subscriber: allanjude.

This looks good to me. Although I wonder if we might not want a solution that also covers people who don't run the installer. So that things like the VM Images that are generated by the release have the certs setup

This revision is now accepted and ready to land.Apr 30 2020, 6:22 PM

This looks good to me. Although I wonder if we might not want a solution that also covers people who don't run the installer. So that things like the VM Images that are generated by the release have the certs setup

Based on discussion from IRC, I think we're leaning towards doing the rehash in installworld after the new certs are installed (since they aren't configuration files), which should put them onto the install media and in the base.txz generated by release(7). That should be sufficient to not need this, right?