Page MenuHomeFreeBSD
Differential D24640

bsdinstall: do a `certctl rehash` upon installation of configuration
ClosedPublic
Actions

Authored by kevans on Apr 30 2020, 6:20 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Apr 22, 3:46 AM
Unknown Object (File)
Sat, Apr 20, 10:40 PM
Unknown Object (File)
Wed, Apr 3, 5:48 PM
Unknown Object (File)
Wed, Apr 3, 3:16 PM
Unknown Object (File)
Jan 21 2024, 7:06 PM
Unknown Object (File)
Dec 23 2023, 10:37 AM
Unknown Object (File)
Nov 6 2023, 4:22 AM
Unknown Object (File)
Oct 24 2023, 12:49 AM
View All 23 Files
Subscribers
allanjude
imp

Details

Reviewers
dteske
nwhitehorn
allanjude
Commits
rS361257: bsdinstall: do a `certctl rehash` upon installation of configuration
Summary

If certctl is installed on the system we're configuring, do a certctl rehash.

Note that certctl may not be present if the world we've installed was built either WITHOUT_OPENSSL or WITHOUT_CAROOT. In this scenario, we don't currently see if the host has a certctl as this may be an indication that the system *shouldn't* have certs installed into /etc/ssl.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 30820

Event Timeline

kevans created this revision.Apr 30 2020, 6:20 PM
Herald added a subscriber: imp. · View Herald TranscriptApr 30 2020, 6:20 PM
kevans requested review of this revision.Apr 30 2020, 6:20 PM
Harbormaster completed remote builds in B30820: Diff 71200.Apr 30 2020, 6:20 PM
allanjude accepted this revision.Apr 30 2020, 6:22 PM
allanjude added a subscriber: allanjude.

This looks good to me. Although I wonder if we might not want a solution that also covers people who don't run the installer. So that things like the VM Images that are generated by the release have the certs setup

This revision is now accepted and ready to land.Apr 30 2020, 6:22 PM
kevans added a comment.Apr 30 2020, 6:35 PM
In D24640#542360, @allanjude wrote:

This looks good to me. Although I wonder if we might not want a solution that also covers people who don't run the installer. So that things like the VM Images that are generated by the release have the certs setup

Based on discussion from IRC, I think we're leaning towards doing the rehash in installworld after the new certs are installed (since they aren't configuration files), which should put them onto the install media and in the base.txz generated by release(7). That should be sufficient to not need this, right?

dteske accepted this revision.Apr 30 2020, 7:48 PM

LGTM

Closed by commit rS361257: bsdinstall: do a `certctl rehash` upon installation of configuration (authored by kevans). · Explain WhyMay 19 2020, 3:20 PM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rS361257: bsdinstall: do a `certctl rehash` upon installation of configuration.

Revision Contents
Changeset List

PathSize
usr.sbin/
bsdinstall/
scripts/
3 lines

Diff 71200

View Options

usr.sbin/bsdinstall/scripts/config

Loading...