d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

freebsd-update: rehash certs

Browse Source 
With the inclusion of caroot bits, we'll need to also rehash on update as we
do in mergemaster/etcupdate.

If certctl's installed on the system, just unconditionally rehash. This
isn't an expensive operation, and we can refine it to compare
INDEX-{OLD,NEW} later if we really want to.

Reviewed by:	emaste, allanjude
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D21805
This commit is contained in:
kevans 2020-04-25 00:14:17 +00:00
parent 7d60ab6107
commit 6b0fd688d5
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
usr.sbin/freebsd-update/freebsd-update.sh
View File

@ -2876,7 +2876,7 @@ install_delete () {
rm newfiles killfiles
}
# Install new files, delete old files, and update linker.hints
# Install new files, delete old files, and update generated files
install_files () {
# If we haven't already dealt with the kernel, deal with it.
if ! [ -f $1/kerneldone ]; then
@ -2944,6 +2944,11 @@ Kernel updates have been installed. Please reboot and run
install_from_index INDEX-NEW || return 1
install_delete INDEX-OLD INDEX-NEW || return 1
# Rehash certs if we actually have certctl installed.
if which certctl>/dev/null; then
env DESTDIR=${BASEDIR} certctl rehash
fi
# Rebuild generated pwd files.
if [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/spwd.db ] ||
[ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/pwd.db ] ||