svn commit: r352950 - in head/usr.sbin: etcupdate mergemaster
Kyle Evans
kevans at FreeBSD.org
Wed Oct 2 01:06:39 UTC 2019
Author: kevans
Date: Wed Oct 2 01:06:37 2019
New Revision: 352950
URL: https://svnweb.freebsd.org/changeset/base/352950
Log:
[3/3] etcupdate and mergemaster support for certctl
This commit add support for certctl in mergemaster and etcupdate. Both will
either rehash or prompt for rehash as new certificates are
trusted/blacklisted.
This work was done primarily by allanjude@, with minor contributions by
myself.
No objection from: secteam
Differential Revision: https://reviews.freebsd.org/D17389
Modified:
head/usr.sbin/etcupdate/etcupdate.sh
head/usr.sbin/mergemaster/mergemaster.sh
Modified: head/usr.sbin/etcupdate/etcupdate.sh
==============================================================================
--- head/usr.sbin/etcupdate/etcupdate.sh Wed Oct 2 01:05:53 2019 (r352949)
+++ head/usr.sbin/etcupdate/etcupdate.sh Wed Oct 2 01:06:37 2019 (r352950)
@@ -595,6 +595,13 @@ post_install_file()
NEWALIAS_WARN=yes
fi
;;
+ /usr/share/certs/trusted/*)
+ /usr/share/certs/blacklisted/*)
+ log "certctl rehash"
+ if [ -z "$dryrun" ]; then
+ env DESTDIR=${DESTDIR} certctl rehash >&3 2>&1
+ fi
+ ;;
/etc/login.conf)
log "cap_mkdb ${DESTDIR}$1"
if [ -z "$dryrun" ]; then
Modified: head/usr.sbin/mergemaster/mergemaster.sh
==============================================================================
--- head/usr.sbin/mergemaster/mergemaster.sh Wed Oct 2 01:05:53 2019 (r352949)
+++ head/usr.sbin/mergemaster/mergemaster.sh Wed Oct 2 01:06:37 2019 (r352950)
@@ -883,6 +883,10 @@ mm_install () {
/etc/mail/aliases)
NEED_NEWALIASES=yes
;;
+ /usr/share/certs/trusted/*)
+ /usr/share/certs/blacklisted/*)
+ NEED_CERTCTL=yes
+ ;;
/etc/login.conf)
NEED_CAP_MKDB=yes
;;
@@ -1351,6 +1355,23 @@ case "${NEED_PWD_MKDB}" in
echo " '/usr/sbin/pwd_mkdb -p /etc/master.passwd'"
echo " to rebuild your password files"
run_it_now '/usr/sbin/pwd_mkdb -p /etc/master.passwd'
+ fi
+ ;;
+esac
+
+case "${NEED_CERTCTL}" in
+'') ;;
+*)
+ echo ''
+ echo "*** You installed files in /etc/ssl/certs, so make sure that you run"
+ if [ -n "${DESTDIR}" ]; then
+ echo " 'env DESTDIR=${DESTDIR} /usr/sbin/certctl rehash'"
+ echo " to rebuild your certificate authority database"
+ run_it_now "env DESTDIR=${DESTDIR} /usr/sbin/certctl rehash"
+ else
+ echo " '/usr/sbin/certctl rehash'"
+ echo " to rebuild your certificate authority database"
+ run_it_now "/usr/sbin/certctl rehash"
fi
;;
esac
More information about the svn-src-all
mailing list