From 6b0fd688d5fee8dfd4e0a28ae52741be85dc80ea Mon Sep 17 00:00:00 2001 From: kevans Date: Sat, 25 Apr 2020 00:14:17 +0000 Subject: [PATCH] freebsd-update: rehash certs With the inclusion of caroot bits, we'll need to also rehash on update as we do in mergemaster/etcupdate. If certctl's installed on the system, just unconditionally rehash. This isn't an expensive operation, and we can refine it to compare INDEX-{OLD,NEW} later if we really want to. Reviewed by: emaste, allanjude MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D21805 --- usr.sbin/freebsd-update/freebsd-update.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh index 2845ab3c902..3ba3f1dec2f 100644 --- a/usr.sbin/freebsd-update/freebsd-update.sh +++ b/usr.sbin/freebsd-update/freebsd-update.sh @@ -2876,7 +2876,7 @@ install_delete () { rm newfiles killfiles } -# Install new files, delete old files, and update linker.hints +# Install new files, delete old files, and update generated files install_files () { # If we haven't already dealt with the kernel, deal with it. if ! [ -f $1/kerneldone ]; then @@ -2944,6 +2944,11 @@ Kernel updates have been installed. Please reboot and run install_from_index INDEX-NEW || return 1 install_delete INDEX-OLD INDEX-NEW || return 1 + # Rehash certs if we actually have certctl installed. + if which certctl>/dev/null; then + env DESTDIR=${BASEDIR} certctl rehash + fi + # Rebuild generated pwd files. if [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/spwd.db ] || [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/pwd.db ] || -- 2.45.0