Date: Fri, 05 Jan 2024 16:57:04 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 276129] "make delete-old/delete-old-files" does not run "certctl rehash" after deletion Message-ID: <bug-276129-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276129 Bug ID: 276129 Summary: "make delete-old/delete-old-files" does not run "certctl rehash" after deletion Product: Base System Version: 13.2-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: michaelo@FreeBSD.org I have just upgraded a host from 12.4-STABLE to "FreeBSD deblndw013x4v.ad001.siemens.net 13.2-STABLE FreeBSD 13.2-STABLE a317a5865 GENERIC amd64". Let's check what can be deleted: root@deblndw013x4v:/usr/src # make check-old | grep certs /usr/share/certs/trusted/Cybertrust_Global_Root.pem /usr/share/certs/trusted/DST_Root_CA_X3.pem /usr/share/certs/trusted/E-Tugra_Certification_Authority.pem /usr/share/certs/trusted/GlobalSign_Root_CA_-_R2.pem /usr/share/certs/trusted/Hellenic_Academic_and_Research_Institutions_RootCA= _2011.pem /usr/share/certs/trusted/Hongkong_Post_Root_CA_1.pem /usr/share/certs/trusted/Network_Solutions_Certificate_Authority.pem /usr/share/certs/trusted/Staat_der_Nederlanden_EV_Root_CA.pem /usr/share/certs/trusted/TrustCor_ECA-1.pem /usr/share/certs/trusted/TrustCor_RootCert_CA-1.pem /usr/share/certs/trusted/TrustCor_RootCert_CA-2.pem Looking to Makefile.incl for "delete-old-files" target "certctl rehash" is = not invoked might leave dead links on the system. In this case all of them are blacklisted, but one should not rely on that: root@deblndw013x4v:/usr/src # make check-old | grep certs | cut -f 6 -d / >> /tmp/cert-names root@deblndw013x4v:/usr/src # ls -l /usr/share/certs/blacklisted/ | grep -f /tmp/cert-names -r--r--r-- 1 root wheel 5018 2023-12-19 17:59 Cybertrust_Global_Root.pem -r--r--r-- 1 root wheel 4648 2023-12-19 17:59 DST_Root_CA_X3.pem -r--r--r-- 1 root wheel 8061 2023-12-19 17:59 E-Tugra_Certification_Authority.pem -r--r--r-- 1 root wheel 5068 2023-12-19 17:59 GlobalSign_Root_CA_-_R2.pem -r--r--r-- 1 root wheel 5389 2023-12-19 17:59 Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem -r--r--r-- 1 root wheel 4511 2023-12-19 17:59 Hongkong_Post_Root_CA_1.pem -r--r--r-- 1 root wheel 5104 2023-12-19 17:59 Network_Solutions_Certificate_Authority.pem -r--r--r-- 1 root wheel 7437 2023-12-19 17:59 Staat_der_Nederlanden_EV_Root_CA.pem -r--r--r-- 1 root wheel 5212 2023-12-19 17:59 TrustCor_ECA-1.pem -r--r--r-- 1 root wheel 5256 2023-12-19 17:59 TrustCor_RootCert_CA-1.pem -r--r--r-- 1 root wheel 7971 2023-12-19 17:59 TrustCor_RootCert_CA-2.pem I think it should happen right before this line: https://github.com/freebsd/freebsd-src/blob/a68d5a66258e953ef6ccdbdd82e8957= 2a3cc04f9/Makefile.inc1#L3430 like here: https://github.com/freebsd/freebsd-src/blob/a68d5a66258e953ef6ccdbdd82e8957= 2a3cc04f9/Makefile.inc1#L1494 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-276129-227>