mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 21:05:08 +00:00
certctl(8): don't completely nuke $CERTDESTDIR
It's been reported/noted that a well-timed `certctl rehash` will completely obliterate $CERTDESTDIR, which may get used by ports or system administrators. While we can't guarantee the certctl semantics when other non-certctl-controlled bits live here, we should make some amount of effort to play nice. Pruning all existing links, which we'll subsequently rebuild as needed, is sufficient for our needs. This can still be destructive, but it's perhaps less likely to cause issues. I also note that we should probably be pruning /etc/ssl/blacklisted upon rehash as well. Reported by: cem's dovecot server MFC after: 3 days
This commit is contained in:
parent
b21ae0ff6f
commit
bb33c91077
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=361022
|
@ -142,9 +142,11 @@ do_list()
|
|||
cmd_rehash()
|
||||
{
|
||||
|
||||
[ $NOOP -eq 0 ] && rm -rf "$CERTDESTDIR"
|
||||
[ $NOOP -eq 0 ] && mkdir -p "$CERTDESTDIR"
|
||||
[ $NOOP -eq 0 ] && mkdir -p "$BLACKLISTDESTDIR"
|
||||
if [ $NOOP -eq 0 ]; then
|
||||
[ -e "$CERTDESTDIR" ] && find "$CERTDESTDIR" -type link -delete
|
||||
mkdir -p "$CERTDESTDIR"
|
||||
mkdir -p "$BLACKLISTDESTDIR"
|
||||
fi
|
||||
|
||||
do_scan create_blacklisted "$BLACKLISTPATH"
|
||||
do_scan create_trusted_link "$TRUSTPATH"
|
||||
|
|
Loading…
Reference in a new issue