CVS commit: src/usr.sbin/postinstall

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/usr.sbin/postinstall
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Sun, 3 Sep 2023 18:31:36 +0000

Module Name:    src
Committed By:   riastradh
Date:           Sun Sep  3 18:31:36 UTC 2023

Modified Files:
        src/usr.sbin/postinstall: postinstall.in

Log Message:
postinstall(8): Handle various certs.conf scenarios gracefully.

Tested the following scenarios:

1. fresh install
   empty /etc/openssl/certs
   default /etc/openssl/certs.conf
   - opensslcertsconf
     [x] check: pass
     [x] fix: pass -- nothing
   - opensslcertsrehash
     [x] check: fail -- needs rehash
     [x] fix: pass -- quietly rehash successfully (go to 4)

2. fresh upgrade
   empty /etc/openssl/certs
   no /etc/openssl/certs.conf
   - opensslcertsconf
     [x] check: fail -- complain missing /etc/openssl/certs.conf
     [x] fix: pass -- install default /etc/openssl/certs.conf (go to 1)
   - opensslcertsrehash
     [x] check: fail -- complain missing /etc/openssl/certs.conf
     - [x] fix: fail -- complain missing /etc/openssl/certs.conf

3. upgrade from certctl, changes to certs
   certctl-managed /etc/openssl/certs
   default /etc/openssl/certs.conf
   - opensslcertsconf
     [x] check: pass
     [x] fix: pass -- nothing
   - opensslcertsrehash
     [x] check: fail -- needs rehash
     [x] fix: pass -- quietly rehash successfully (go to 4)

4. upgrade from certctl, no changes to certs
   certctl-managed /etc/openssl/certs
   default /etc/openssl/certs.conf
   - opensslcertsconf
     [x] check: pass
     [x] fix: pass -- nothing
   - opensslcertsrehash
     [x] check: pass
     [x] fix: pass -- quietly rehash successfully (go to 4)

5. upgrade from mozilla-rootcerts
   populated /etc/openssl/certs
   no /etc/openssl/certs.conf
   - opensslcertsconf:
     [x] check: fail -- complain missing /etc/openssl/certs.conf
     [x] fix: pass -- install manual /etc/openssl/certs.conf (go to 7)
   - opensslcertsrehash:
     [x] check: fail -- complain missing /etc/openssl/certs.conf
     [x] fix: fail -- complain missing /etc/openssl/certs.conf

6. upgrade from mozilla-rootcerts with etcupdate naively
   populated /etc/openssl/certs
   default /etc/openssl/certs.conf
   - opensslcertsconf:
     [x] check: pass
     [x] fix: pass -- nothing
   - opensslcertsrehash:
     [x] check: fail -- complain mismatched certs/ and certs.conf
     [x] fix: fail -- complain mismatched certs/ and certs.conf

7. upgrade from mozilla-rootcerts with etcupdate manually
   populated /etc/openssl/certs
   manual /etc/openssl/certs.conf
   - opensslcertsconf:
     [x] check: pass
     [x] fix: pass -- nothing
   - opensslcertsrehash:
     [x] check: pass
     [x] fix: pass -- skip rehash because manual (go to 7)

XXX Someone should draft automatic tests for postinstall.  It has a
very good track record, but it sure would be nice to automate this
testing rather than redo it each time I make a tiny change.


To generate a diff of this commit:
cvs rdiff -u -r1.54 -r1.55 src/usr.sbin/postinstall/postinstall.in

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src
Next by Date: CVS commit: src/external/gpl3/gcc.old/dist/gcc
Previous by Thread: CVS commit: src
Next by Thread: CVS commit: src/external/gpl3/gcc.old/dist/gcc
Indexes:

Home | Main Index | Thread Index | Old Index