From nobody Fri Jan 05 16:57:04 2024 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T68kn2Vvlz55KJZ for ; Fri, 5 Jan 2024 16:57:05 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4T68km5t3Fz51Hm for ; Fri, 5 Jan 2024 16:57:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1704473824; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=s0FZk+isx23VKDz/kiBFB7Hl7l9zUjhPLVqt3ZbcSjg=; b=mVoaFnHJ6mgo9noLmoZXeNmgRsujXvRz8piwM1XszE7NfxlqBW9v+ljhI65IJn2YOtrDMl ZKG12TVuXmk8YuB5dTqyY+o+VLbADPJXtxO6ObeCQjOPTS08YlDsKDbAnQJ2r8T71FLl0Y OmmOuEZS+DH0LO6dUbMdHC4fyW4oqVu3UtIqnr8CQUMk+YO/3U32CSh1BMwKqWANicWZ8D ysukIx5x9egmQM2OSGv42LtIRemwv5/NwPxsQTqEDKwGQrnfNymZJPHygl1cvaeGgw8Y6v Pe3vG4cUuczzJg4/UIkxNPlSD77hKvCBNG6WA6AlVD01ofNJU5/h6FigtOlAlg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704473824; a=rsa-sha256; cv=none; b=NZwmXXx4BWx+h3drWfEjuJnc4MslEku0M/YTZEGAKDAJ4AD8vop6c0t7lcdGN1ec/6co77 frY0+XUP5iJsdC83bqf7K1Jvxjb5oJ1oSgX0PouOeiKNEnBVytzNU49MjN+AChg4Guvhv5 z2sytbx7zBbN42zp8cdRuNSK51rxl3yq2MpvhJEbfivFQU23SgCPskRC7eNjn4pmuMhWfJ ysNTcvP3Yup8v6vdXKmiu6ntxtqVovIZAtaCfbx4oOrXgEoJq5cjMR2YOI2XHWMOS+/cmu gZs0FstaRCM72VUakoxQrUb3iTA6zpJOQvndyjfbxdZa0UXBc4u2e7bqJTzR3g== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T68km4zdRz15CL for ; Fri, 5 Jan 2024 16:57:04 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 405Gv4Dq028382 for ; Fri, 5 Jan 2024 16:57:04 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 405Gv4Zr028381 for bugs@FreeBSD.org; Fri, 5 Jan 2024 16:57:04 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 276129] "make delete-old/delete-old-files" does not run "certctl rehash" after deletion Date: Fri, 05 Jan 2024 16:57:04 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 13.2-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: michaelo@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D276129 Bug ID: 276129 Summary: "make delete-old/delete-old-files" does not run "certctl rehash" after deletion Product: Base System Version: 13.2-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: michaelo@FreeBSD.org I have just upgraded a host from 12.4-STABLE to "FreeBSD deblndw013x4v.ad001.siemens.net 13.2-STABLE FreeBSD 13.2-STABLE a317a5865 GENERIC amd64". Let's check what can be deleted: root@deblndw013x4v:/usr/src # make check-old | grep certs /usr/share/certs/trusted/Cybertrust_Global_Root.pem /usr/share/certs/trusted/DST_Root_CA_X3.pem /usr/share/certs/trusted/E-Tugra_Certification_Authority.pem /usr/share/certs/trusted/GlobalSign_Root_CA_-_R2.pem /usr/share/certs/trusted/Hellenic_Academic_and_Research_Institutions_RootCA= _2011.pem /usr/share/certs/trusted/Hongkong_Post_Root_CA_1.pem /usr/share/certs/trusted/Network_Solutions_Certificate_Authority.pem /usr/share/certs/trusted/Staat_der_Nederlanden_EV_Root_CA.pem /usr/share/certs/trusted/TrustCor_ECA-1.pem /usr/share/certs/trusted/TrustCor_RootCert_CA-1.pem /usr/share/certs/trusted/TrustCor_RootCert_CA-2.pem Looking to Makefile.incl for "delete-old-files" target "certctl rehash" is = not invoked might leave dead links on the system. In this case all of them are blacklisted, but one should not rely on that: root@deblndw013x4v:/usr/src # make check-old | grep certs | cut -f 6 -d / >> /tmp/cert-names root@deblndw013x4v:/usr/src # ls -l /usr/share/certs/blacklisted/ | grep -f /tmp/cert-names -r--r--r-- 1 root wheel 5018 2023-12-19 17:59 Cybertrust_Global_Root.pem -r--r--r-- 1 root wheel 4648 2023-12-19 17:59 DST_Root_CA_X3.pem -r--r--r-- 1 root wheel 8061 2023-12-19 17:59 E-Tugra_Certification_Authority.pem -r--r--r-- 1 root wheel 5068 2023-12-19 17:59 GlobalSign_Root_CA_-_R2.pem -r--r--r-- 1 root wheel 5389 2023-12-19 17:59 Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem -r--r--r-- 1 root wheel 4511 2023-12-19 17:59 Hongkong_Post_Root_CA_1.pem -r--r--r-- 1 root wheel 5104 2023-12-19 17:59 Network_Solutions_Certificate_Authority.pem -r--r--r-- 1 root wheel 7437 2023-12-19 17:59 Staat_der_Nederlanden_EV_Root_CA.pem -r--r--r-- 1 root wheel 5212 2023-12-19 17:59 TrustCor_ECA-1.pem -r--r--r-- 1 root wheel 5256 2023-12-19 17:59 TrustCor_RootCert_CA-1.pem -r--r--r-- 1 root wheel 7971 2023-12-19 17:59 TrustCor_RootCert_CA-2.pem I think it should happen right before this line: https://github.com/freebsd/freebsd-src/blob/a68d5a66258e953ef6ccdbdd82e8957= 2a3cc04f9/Makefile.inc1#L3430 like here: https://github.com/freebsd/freebsd-src/blob/a68d5a66258e953ef6ccdbdd82e8957= 2a3cc04f9/Makefile.inc1#L1494 --=20 You are receiving this mail because: You are the assignee for the bug.=