diff options
| author | Kyle Evans <kevans@FreeBSD.org> | 2020-12-17 03:42:54 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2021-02-24 01:34:51 +0000 |
| commit | 2ca137b4306dea2dbe1db31c44102060caedb19a (patch) | |
| tree | b8ae5f08d1d8b3a0350772bf1692ee9d92321523 | |
| parent | bc0d9b9b84ec5f8c463488c46721dd71fc803ceb (diff) | |
| download | src-2ca137b4306dea2dbe1db31c44102060caedb19a.tar.gz src-2ca137b4306dea2dbe1db31c44102060caedb19a.zip | |
MFC freebsd-update: unconditionally regenerate passwd/login.conf files
The existing logic is nice in theory, but in practice freebsd-update will
not preserve the timestamps on these files. When doing a major upgrade, e.g.
from 12.1-RELEASE -> 12.2-RELEASE, pwd.mkdb et al. appear in the INDEX and
we clobber the timestamp several times in the process of packaging up the
existing system into /var/db/freebsd-update/files and extracting for
comparisons. This leads to these files not getting regenerated when they're
most likely to be needed.
Measures could be taken to preserve timestamps, but it's unclear whether
the complexity and overhead of doing so is really outweighed by the marginal
benefit.
I observed this issue when pkg subsequently failed to install a package that
wanted to add a user, claiming that the user was removed in the process.
bapt@ pointed to this pre-existing bug with freebsd-update as the cause.
PR: 234014, 232921
Approved by: so
Security: FreeBSD-EN-21:08.freebsd-update
(cherry picked from commit ebebc41e4cfe44b8e8fd881badf2fa2c4be65aa4)
(cherry picked from commit cd7da1deb581122c94c3735b78fafdd04ce77b67)
| -rw-r--r-- | usr.sbin/freebsd-update/freebsd-update.sh | 14 |
1 files changed, 3 insertions, 11 deletions
diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh index 1996996b512b..67c323449745 100644 --- a/usr.sbin/freebsd-update/freebsd-update.sh +++ b/usr.sbin/freebsd-update/freebsd-update.sh @@ -2949,17 +2949,9 @@ Kernel updates have been installed. Please reboot and run env DESTDIR=${BASEDIR} certctl rehash fi - # Rebuild generated pwd files. - if [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/spwd.db ] || - [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/pwd.db ] || - [ ${BASEDIR}/etc/master.passwd -nt ${BASEDIR}/etc/passwd ]; then - pwd_mkdb -d ${BASEDIR}/etc -p ${BASEDIR}/etc/master.passwd - fi - - # Rebuild /etc/login.conf.db if necessary. - if [ ${BASEDIR}/etc/login.conf -nt ${BASEDIR}/etc/login.conf.db ]; then - cap_mkdb ${BASEDIR}/etc/login.conf - fi + # Rebuild generated pwd files and /etc/login.conf.db. + pwd_mkdb -d ${BASEDIR}/etc -p ${BASEDIR}/etc/master.passwd + cap_mkdb ${BASEDIR}/etc/login.conf # Rebuild man page databases, if necessary. for D in /usr/share/man /usr/share/openssl/man; do |