diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2025-08-13 22:25:27 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2025-08-13 22:25:27 +0000 |
| commit | 81d8827ad8752e35411204541f1f09df1481e417 (patch) | |
| tree | 030d32fb4ceca7cc09e51b23b7593859e4b7bbdc /sys/contrib/openzfs/module/zfs/dmu.c | |
| parent | 178b9c2364740ead21f584dc30c3aa45bd0bb8bf (diff) | |
Notable changes include:
* We no longer forget manually untrusted certificates when rehashing.
* Rehash will now scan the existing directory and progressively replace
its contents with those of the new trust store. The trust store as a
whole is not replaced atomically, but each file within it is.
* We no longer attempt to link to the original files, but we don't copy
them either. Instead, we write each certificate out in its minimal
form.
* We now generate a trust bundle in addition to the hashed diretory.
This also contains only the minimal DER form of each certificate.
* The C version is approximately two orders of magnitude faster than the
sh version, with rehash taking ~100 ms vs ~5-25 s depending on whether
ca_root_nss is installed.
* The DISTBASE concept has been dropped; the same effect can be achieved
by adjusting DESTDIR.
* We now also have rudimentary tests.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D42320
Diffstat (limited to 'sys/contrib/openzfs/module/zfs/dmu.c')
0 files changed, 0 insertions, 0 deletions