veriexec mishap after system update

To: current-users%netbsd.org@localhost
Subject: veriexec mishap after system update
From: Stathis Kamperis <ekamperi%gmail.com@localhost>
Date: Wed, 5 Aug 2009 01:49:46 +0300

Salute everyone.

I think that the veriexec subsystem should somehow be integrated with
the update procedure[1].

After a system upgrade, I forgot (although I usually do) to re-run
veriexecgen and I ended up with an unusable system. During boot, some
binaries, which were updated, generated hash mismatches (reasonable)
and I couldn't even login. I had to hard reset the system, boot up
single user mode, fsck my partitions, edit rc.conf to not load
veriexec, reboot, regenerate the hashes and enable it again in
rc.conf.

It is doable, it's just inconvenient. I think it should be documented
or perhaps be automated in some way.

Any thoughts?

Best regards,
Stathis


[1]  http://www.netbsd.org/docs/current/#updating

Prev by Date: Update overwrites /etc/X11/xinit/xinitrc
Next by Date: triweekly CVS update output
Previous by Thread: Update overwrites /etc/X11/xinit/xinitrc
Next by Thread: Re: veriexec mishap after system update
Indexes:

Home | Main Index | Thread Index | Old Index