Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

veriexec mishap after system update



Salute everyone.

I think that the veriexec subsystem should somehow be integrated with
the update procedure[1].

After a system upgrade, I forgot (although I usually do) to re-run
veriexecgen and I ended up with an unusable system. During boot, some
binaries, which were updated, generated hash mismatches (reasonable)
and I couldn't even login. I had to hard reset the system, boot up
single user mode, fsck my partitions, edit rc.conf to not load
veriexec, reboot, regenerate the hashes and enable it again in
rc.conf.

It is doable, it's just inconvenient. I think it should be documented
or perhaps be automated in some way.

Any thoughts?

Best regards,
Stathis


[1]  http://www.netbsd.org/docs/current/#updating


Home | Main Index | Thread Index | Old Index