Re: /etc/rc.d/certctl_init

[Sad Clouds <cryintothebluesky%gmail.com@localhost>]

On Sun, 16 Nov 2025 15:48:11 +0100
Martin Husemann <martin%duskware.de@localhost> wrote:

> On Sat, Nov 15, 2025 at 04:31:49PM +0000, Sad Clouds wrote:
> > OK thanks, so this is quite similar to how etcupdate works then. I would
> > normally run etcupdate on upgrades, but didn't think anything like this
> > was needed for a new install.
> 
> It isn't, but running "certctl rehash" is one of the steps required
> after manual set extraction, just as running "sh MAKEDEV all" in /dev
> is. There was a thread about manual installations that assembled a list
> of these kind of things recently on this list, see
> 
> https://mail-index.netbsd.org/netbsd-users/2025/10/02/msg033213.html
> 
> (and I think there was a followup that added a few more things)
> 
> 
> Martin

Isn't MAKEDEV unnecessary if you enable devpubd via /etc/rc.conf?

The problem with things like postinstall and certctl - they can't be
executed from the build environment and must be executed on the target
when the machine is up and running. Not a major issue, but when
cross-building and cross-configuring, it is best to do these things
upfront, as they can be scripted for different scenarios.

For example, see the following link on how I setup hybrid MBR/GPT
partitions and primary + secondary boot environments for better
reliability and diagnostics:
https://cryintothebluesky.blogspot.com/2025/11/installing-netbsd-10-on-raspberry-pi-3.html