[Bug 290957] certctl.sh creates stale symlinks to /tmp

Tue, 11 Nov 2025 10:12:03 -0800 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290957

            Bug ID: 290957
           Summary: certctl.sh creates stale symlinks to /tmp
           Product: Base System
           Version: 14.3-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: [email protected]
          Reporter: [email protected]

`make installworld'` calls usr.sbin/certctl/certctl.sh at the end. On my
stable/14 machine it creates stale symlinks to /tmp

sudo usr.sbin/certctl/certctl.sh rehash;
./tools/build/stale-symlink-buildworld.sh
certctl.sh: Skipping untrusted certificate 5e98733a
(/etc/ssl/untrusted/5e98733a.0)
certctl.sh: Skipping untrusted certificate 57bcb2da
(/etc/ssl/untrusted/57bcb2da.0)
certctl.sh: Skipping untrusted certificate f3377b1b
(/etc/ssl/untrusted/f3377b1b.0)
certctl.sh: Skipping untrusted certificate 08063a00
(/etc/ssl/untrusted/08063a00.0)
certctl.sh: Skipping untrusted certificate 18856ac4
(/etc/ssl/untrusted/18856ac4.0)
stale symlink detected: lrwxr-xr-x  1 root wheel 31 Nov 11 17:48
/etc/ssl/certs/2ccbdda3.0 -> ../../../tmp/tmp.GHPUFdE4Sq/xer
stale symlink detected: lrwxr-xr-x  1 root wheel 31 Nov 11 17:48
/etc/ssl/certs/9e654b62.0 -> ../../../tmp/tmp.GHPUFdE4Sq/xeh
stale symlink detected: lrwxr-xr-x  1 root wheel 31 Nov 11 17:48
/etc/ssl/certs/b0d5255e.0 -> ../../../tmp/tmp.GHPUFdE4Sq/xes

looking at the source code usr.sbin/certctl/certctl.sh
----------------------------------------------------------------------------------
      verbose "Multiple certificates found, splitting..."
      SPLITDIR=$(mktemp -d)
      eolcvt "$CFILE" | egrep '^(---|[0-9A-Za-z/+=]+$)' | \
        split -p '^-+BEGIN CERTIFICATE-+$' - "$SPLITDIR/x"
      for CERT in $(find "$SPLITDIR" -type f) ; do
        "$CFUNC" "$CERT"
      done
      rm -rf "$SPLITDIR"
----------------------------------------------------------------------------------
It creates a temp directory, put files inside, link from /etc/ssl/certs/ to the
temp files, deletes the temp directory - *boom*

In my case CFILE is /usr/local/share/certs/ca-root-nss.crt from the package
ca_root_nss

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to