Date: Sun, 13 Sep 2020 01:08:18 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r365680 - stable/11/usr.sbin/certctl Message-ID: <202009130108.08D18Ioe093655@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Sun Sep 13 01:08:18 2020 New Revision: 365680 URL: https://svnweb.freebsd.org/changeset/base/365680 Log: MFC r361397, r361655, r361683: certctl(8) unprivileged & HISTORY correction r361397: Add an unprivileged mode where calls to install are passed appropriate flags. For ease of integration, use the same flags as install: -U unprivileged mode -D <destdir> Specify DESTDIR (overrides the environment) -M <metalog> Full path to METALOG file r361655: certctl.8: Correct the HISTORY section. certctl was merged to stable/12 after 12.1 was branched. r361683: certctl: fix test syntax test doesn't understand &&, but it does understand -a. PR: 246190 Modified: stable/11/usr.sbin/certctl/certctl.8 stable/11/usr.sbin/certctl/certctl.sh Directory Properties: stable/11/ (props changed) Modified: stable/11/usr.sbin/certctl/certctl.8 ============================================================================== --- stable/11/usr.sbin/certctl/certctl.8 Sun Sep 13 00:17:04 2020 (r365679) +++ stable/11/usr.sbin/certctl/certctl.8 Sun Sep 13 01:08:18 2020 (r365680) @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 19, 2019 +.Dd May 30, 2020 .Dt CERTCTL 8 .Os .Sh NAME @@ -40,7 +40,9 @@ .Op Fl v .Ic blacklisted .Nm -.Op Fl nv +.Op Fl nUv +.Op Fl D Ar destdir +.Op Fl M Ar metalog .Ic rehash .Nm .Op Fl nv @@ -56,10 +58,17 @@ applications that use OpenSSL. .Pp Flags: .Bl -tag -width 4n +.It Fl D Ar destdir +Specify the DESTDIR (overriding values from the environment). +.It Fl M Ar metalog +Specify the path of the METALOG file (default: $DESTDIR/METALOG). .It Fl n No-Op mode, do not actually perform any actions. .It Fl v be verbose, print details about actions before performing them. +.It Fl U +Unprivileged mode, do not change the ownership of created links. +Do record the ownership in the METALOG file. .El .Pp Primary command functions: @@ -114,6 +123,6 @@ Default: *.pem *.crt *.cer *.crl *.0 .Sh HISTORY .Nm first appeared in -.Fx 12.0 +.Fx 12.2 .Sh AUTHORS .An Allan Jude Aq Mt allanjude@freebsd.org Modified: stable/11/usr.sbin/certctl/certctl.sh ============================================================================== --- stable/11/usr.sbin/certctl/certctl.sh Sun Sep 13 00:17:04 2020 (r365679) +++ stable/11/usr.sbin/certctl/certctl.sh Sun Sep 13 01:08:18 2020 (r365680) @@ -30,10 +30,6 @@ ############################################################ CONFIGURATION : ${DESTDIR:=} -: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}/usr/local/share/certs:${DESTDIR}/usr/local/etc/ssl/certs} -: ${BLACKLISTPATH:=${DESTDIR}/usr/share/certs/blacklisted:${DESTDIR}/usr/local/etc/ssl/blacklisted} -: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs} -: ${BLACKLISTDESTDIR:=${DESTDIR}/etc/ssl/blacklisted} : ${FILEPAT:="\.pem$|\.crt$|\.cer$|\.crl$|\.0$"} : ${VERBOSE:=0} @@ -42,6 +38,7 @@ SCRIPTNAME="${0##*/}" ERRORS=0 NOOP=0 +UNPRIV=0 ############################################################ FUNCTIONS @@ -69,7 +66,7 @@ create_trusted_link() return 1 fi [ $VERBOSE -gt 0 ] && echo "Adding $hash.0 to trust store" - [ $NOOP -eq 0 ] && install -lrs $(realpath "$1") "$CERTDESTDIR/$hash.0" + [ $NOOP -eq 0 ] && install ${INSTALLFLAGS} -lrs $(realpath "$1") "$CERTDESTDIR/$hash.0" } create_blacklisted() @@ -88,7 +85,7 @@ create_blacklisted() return fi [ $VERBOSE -gt 0 ] && echo "Adding $filename to blacklist" - [ $NOOP -eq 0 ] && install -lrs "$srcfile" "$BLACKLISTDESTDIR/$filename" + [ $NOOP -eq 0 ] && install ${INSTALLFLAGS} -lrs "$srcfile" "$BLACKLISTDESTDIR/$filename" } do_scan() @@ -105,7 +102,7 @@ do_scan() [ -d "$CPATH" ] || continue echo "Scanning $CPATH for certificates..." for CFILE in $(ls -1 "${CPATH}" | grep -Ee "${FILEPAT}"); do - [ -e "$CPATH/$CFILE" ] || continue + [ -e "$CPATH/$CFILE" -a $UNPRIV -eq 0 ] || continue [ $VERBOSE -gt 0 ] && echo "Reading $CFILE" "$CFUNC" "$CPATH/$CFILE" done @@ -209,7 +206,7 @@ usage() echo " List trusted certificates" echo " $SCRIPTNAME [-v] blacklisted" echo " List blacklisted certificates" - echo " $SCRIPTNAME [-nv] rehash" + echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-M <metalog>] rehash" echo " Generate hash links for all certificates" echo " $SCRIPTNAME [-nv] blacklist <file>" echo " Add <file> to the list of blacklisted certificates" @@ -220,13 +217,24 @@ usage() ############################################################ MAIN -while getopts nv flag; do +while getopts D:M:nUv flag; do case "$flag" in + D) DESTDIR=${OPTARG} ;; + M) METALOG=${OPTARG} ;; n) NOOP=1 ;; + U) UNPRIV=1 ;; v) VERBOSE=$(( $VERBOSE + 1 )) ;; esac done shift $(( $OPTIND - 1 )) + +: ${METALOG:=${DESTDIR}/METALOG} +INSTALLFLAGS= +[ $UNPRIV -eq 1 ] && INSTALLFLAGS=-U -M ${METALOG} -D ${DESTDIR} +: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}/usr/local/share/certs:${DESTDIR}/usr/local/etc/ssl/certs} +: ${BLACKLISTPATH:=${DESTDIR}/usr/share/certs/blacklisted:${DESTDIR}/usr/local/etc/ssl/blacklisted} +: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs} +: ${BLACKLISTDESTDIR:=${DESTDIR}/etc/ssl/blacklisted} [ $# -gt 0 ] || usage case "$1" in
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009130108.08D18Ioe093655>