From nobody Thu Jul 14 00:33:07 2022
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id BB67A1D212B3;
	Thu, 14 Jul 2022 00:33:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LjwSg4q18z3j6k;
	Thu, 14 Jul 2022 00:33:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1657758787;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kH9GNuDDTMRjYpQE+ff5hMyMZlPsjOOg+oqMW4swT9Q=;
	b=Fy0Oku2xr1cnz9R+llhFwANJmJ2b7aZB7HHBHkSWa0eehGxW7/uC1qouVtAuZ8MTchaZhB
	TO8T9ZSA7sMcUD/dTaMaMtAwau5K4mV6HLmWCPnWusYV81UtPeqkFrQyjG+6S5aaMhWGoz
	yfsu5RkbOHjmfRKvF70rn1VTq9IfZ8MLhfUEFixjcujs/aTKLok3FdlLve0jBwpJCoP05c
	o9uRrOwo0CzM1iaVKa95Lw38ykJmJePYzzCsKRPwh0/taS2sR5494eXEECVrbf3S6sPSo6
	Q1zcPyqQBjtqmQAoPgCTn7sXjyCwKbeZEML1IMo9yzEnxGCMxb7dJjRxt19VIQ==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4LjwSg3t65zkPm;
	Thu, 14 Jul 2022 00:33:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 26E0X7CL089178;
	Thu, 14 Jul 2022 00:33:07 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 26E0X7VV089177;
	Thu, 14 Jul 2022 00:33:07 GMT
	(envelope-from git)
Date: Thu, 14 Jul 2022 00:33:07 GMT
Message-Id: <202207140033.26E0X7VV089177@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Jessica Clarke <jrtc27@FreeBSD.org>
Subject: git: 232cf6be4bc4 - main - certctl: Introduce a new -d <distbase> option
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: jrtc27
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 232cf6be4bc493412f1c8b80a4cdc00fe53075c6
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1657758787;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=kH9GNuDDTMRjYpQE+ff5hMyMZlPsjOOg+oqMW4swT9Q=;
	b=vK0zpMyLobTjVgcIP8i7vttEhsLzaCfLWpUn3+ET7tBWLIy/bgccuU9lCqlul5t54VGGkp
	aUeV7yW2SqjqiTccUNYWsy8i6k7Y8ka9LcxnqCShxVirJa52rirEPqHq0wi2JsFRz6Xg71
	6GsLXBRix4ybxfhYX0Ai2oqLBHQcK6DqQ2XJGfFoGizZgcH48pn+DweR/KMfUpCKgL84ct
	v765jVD8zvfh0erMVXAA1QxH9T71us5RM6md4B1tvq0wDZfsvO3buymGYw4i8NpLmiFJYi
	8ToDrg2m+DE8dkLyYTQGBEK7+Lm4e3WCg19eXtYZkGxxR9DqnC4V7Iy6aI+vow==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1657758787; a=rsa-sha256; cv=none;
	b=ytj8bMySqyk5+lcXwqGWkboq4x3FqdTKCCXYobFDyuJShXMIrOyj0yHKyv0cz/Rkxe+/El
	3eAmuCYLD3qqpn/EJ//UGQdAL4WXhto2VZN+iR6uwK4P2XUO2Z2Zo8A6MVqj45UDjuGWbm
	mYl+qlvUnYs4aZ782nn+pN6b+qYejXcYPkhM5/HKa+eVI2vz1ly6+I7Ob2aAiCPmi0NrP9
	UlMbHFDZ0G53q48fPvSEmhmAyIORfVj6dpASDMHSLWmsjxnv1vL+bOV1SDG/qrw8eKLoNO
	dyTxQL+nmefWHx8S+ScdU2TeQH/sY7N6+oDEYj6m2HizQeqKXB2w9nQxGq0mZQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by jrtc27:

URL: https://cgit.FreeBSD.org/src/commit/?id=232cf6be4bc493412f1c8b80a4cdc00fe53075c6

commit 232cf6be4bc493412f1c8b80a4cdc00fe53075c6
Author:     Jessica Clarke <jrtc27@FreeBSD.org>
AuthorDate: 2022-07-14 00:23:42 +0000
Commit:     Jessica Clarke <jrtc27@FreeBSD.org>
CommitDate: 2022-07-14 00:23:42 +0000

    certctl: Introduce a new -d <distbase> option
    
    This will be used by Makefile.inc1 to fix -DNO_ROOT distributeworld,
    which needs to split out DESTDIR from DISTBASE so the METALOG file
    includes the base/ prefix.
    
    Reviewed by:    kevans
    Obtained from:  CheriBSD
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D35808
---
 usr.sbin/certctl/certctl.8  | 21 +++++++++++++--------
 usr.sbin/certctl/certctl.sh | 14 ++++++++------
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/usr.sbin/certctl/certctl.8 b/usr.sbin/certctl/certctl.8
index 9af2adaba757..9e701cca66f4 100644
--- a/usr.sbin/certctl/certctl.8
+++ b/usr.sbin/certctl/certctl.8
@@ -26,7 +26,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd June 18, 2021
+.Dd July 13, 2022
 .Dt CERTCTL 8
 .Os
 .Sh NAME
@@ -60,6 +60,8 @@ Flags:
 .Bl -tag -width 4n
 .It Fl D Ar destdir
 Specify the DESTDIR (overriding values from the environment).
+.It Fl d Ar distbase
+Specify the DISTBASE (overriding values from the environment).
 .It Fl M Ar metalog
 Specify the path of the METALOG file (default: $DESTDIR/METALOG).
 .It Fl n
@@ -96,25 +98,28 @@ Remove the specified file from the untrusted list.
 .Bl -tag -width UNTRUSTDESTDIR
 .It Ev DESTDIR
 Alternate destination directory to operate on.
+.It Ev DISTBASE
+Additional path component to include when operating on certificate directories.
 .It Ev TRUSTPATH
 List of paths to search for trusted certificates.
 Default:
-.Pa <DESTDIR>/usr/share/certs/trusted
-.Pa <DESTDIR>/usr/local/share/certs <DESTDIR>/usr/local/etc/ssl/certs
+.Pa <DESTDIR><DISTBASE>/usr/share/certs/trusted
+.Pa <DESTDIR><DISTBASE>/usr/local/share/certs
+.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/certs
 .It Ev UNTRUSTPATH
 List of paths to search for untrusted certificates.
 Default:
-.Pa <DESTDIR>/usr/share/certs/untrusted
-.Pa <DESTDIR>/usr/local/etc/ssl/untrusted
-.Pa <DESTDIR>/usr/local/etc/ssl/blacklisted
+.Pa <DESTDIR><DISTBASE>/usr/share/certs/untrusted
+.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/untrusted
+.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/blacklisted
 .It Ev CERTDESTDIR
 Destination directory for symbolic links to trusted certificates.
 Default:
-.Pa <DESTDIR>/etc/ssl/certs
+.Pa <DESTDIR><DISTBASE>/etc/ssl/certs
 .It Ev UNTRUSTDESTDIR
 Destination directory for symbolic links to untrusted certificates.
 Default:
-.Pa <DESTDIR>/etc/ssl/untrusted
+.Pa <DESTDIR><DISTBASE>/etc/ssl/untrusted
 .It Ev EXTENSIONS
 List of file extensions to read as certificate files.
 Default: *.pem *.crt *.cer *.crl *.0
diff --git a/usr.sbin/certctl/certctl.sh b/usr.sbin/certctl/certctl.sh
index 327eaa6381a6..99fff8848188 100755
--- a/usr.sbin/certctl/certctl.sh
+++ b/usr.sbin/certctl/certctl.sh
@@ -30,6 +30,7 @@
 ############################################################ CONFIGURATION
 
 : ${DESTDIR:=}
+: ${DISTBASE:=}
 : ${FILEPAT:="\.pem$|\.crt$|\.cer$|\.crl$"}
 : ${VERBOSE:=0}
 
@@ -254,7 +255,7 @@ usage()
 	echo "		List trusted certificates"
 	echo "	$SCRIPTNAME [-v] untrusted"
 	echo "		List untrusted certificates"
-	echo "	$SCRIPTNAME [-nUv] [-D <destdir>] [-M <metalog>] rehash"
+	echo "	$SCRIPTNAME [-nUv] [-D <destdir>] [-d <distbase>] [-M <metalog>] rehash"
 	echo "		Generate hash links for all certificates"
 	echo "	$SCRIPTNAME [-nv] untrust <file>"
 	echo "		Add <file> to the list of untrusted certificates"
@@ -265,9 +266,10 @@ usage()
 
 ############################################################ MAIN
 
-while getopts D:M:nUv flag; do
+while getopts D:d:M:nUv flag; do
 	case "$flag" in
 	D) DESTDIR=${OPTARG} ;;
+	d) DISTBASE=${OPTARG} ;;
 	M) METALOG=${OPTARG} ;;
 	n) NOOP=1 ;;
 	U) UNPRIV=1 ;;
@@ -280,10 +282,10 @@ shift $(( $OPTIND - 1 ))
 INSTALLFLAGS=
 [ $UNPRIV -eq 1 ] && INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR}"
 : ${LOCALBASE:=$(sysctl -n user.localbase)}
-: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs}
-: ${UNTRUSTPATH:=${DESTDIR}/usr/share/certs/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted}
-: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs}
-: ${UNTRUSTDESTDIR:=${DESTDIR}/etc/ssl/untrusted}
+: ${TRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs}
+: ${UNTRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted}
+: ${CERTDESTDIR:=${DESTDIR}${DISTBASE}/etc/ssl/certs}
+: ${UNTRUSTDESTDIR:=${DESTDIR}${DISTBASE}/etc/ssl/untrusted}
 
 [ $# -gt 0 ] || usage
 case "$1" in