Date: Thu, 14 Jul 2022 00:33:07 GMT From: Jessica Clarke <jrtc27@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 232cf6be4bc4 - main - certctl: Introduce a new -d <distbase> option Message-ID: <202207140033.26E0X7VV089177@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by jrtc27: URL: https://cgit.FreeBSD.org/src/commit/?id=232cf6be4bc493412f1c8b80a4cdc00fe53075c6 commit 232cf6be4bc493412f1c8b80a4cdc00fe53075c6 Author: Jessica Clarke <jrtc27@FreeBSD.org> AuthorDate: 2022-07-14 00:23:42 +0000 Commit: Jessica Clarke <jrtc27@FreeBSD.org> CommitDate: 2022-07-14 00:23:42 +0000 certctl: Introduce a new -d <distbase> option This will be used by Makefile.inc1 to fix -DNO_ROOT distributeworld, which needs to split out DESTDIR from DISTBASE so the METALOG file includes the base/ prefix. Reviewed by: kevans Obtained from: CheriBSD MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D35808 --- usr.sbin/certctl/certctl.8 | 21 +++++++++++++-------- usr.sbin/certctl/certctl.sh | 14 ++++++++------ 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/usr.sbin/certctl/certctl.8 b/usr.sbin/certctl/certctl.8 index 9af2adaba757..9e701cca66f4 100644 --- a/usr.sbin/certctl/certctl.8 +++ b/usr.sbin/certctl/certctl.8 @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 18, 2021 +.Dd July 13, 2022 .Dt CERTCTL 8 .Os .Sh NAME @@ -60,6 +60,8 @@ Flags: .Bl -tag -width 4n .It Fl D Ar destdir Specify the DESTDIR (overriding values from the environment). +.It Fl d Ar distbase +Specify the DISTBASE (overriding values from the environment). .It Fl M Ar metalog Specify the path of the METALOG file (default: $DESTDIR/METALOG). .It Fl n @@ -96,25 +98,28 @@ Remove the specified file from the untrusted list. .Bl -tag -width UNTRUSTDESTDIR .It Ev DESTDIR Alternate destination directory to operate on. +.It Ev DISTBASE +Additional path component to include when operating on certificate directories. .It Ev TRUSTPATH List of paths to search for trusted certificates. Default: -.Pa <DESTDIR>/usr/share/certs/trusted -.Pa <DESTDIR>/usr/local/share/certs <DESTDIR>/usr/local/etc/ssl/certs +.Pa <DESTDIR><DISTBASE>/usr/share/certs/trusted +.Pa <DESTDIR><DISTBASE>/usr/local/share/certs +.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/certs .It Ev UNTRUSTPATH List of paths to search for untrusted certificates. Default: -.Pa <DESTDIR>/usr/share/certs/untrusted -.Pa <DESTDIR>/usr/local/etc/ssl/untrusted -.Pa <DESTDIR>/usr/local/etc/ssl/blacklisted +.Pa <DESTDIR><DISTBASE>/usr/share/certs/untrusted +.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/untrusted +.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/blacklisted .It Ev CERTDESTDIR Destination directory for symbolic links to trusted certificates. Default: -.Pa <DESTDIR>/etc/ssl/certs +.Pa <DESTDIR><DISTBASE>/etc/ssl/certs .It Ev UNTRUSTDESTDIR Destination directory for symbolic links to untrusted certificates. Default: -.Pa <DESTDIR>/etc/ssl/untrusted +.Pa <DESTDIR><DISTBASE>/etc/ssl/untrusted .It Ev EXTENSIONS List of file extensions to read as certificate files. Default: *.pem *.crt *.cer *.crl *.0 diff --git a/usr.sbin/certctl/certctl.sh b/usr.sbin/certctl/certctl.sh index 327eaa6381a6..99fff8848188 100755 --- a/usr.sbin/certctl/certctl.sh +++ b/usr.sbin/certctl/certctl.sh @@ -30,6 +30,7 @@ ############################################################ CONFIGURATION : ${DESTDIR:=} +: ${DISTBASE:=} : ${FILEPAT:="\.pem$|\.crt$|\.cer$|\.crl$"} : ${VERBOSE:=0} @@ -254,7 +255,7 @@ usage() echo " List trusted certificates" echo " $SCRIPTNAME [-v] untrusted" echo " List untrusted certificates" - echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-M <metalog>] rehash" + echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-d <distbase>] [-M <metalog>] rehash" echo " Generate hash links for all certificates" echo " $SCRIPTNAME [-nv] untrust <file>" echo " Add <file> to the list of untrusted certificates" @@ -265,9 +266,10 @@ usage() ############################################################ MAIN -while getopts D:M:nUv flag; do +while getopts D:d:M:nUv flag; do case "$flag" in D) DESTDIR=${OPTARG} ;; + d) DISTBASE=${OPTARG} ;; M) METALOG=${OPTARG} ;; n) NOOP=1 ;; U) UNPRIV=1 ;; @@ -280,10 +282,10 @@ shift $(( $OPTIND - 1 )) INSTALLFLAGS= [ $UNPRIV -eq 1 ] && INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR}" : ${LOCALBASE:=$(sysctl -n user.localbase)} -: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs} -: ${UNTRUSTPATH:=${DESTDIR}/usr/share/certs/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted} -: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs} -: ${UNTRUSTDESTDIR:=${DESTDIR}/etc/ssl/untrusted} +: ${TRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs} +: ${UNTRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted} +: ${CERTDESTDIR:=${DESTDIR}${DISTBASE}/etc/ssl/certs} +: ${UNTRUSTDESTDIR:=${DESTDIR}${DISTBASE}/etc/ssl/untrusted} [ $# -gt 0 ] || usage case "$1" in
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202207140033.26E0X7VV089177>