diff options
author | Jessica Clarke <jrtc27@FreeBSD.org> | 2022-07-14 00:23:42 +0000 |
---|---|---|
committer | Jessica Clarke <jrtc27@FreeBSD.org> | 2022-07-14 00:23:42 +0000 |
commit | 232cf6be4bc493412f1c8b80a4cdc00fe53075c6 (patch) | |
tree | 11251d49de8f5aacdc3a51482f2156d1e466e62a | |
parent | c792466f878a082a63683d3a8a1f7b468081d835 (diff) | |
download | src-232cf6be4bc493412f1c8b80a4cdc00fe53075c6.tar.gz src-232cf6be4bc493412f1c8b80a4cdc00fe53075c6.zip |
certctl: Introduce a new -d <distbase> option
This will be used by Makefile.inc1 to fix -DNO_ROOT distributeworld,
which needs to split out DESTDIR from DISTBASE so the METALOG file
includes the base/ prefix.
Reviewed by: kevans
Obtained from: CheriBSD
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35808
-rw-r--r-- | usr.sbin/certctl/certctl.8 | 21 | ||||
-rwxr-xr-x | usr.sbin/certctl/certctl.sh | 14 |
2 files changed, 21 insertions, 14 deletions
diff --git a/usr.sbin/certctl/certctl.8 b/usr.sbin/certctl/certctl.8 index 9af2adaba757..9e701cca66f4 100644 --- a/usr.sbin/certctl/certctl.8 +++ b/usr.sbin/certctl/certctl.8 @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 18, 2021 +.Dd July 13, 2022 .Dt CERTCTL 8 .Os .Sh NAME @@ -60,6 +60,8 @@ Flags: .Bl -tag -width 4n .It Fl D Ar destdir Specify the DESTDIR (overriding values from the environment). +.It Fl d Ar distbase +Specify the DISTBASE (overriding values from the environment). .It Fl M Ar metalog Specify the path of the METALOG file (default: $DESTDIR/METALOG). .It Fl n @@ -96,25 +98,28 @@ Remove the specified file from the untrusted list. .Bl -tag -width UNTRUSTDESTDIR .It Ev DESTDIR Alternate destination directory to operate on. +.It Ev DISTBASE +Additional path component to include when operating on certificate directories. .It Ev TRUSTPATH List of paths to search for trusted certificates. Default: -.Pa <DESTDIR>/usr/share/certs/trusted -.Pa <DESTDIR>/usr/local/share/certs <DESTDIR>/usr/local/etc/ssl/certs +.Pa <DESTDIR><DISTBASE>/usr/share/certs/trusted +.Pa <DESTDIR><DISTBASE>/usr/local/share/certs +.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/certs .It Ev UNTRUSTPATH List of paths to search for untrusted certificates. Default: -.Pa <DESTDIR>/usr/share/certs/untrusted -.Pa <DESTDIR>/usr/local/etc/ssl/untrusted -.Pa <DESTDIR>/usr/local/etc/ssl/blacklisted +.Pa <DESTDIR><DISTBASE>/usr/share/certs/untrusted +.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/untrusted +.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/blacklisted .It Ev CERTDESTDIR Destination directory for symbolic links to trusted certificates. Default: -.Pa <DESTDIR>/etc/ssl/certs +.Pa <DESTDIR><DISTBASE>/etc/ssl/certs .It Ev UNTRUSTDESTDIR Destination directory for symbolic links to untrusted certificates. Default: -.Pa <DESTDIR>/etc/ssl/untrusted +.Pa <DESTDIR><DISTBASE>/etc/ssl/untrusted .It Ev EXTENSIONS List of file extensions to read as certificate files. Default: *.pem *.crt *.cer *.crl *.0 diff --git a/usr.sbin/certctl/certctl.sh b/usr.sbin/certctl/certctl.sh index 327eaa6381a6..99fff8848188 100755 --- a/usr.sbin/certctl/certctl.sh +++ b/usr.sbin/certctl/certctl.sh @@ -30,6 +30,7 @@ ############################################################ CONFIGURATION : ${DESTDIR:=} +: ${DISTBASE:=} : ${FILEPAT:="\.pem$|\.crt$|\.cer$|\.crl$"} : ${VERBOSE:=0} @@ -254,7 +255,7 @@ usage() echo " List trusted certificates" echo " $SCRIPTNAME [-v] untrusted" echo " List untrusted certificates" - echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-M <metalog>] rehash" + echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-d <distbase>] [-M <metalog>] rehash" echo " Generate hash links for all certificates" echo " $SCRIPTNAME [-nv] untrust <file>" echo " Add <file> to the list of untrusted certificates" @@ -265,9 +266,10 @@ usage() ############################################################ MAIN -while getopts D:M:nUv flag; do +while getopts D:d:M:nUv flag; do case "$flag" in D) DESTDIR=${OPTARG} ;; + d) DISTBASE=${OPTARG} ;; M) METALOG=${OPTARG} ;; n) NOOP=1 ;; U) UNPRIV=1 ;; @@ -280,10 +282,10 @@ shift $(( $OPTIND - 1 )) INSTALLFLAGS= [ $UNPRIV -eq 1 ] && INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR}" : ${LOCALBASE:=$(sysctl -n user.localbase)} -: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs} -: ${UNTRUSTPATH:=${DESTDIR}/usr/share/certs/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted} -: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs} -: ${UNTRUSTDESTDIR:=${DESTDIR}/etc/ssl/untrusted} +: ${TRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs} +: ${UNTRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted} +: ${CERTDESTDIR:=${DESTDIR}${DISTBASE}/etc/ssl/certs} +: ${UNTRUSTDESTDIR:=${DESTDIR}${DISTBASE}/etc/ssl/untrusted} [ $# -gt 0 ] || usage case "$1" in |