diff options
| author | Jessica Clarke <jrtc27@FreeBSD.org> | 2022-07-14 00:23:42 +0000 |
|---|---|---|
| committer | Jessica Clarke <jrtc27@FreeBSD.org> | 2023-08-01 20:42:50 +0000 |
| commit | 5f4efa6c9a0e02bcc50a5cbff52868ceb5958fe7 (patch) | |
| tree | 183197ea2bd623708f7f5149d31e02141a473907 | |
| parent | 9515f04fe3b12b9e6ef6c802b647dd4cbdba621b (diff) | |
| download | src-5f4efa6c9a0e02bcc50a5cbff52868ceb5958fe7.tar.gz src-5f4efa6c9a0e02bcc50a5cbff52868ceb5958fe7.zip | |
certctl: Introduce a new -d <distbase> option
This will be used by Makefile.inc1 to fix -DNO_ROOT distributeworld,
which needs to split out DESTDIR from DISTBASE so the METALOG file
includes the base/ prefix.
Reviewed by: kevans
Obtained from: CheriBSD
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35808
(cherry picked from commit 232cf6be4bc493412f1c8b80a4cdc00fe53075c6)
| -rw-r--r-- | usr.sbin/certctl/certctl.8 | 19 | ||||
| -rwxr-xr-x | usr.sbin/certctl/certctl.sh | 14 |
2 files changed, 20 insertions, 13 deletions
diff --git a/usr.sbin/certctl/certctl.8 b/usr.sbin/certctl/certctl.8 index 4387745462f9..6eff3b910bbe 100644 --- a/usr.sbin/certctl/certctl.8 +++ b/usr.sbin/certctl/certctl.8 @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 7, 2021 +.Dd July 13, 2022 .Dt CERTCTL 8 .Os .Sh NAME @@ -60,6 +60,8 @@ Flags: .Bl -tag -width 4n .It Fl D Ar destdir Specify the DESTDIR (overriding values from the environment). +.It Fl d Ar distbase +Specify the DISTBASE (overriding values from the environment). .It Fl M Ar metalog Specify the path of the METALOG file (default: $DESTDIR/METALOG). .It Fl n @@ -96,24 +98,27 @@ Remove the specified file from the blacklist. .Bl -tag -width BLACKLISTDESTDIR .It Ev DESTDIR Alternate destination directory to operate on. +.It Ev DISTBASE +Additional path component to include when operating on certificate directories. .It Ev TRUSTPATH List of paths to search for trusted certificates. Default: -.Pa <DESTDIR>/usr/share/certs/trusted -.Pa <DESTDIR>/usr/local/share/certs <DESTDIR>/usr/local/etc/ssl/certs +.Pa <DESTDIR><DISTBASE>/usr/share/certs/trusted +.Pa <DESTDIR><DISTBASE>/usr/local/share/certs +.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/certs .It Ev BLACKLISTPATH List of paths to search for blacklisted certificates. Default: -.Pa <DESTDIR>/usr/share/certs/blacklisted -.Pa <DESTDIR>/usr/local/etc/ssl/blacklisted +.Pa <DESTDIR><DISTBASE>/usr/share/certs/blacklisted +.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/blacklisted .It Ev CERTDESTDIR Destination directory for symbolic links to trusted certificates. Default: -.Pa <DESTDIR>/etc/ssl/certs +.Pa <DESTDIR><DISTBASE>/etc/ssl/certs .It Ev BLACKLISTDESTDIR Destination directory for symbolic links to blacklisted certificates. Default: -.Pa <DESTDIR>/etc/ssl/blacklisted +.Pa <DESTDIR><DISTBASE>/etc/ssl/blacklisted .It Ev EXTENSIONS List of file extensions to read as certificate files. Default: *.pem *.crt *.cer *.crl *.0 diff --git a/usr.sbin/certctl/certctl.sh b/usr.sbin/certctl/certctl.sh index fb966df95c55..1324ca00d6f3 100755 --- a/usr.sbin/certctl/certctl.sh +++ b/usr.sbin/certctl/certctl.sh @@ -30,6 +30,7 @@ ############################################################ CONFIGURATION : ${DESTDIR:=} +: ${DISTBASE:=} : ${FILEPAT:="\.pem$|\.crt$|\.cer$|\.crl$"} : ${VERBOSE:=0} @@ -254,7 +255,7 @@ usage() echo " List trusted certificates" echo " $SCRIPTNAME [-v] blacklisted" echo " List blacklisted certificates" - echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-M <metalog>] rehash" + echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-d <distbase>] [-M <metalog>] rehash" echo " Generate hash links for all certificates" echo " $SCRIPTNAME [-nv] blacklist <file>" echo " Add <file> to the list of blacklisted certificates" @@ -265,9 +266,10 @@ usage() ############################################################ MAIN -while getopts D:M:nUv flag; do +while getopts D:d:M:nUv flag; do case "$flag" in D) DESTDIR=${OPTARG} ;; + d) DISTBASE=${OPTARG} ;; M) METALOG=${OPTARG} ;; n) NOOP=1 ;; U) UNPRIV=1 ;; @@ -280,10 +282,10 @@ shift $(( $OPTIND - 1 )) INSTALLFLAGS= [ $UNPRIV -eq 1 ] && INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR}" : ${LOCALBASE:=$(sysctl -n user.localbase)} -: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs} -: ${BLACKLISTPATH:=${DESTDIR}/usr/share/certs/blacklisted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted} -: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs} -: ${BLACKLISTDESTDIR:=${DESTDIR}/etc/ssl/blacklisted} +: ${TRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs} +: ${BLACKLISTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/blacklisted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted} +: ${CERTDESTDIR:=${DESTDIR}${DISTBASE}/etc/ssl/certs} +: ${BLACKLISTDESTDIR:=${DESTDIR}${DISTBASE}/etc/ssl/blacklisted} [ $# -gt 0 ] || usage case "$1" in |