Page MenuHomeFreeBSD
Files F107878475

D24932.diff
No OneTemporary
Actions

D24932.diff
View Options

Index: head/usr.sbin/certctl/certctl.8
===================================================================
--- head/usr.sbin/certctl/certctl.8
+++ head/usr.sbin/certctl/certctl.8
@@ -26,7 +26,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd February 19, 2019
+.Dd May 22, 2020
.Dt CERTCTL 8
.Os
.Sh NAME
@@ -40,7 +40,9 @@
.Op Fl v
.Ic blacklisted
.Nm
-.Op Fl nv
+.Op Fl nUv
+.Op Fl D Ar destdir
+.Op Fl M Ar metalog
.Ic rehash
.Nm
.Op Fl nv
@@ -56,10 +58,17 @@
.Pp
Flags:
.Bl -tag -width 4n
+.It Fl D Ar destdir
+Specify the DESTDIR (overriding values from the environment).
+.It Fl M Ar metalog
+Specify the path of the METALOG file (default: $DESTDIR/METALOG).
.It Fl n
No-Op mode, do not actually perform any actions.
.It Fl v
be verbose, print details about actions before performing them.
+.It Fl U
+Unprivileged mode, do not change the ownership of created links.
+Do record the ownership in the METALOG file.
.El
.Pp
Primary command functions:
Index: head/usr.sbin/certctl/certctl.sh
===================================================================
--- head/usr.sbin/certctl/certctl.sh
+++ head/usr.sbin/certctl/certctl.sh
@@ -30,10 +30,6 @@
############################################################ CONFIGURATION
: ${DESTDIR:=}
-: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}/usr/local/share/certs:${DESTDIR}/usr/local/etc/ssl/certs}
-: ${BLACKLISTPATH:=${DESTDIR}/usr/share/certs/blacklisted:${DESTDIR}/usr/local/etc/ssl/blacklisted}
-: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs}
-: ${BLACKLISTDESTDIR:=${DESTDIR}/etc/ssl/blacklisted}
: ${FILEPAT:="\.pem$|\.crt$|\.cer$|\.crl$|\.0$"}
: ${VERBOSE:=0}
@@ -42,6 +38,7 @@
SCRIPTNAME="${0##*/}"
ERRORS=0
NOOP=0
+UNPRIV=0
############################################################ FUNCTIONS
@@ -69,7 +66,7 @@
return 1
fi
[ $VERBOSE -gt 0 ] && echo "Adding $hash.0 to trust store"
- [ $NOOP -eq 0 ] && install -lrs $(realpath "$1") "$CERTDESTDIR/$hash.0"
+ [ $NOOP -eq 0 ] && install ${INSTALLFLAGS} -lrs $(realpath "$1") "$CERTDESTDIR/$hash.0"
}
create_blacklisted()
@@ -88,7 +85,7 @@
return
fi
[ $VERBOSE -gt 0 ] && echo "Adding $filename to blacklist"
- [ $NOOP -eq 0 ] && install -lrs "$srcfile" "$BLACKLISTDESTDIR/$filename"
+ [ $NOOP -eq 0 ] && install ${INSTALLFLAGS} -lrs "$srcfile" "$BLACKLISTDESTDIR/$filename"
}
do_scan()
@@ -105,7 +102,7 @@
[ -d "$CPATH" ] || continue
echo "Scanning $CPATH for certificates..."
for CFILE in $(ls -1 "${CPATH}" | grep -Ee "${FILEPAT}"); do
- [ -e "$CPATH/$CFILE" ] || continue
+ [ -e "$CPATH/$CFILE" && $UNPRIV -eq 0 ] || continue
[ $VERBOSE -gt 0 ] && echo "Reading $CFILE"
"$CFUNC" "$CPATH/$CFILE"
done
@@ -209,7 +206,7 @@
echo " List trusted certificates"
echo " $SCRIPTNAME [-v] blacklisted"
echo " List blacklisted certificates"
- echo " $SCRIPTNAME [-nv] rehash"
+ echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-M <metalog>] rehash"
echo " Generate hash links for all certificates"
echo " $SCRIPTNAME [-nv] blacklist <file>"
echo " Add <file> to the list of blacklisted certificates"
@@ -220,13 +217,24 @@
############################################################ MAIN
-while getopts nv flag; do
+while getopts D:M:nUv flag; do
case "$flag" in
+ D) DESTDIR=${OPTARG} ;;
+ M) METALOG=${OPTARG} ;;
n) NOOP=1 ;;
+ U) UNPRIV=1 ;;
v) VERBOSE=$(( $VERBOSE + 1 )) ;;
esac
done
shift $(( $OPTIND - 1 ))
+
+: ${METALOG:=${DESTDIR}/METALOG}
+INSTALLFLAGS=
+[ $UNPRIV -eq 1 ] && INSTALLFLAGS=-U -M ${METALOG} -D ${DESTDIR}
+: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}/usr/local/share/certs:${DESTDIR}/usr/local/etc/ssl/certs}
+: ${BLACKLISTPATH:=${DESTDIR}/usr/share/certs/blacklisted:${DESTDIR}/usr/local/etc/ssl/blacklisted}
+: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs}
+: ${BLACKLISTDESTDIR:=${DESTDIR}/etc/ssl/blacklisted}
[ $# -gt 0 ] || usage
case "$1" in

File Metadata

Mime Type
text/plain
Expires
Sun, Jan 19, 10:53 PM (20 h, 24 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15964606
Default Alt Text
D24932.diff (3 KB)

Event Timeline