mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 04:43:53 +00:00
certctl: Introduce a new -d <distbase> option
This will be used by Makefile.inc1 to fix -DNO_ROOT distributeworld, which needs to split out DESTDIR from DISTBASE so the METALOG file includes the base/ prefix. Reviewed by: kevans Obtained from: CheriBSD MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D35808
This commit is contained in:
parent
c792466f87
commit
232cf6be4b
|
@ -26,7 +26,7 @@
|
||||||
.\"
|
.\"
|
||||||
.\" $FreeBSD$
|
.\" $FreeBSD$
|
||||||
.\"
|
.\"
|
||||||
.Dd June 18, 2021
|
.Dd July 13, 2022
|
||||||
.Dt CERTCTL 8
|
.Dt CERTCTL 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -60,6 +60,8 @@ Flags:
|
||||||
.Bl -tag -width 4n
|
.Bl -tag -width 4n
|
||||||
.It Fl D Ar destdir
|
.It Fl D Ar destdir
|
||||||
Specify the DESTDIR (overriding values from the environment).
|
Specify the DESTDIR (overriding values from the environment).
|
||||||
|
.It Fl d Ar distbase
|
||||||
|
Specify the DISTBASE (overriding values from the environment).
|
||||||
.It Fl M Ar metalog
|
.It Fl M Ar metalog
|
||||||
Specify the path of the METALOG file (default: $DESTDIR/METALOG).
|
Specify the path of the METALOG file (default: $DESTDIR/METALOG).
|
||||||
.It Fl n
|
.It Fl n
|
||||||
|
@ -96,25 +98,28 @@ Remove the specified file from the untrusted list.
|
||||||
.Bl -tag -width UNTRUSTDESTDIR
|
.Bl -tag -width UNTRUSTDESTDIR
|
||||||
.It Ev DESTDIR
|
.It Ev DESTDIR
|
||||||
Alternate destination directory to operate on.
|
Alternate destination directory to operate on.
|
||||||
|
.It Ev DISTBASE
|
||||||
|
Additional path component to include when operating on certificate directories.
|
||||||
.It Ev TRUSTPATH
|
.It Ev TRUSTPATH
|
||||||
List of paths to search for trusted certificates.
|
List of paths to search for trusted certificates.
|
||||||
Default:
|
Default:
|
||||||
.Pa <DESTDIR>/usr/share/certs/trusted
|
.Pa <DESTDIR><DISTBASE>/usr/share/certs/trusted
|
||||||
.Pa <DESTDIR>/usr/local/share/certs <DESTDIR>/usr/local/etc/ssl/certs
|
.Pa <DESTDIR><DISTBASE>/usr/local/share/certs
|
||||||
|
.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/certs
|
||||||
.It Ev UNTRUSTPATH
|
.It Ev UNTRUSTPATH
|
||||||
List of paths to search for untrusted certificates.
|
List of paths to search for untrusted certificates.
|
||||||
Default:
|
Default:
|
||||||
.Pa <DESTDIR>/usr/share/certs/untrusted
|
.Pa <DESTDIR><DISTBASE>/usr/share/certs/untrusted
|
||||||
.Pa <DESTDIR>/usr/local/etc/ssl/untrusted
|
.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/untrusted
|
||||||
.Pa <DESTDIR>/usr/local/etc/ssl/blacklisted
|
.Pa <DESTDIR><DISTBASE>/usr/local/etc/ssl/blacklisted
|
||||||
.It Ev CERTDESTDIR
|
.It Ev CERTDESTDIR
|
||||||
Destination directory for symbolic links to trusted certificates.
|
Destination directory for symbolic links to trusted certificates.
|
||||||
Default:
|
Default:
|
||||||
.Pa <DESTDIR>/etc/ssl/certs
|
.Pa <DESTDIR><DISTBASE>/etc/ssl/certs
|
||||||
.It Ev UNTRUSTDESTDIR
|
.It Ev UNTRUSTDESTDIR
|
||||||
Destination directory for symbolic links to untrusted certificates.
|
Destination directory for symbolic links to untrusted certificates.
|
||||||
Default:
|
Default:
|
||||||
.Pa <DESTDIR>/etc/ssl/untrusted
|
.Pa <DESTDIR><DISTBASE>/etc/ssl/untrusted
|
||||||
.It Ev EXTENSIONS
|
.It Ev EXTENSIONS
|
||||||
List of file extensions to read as certificate files.
|
List of file extensions to read as certificate files.
|
||||||
Default: *.pem *.crt *.cer *.crl *.0
|
Default: *.pem *.crt *.cer *.crl *.0
|
||||||
|
|
|
@ -30,6 +30,7 @@
|
||||||
############################################################ CONFIGURATION
|
############################################################ CONFIGURATION
|
||||||
|
|
||||||
: ${DESTDIR:=}
|
: ${DESTDIR:=}
|
||||||
|
: ${DISTBASE:=}
|
||||||
: ${FILEPAT:="\.pem$|\.crt$|\.cer$|\.crl$"}
|
: ${FILEPAT:="\.pem$|\.crt$|\.cer$|\.crl$"}
|
||||||
: ${VERBOSE:=0}
|
: ${VERBOSE:=0}
|
||||||
|
|
||||||
|
@ -254,7 +255,7 @@ usage()
|
||||||
echo " List trusted certificates"
|
echo " List trusted certificates"
|
||||||
echo " $SCRIPTNAME [-v] untrusted"
|
echo " $SCRIPTNAME [-v] untrusted"
|
||||||
echo " List untrusted certificates"
|
echo " List untrusted certificates"
|
||||||
echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-M <metalog>] rehash"
|
echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-d <distbase>] [-M <metalog>] rehash"
|
||||||
echo " Generate hash links for all certificates"
|
echo " Generate hash links for all certificates"
|
||||||
echo " $SCRIPTNAME [-nv] untrust <file>"
|
echo " $SCRIPTNAME [-nv] untrust <file>"
|
||||||
echo " Add <file> to the list of untrusted certificates"
|
echo " Add <file> to the list of untrusted certificates"
|
||||||
|
@ -265,9 +266,10 @@ usage()
|
||||||
|
|
||||||
############################################################ MAIN
|
############################################################ MAIN
|
||||||
|
|
||||||
while getopts D:M:nUv flag; do
|
while getopts D:d:M:nUv flag; do
|
||||||
case "$flag" in
|
case "$flag" in
|
||||||
D) DESTDIR=${OPTARG} ;;
|
D) DESTDIR=${OPTARG} ;;
|
||||||
|
d) DISTBASE=${OPTARG} ;;
|
||||||
M) METALOG=${OPTARG} ;;
|
M) METALOG=${OPTARG} ;;
|
||||||
n) NOOP=1 ;;
|
n) NOOP=1 ;;
|
||||||
U) UNPRIV=1 ;;
|
U) UNPRIV=1 ;;
|
||||||
|
@ -280,10 +282,10 @@ shift $(( $OPTIND - 1 ))
|
||||||
INSTALLFLAGS=
|
INSTALLFLAGS=
|
||||||
[ $UNPRIV -eq 1 ] && INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR}"
|
[ $UNPRIV -eq 1 ] && INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR}"
|
||||||
: ${LOCALBASE:=$(sysctl -n user.localbase)}
|
: ${LOCALBASE:=$(sysctl -n user.localbase)}
|
||||||
: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs}
|
: ${TRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs}
|
||||||
: ${UNTRUSTPATH:=${DESTDIR}/usr/share/certs/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted}
|
: ${UNTRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/untrusted:${DESTDIR}${LOCALBASE}/etc/ssl/blacklisted}
|
||||||
: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs}
|
: ${CERTDESTDIR:=${DESTDIR}${DISTBASE}/etc/ssl/certs}
|
||||||
: ${UNTRUSTDESTDIR:=${DESTDIR}/etc/ssl/untrusted}
|
: ${UNTRUSTDESTDIR:=${DESTDIR}${DISTBASE}/etc/ssl/untrusted}
|
||||||
|
|
||||||
[ $# -gt 0 ] || usage
|
[ $# -gt 0 ] || usage
|
||||||
case "$1" in
|
case "$1" in
|
||||||
|
|
Loading…
Reference in a new issue