diff --git a/usr.sbin/certctl/certctl.8 b/usr.sbin/certctl/certctl.8 --- a/usr.sbin/certctl/certctl.8 +++ b/usr.sbin/certctl/certctl.8 @@ -24,7 +24,7 @@ .\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd October 10, 2023 +.Dd July 17, 2025 .Dt CERTCTL 8 .Os .Sh NAME @@ -38,15 +38,15 @@ .Op Fl v .Ic untrusted .Nm -.Op Fl nUv +.Op Fl cnUv .Op Fl D Ar destdir .Op Fl M Ar metalog .Ic rehash .Nm -.Op Fl nv +.Op Fl cnv .Ic untrust Ar file .Nm -.Op Fl nv +.Op Fl cnv .Ic trust Ar file .Sh DESCRIPTION The @@ -56,6 +56,8 @@ .Pp Flags: .Bl -tag -width 4n +.It Fl c +Copy certificates instead of linking to them. .It Fl D Ar destdir Specify the DESTDIR (overriding values from the environment). .It Fl d Ar distbase diff --git a/usr.sbin/certctl/certctl.sh b/usr.sbin/certctl/certctl.sh --- a/usr.sbin/certctl/certctl.sh +++ b/usr.sbin/certctl/certctl.sh @@ -36,6 +36,7 @@ ############################################################ GLOBALS SCRIPTNAME="${0##*/}" +LINK=-lrs ERRORS=0 NOOP=false UNPRIV=false @@ -110,7 +111,6 @@ { local hash certhash otherfile otherhash local suffix - local link=${2:+-lrs} hash=$(do_hash "$1") || return certhash=$(openssl x509 -sha1 -in "$1" -noout -fingerprint) @@ -130,7 +130,7 @@ done suffix=$(get_decimal "$CERTDESTDIR" "$hash") verbose "Adding $hash.$suffix to trust store" - perform install ${INSTALLFLAGS} -m 0444 ${link} \ + perform install ${INSTALLFLAGS} -m 0444 ${LINK} \ "$(realpath "$1")" "$CERTDESTDIR/$hash.$suffix" } @@ -159,7 +159,6 @@ create_untrusted() { local srcfile filename - local link=${2:+-lrs} set -- $(resolve_certname "$1") srcfile=$1 @@ -170,7 +169,7 @@ fi verbose "Adding $filename to untrusted list" - perform install ${INSTALLFLAGS} -m 0444 ${link} \ + perform install ${INSTALLFLAGS} -m 0444 ${LINK} \ "$srcfile" "$UNTRUSTDESTDIR/$filename" } @@ -190,7 +189,7 @@ 0) ;; 1) - "$CFUNC" "$CFILE" link + "$CFUNC" "$CFILE" ;; *) verbose "Multiple certificates found, splitting..." @@ -303,19 +302,20 @@ echo " List trusted certificates" echo " $SCRIPTNAME [-v] untrusted" echo " List untrusted certificates" - echo " $SCRIPTNAME [-nUv] [-D ] [-d ] [-M ] rehash" - echo " Generate hash links for all certificates" - echo " $SCRIPTNAME [-nv] untrust " + echo " $SCRIPTNAME [-cnUv] [-D ] [-d ] [-M ] rehash" + echo " Rehash all trusted and untrusted certificates" + echo " $SCRIPTNAME [-cnv] untrust " echo " Add to the list of untrusted certificates" - echo " $SCRIPTNAME [-nv] trust " + echo " $SCRIPTNAME [-cnv] trust " echo " Remove from the list of untrusted certificates" exit 64 } ############################################################ MAIN -while getopts D:d:M:nUv flag; do +while getopts cD:d:M:nUv flag; do case "$flag" in + c) LINK=-c ;; D) DESTDIR=${OPTARG} ;; d) DISTBASE=${OPTARG} ;; M) METALOG=${OPTARG} ;;