Page MenuHomeFreeBSD
Files F110649646

D24932.id72098.diff
No OneTemporary
Actions

D24932.id72098.diff
View Options

Index: Makefile.inc1
===================================================================
--- Makefile.inc1
+++ Makefile.inc1
@@ -999,7 +999,9 @@
METALOG?= ${DESTDIR}/${DISTDIR}/METALOG
METALOG:= ${METALOG:C,//+,/,g}
IMAKE+= -DNO_ROOT METALOG=${METALOG}
-INSTALLFLAGS+= -U -M ${METALOG} -D ${INSTALL_DDIR}
+METALOG_INSTALLFLAGS= -U -M ${METALOG} -D ${INSTALL_DDIR}
+INSTALLFLAGS+= ${METALOG_INSTALLFLAGS}
+CERTCLTFLAGS= ${METALOG_INSTALLFLAGS}
MTREEFLAGS+= -W
.endif
.if defined(BUILD_PKGS)
@@ -1570,14 +1572,10 @@
.endfor
.endif
.elif make(installworld) && ${MK_CAROOT} != "no"
- # We could make certctl a bootstrap tool, but it requires OpenSSL and
- # friends, which we likely don't want. We'll rehash on a best-effort
- # basis, otherwise we'll just mention that we're not doing it to raise
- # awareness.
- @if which certctl>/dev/null; then \
- certctl rehash; \
+ @if which openssl>/dev/null; then \
+ sh ${SRCTOP}/usr.sbin/certctl/certctl.sh ${CERTCLTFLAGS} rehash \
else \
- echo "No certctl on the host, not rehashing target -- /etc/ssl may not be populated."; \
+ echo "No openssl on the host, not rehashing certificates target -- /etc/ssl may not be populated."; \
fi
.endif
Index: usr.sbin/certctl/certctl.8
===================================================================
--- usr.sbin/certctl/certctl.8
+++ usr.sbin/certctl/certctl.8
@@ -26,7 +26,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd February 19, 2019
+.Dd May 22, 2020
.Dt CERTCTL 8
.Os
.Sh NAME
@@ -40,7 +40,9 @@
.Op Fl v
.Ic blacklisted
.Nm
-.Op Fl nv
+.Op Fl nUv
+.Op Fl D Ar destdir
+.Op Fl M Ar metalog
.Ic rehash
.Nm
.Op Fl nv
@@ -56,10 +58,17 @@
.Pp
Flags:
.Bl -tag -width 4n
+.It Fl D Ar destdir
+Specify the DESTDIR (overriding values from the environment).
+.It Fl M Ar metalog
+Specify the path of the METALOG file (default: $DESTDIR/METALOG).
.It Fl n
No-Op mode, do not actually perform any actions.
.It Fl v
be verbose, print details about actions before performing them.
+.It Fl U
+Unprivileged mode, do not change the ownership of created links.
+Do record the ownership in the METALOG file.
.El
.Pp
Primary command functions:
Index: usr.sbin/certctl/certctl.sh
===================================================================
--- usr.sbin/certctl/certctl.sh
+++ usr.sbin/certctl/certctl.sh
@@ -30,10 +30,6 @@
############################################################ CONFIGURATION
: ${DESTDIR:=}
-: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}/usr/local/share/certs:${DESTDIR}/usr/local/etc/ssl/certs}
-: ${BLACKLISTPATH:=${DESTDIR}/usr/share/certs/blacklisted:${DESTDIR}/usr/local/etc/ssl/blacklisted}
-: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs}
-: ${BLACKLISTDESTDIR:=${DESTDIR}/etc/ssl/blacklisted}
: ${EXTENSIONS:="*.pem *.crt *.cer *.crl *.0"}
: ${VERBOSE:=0}
@@ -42,6 +38,7 @@
SCRIPTNAME="${0##*/}"
ERRORS=0
NOOP=0
+UNPRIV=0
############################################################ FUNCTIONS
@@ -69,7 +66,7 @@
return 1
fi
[ $VERBOSE -gt 0 ] && echo "Adding $hash.0 to trust store"
- [ $NOOP -eq 0 ] && install -lrs $(realpath "$1") "$CERTDESTDIR/$hash.0"
+ [ $NOOP -eq 0 ] && install ${INSTALLFLAGS} -lrs $(realpath "$1") "$CERTDESTDIR/$hash.0"
}
create_blacklisted()
@@ -88,7 +85,7 @@
return
fi
[ $VERBOSE -gt 0 ] && echo "Adding $filename to blacklist"
- [ $NOOP -eq 0 ] && install -lrs "$srcfile" "$BLACKLISTDESTDIR/$filename"
+ [ $NOOP -eq 0 ] && install ${INSTALLFLAGS} -lrs "$srcfile" "$BLACKLISTDESTDIR/$filename"
}
do_scan()
@@ -106,7 +103,7 @@
echo "Scanning $CPATH for certificates..."
cd "$CPATH"
for CFILE in $EXTENSIONS; do
- [ -e "$CFILE" ] || continue
+ [ -e "$CFILE" && $UNPRIV -eq 0 ] || continue
[ $VERBOSE -gt 0 ] && echo "Reading $CFILE"
"$CFUNC" "$CPATH/$CFILE"
done
@@ -202,7 +199,7 @@
echo " List trusted certificates"
echo " $SCRIPTNAME [-v] blacklisted"
echo " List blacklisted certificates"
- echo " $SCRIPTNAME [-nv] rehash"
+ echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-M <metalog>] rehash"
echo " Generate hash links for all certificates"
echo " $SCRIPTNAME [-nv] blacklist <file>"
echo " Add <file> to the list of blacklisted certificates"
@@ -213,14 +210,25 @@
############################################################ MAIN
-while getopts nv flag; do
+while getopts D:M:nUv flag; do
case "$flag" in
+ D) DESTDIR=${OPTARG} ;;
+ M) METALOG=${OPTARG} ;;
n) NOOP=1 ;;
+ U) UNPRIV=1 ;;
v) VERBOSE=$(( $VERBOSE + 1 )) ;;
esac
done
shift $(( $OPTIND - 1 ))
+: ${METALOG:=${DESTDIR}/METALOG}
+INSTALLFLAGS=
+[ $UNPRIV -eq 1 ] && INSTALLFLAGS=-U -M ${METALOG} -D ${DESTDIR}
+: ${TRUSTPATH:=${DESTDIR}/usr/share/certs/trusted:${DESTDIR}/usr/local/share/certs:${DESTDIR}/usr/local/etc/ssl/certs}
+: ${BLACKLISTPATH:=${DESTDIR}/usr/share/certs/blacklisted:${DESTDIR}/usr/local/etc/ssl/blacklisted}
+: ${CERTDESTDIR:=${DESTDIR}/etc/ssl/certs}
+: ${BLACKLISTDESTDIR:=${DESTDIR}/etc/ssl/blacklisted}
+
[ $# -gt 0 ] || usage
case "$1" in
list) cmd_list ;;

File Metadata

Mime Type
text/plain
Expires
Sat, Feb 22, 10:59 AM (1 h, 47 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16769978
Default Alt Text
D24932.id72098.diff (4 KB)

Event Timeline