D51373.diff
No OneTemporary
Actions

Size

3 KB

Referenced Files

None

Subscribers

None

D51373.diff
View Options

	diff --git a/usr.sbin/certctl/certctl.8 b/usr.sbin/certctl/certctl.8
	--- a/usr.sbin/certctl/certctl.8
	+++ b/usr.sbin/certctl/certctl.8
	@@ -24,7 +24,7 @@
	.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	.\" POSSIBILITY OF SUCH DAMAGE.
	.\"
	-.Dd October 10, 2023
	+.Dd July 17, 2025
	.Dt CERTCTL 8
	.Os
	.Sh NAME
	@@ -38,15 +38,15 @@
	.Op Fl v
	.Ic untrusted
	.Nm
	-.Op Fl nUv
	+.Op Fl cnUv
	.Op Fl D Ar destdir
	.Op Fl M Ar metalog
	.Ic rehash
	.Nm
	-.Op Fl nv
	+.Op Fl cnv
	.Ic untrust Ar file
	.Nm
	-.Op Fl nv
	+.Op Fl cnv
	.Ic trust Ar file
	.Sh DESCRIPTION
	The
	@@ -56,6 +56,8 @@
	.Pp
	Flags:
	.Bl -tag -width 4n
	+.It Fl c
	+Copy certificates instead of linking to them.
	.It Fl D Ar destdir
	Specify the DESTDIR (overriding values from the environment).
	.It Fl d Ar distbase
	diff --git a/usr.sbin/certctl/certctl.sh b/usr.sbin/certctl/certctl.sh
	--- a/usr.sbin/certctl/certctl.sh
	+++ b/usr.sbin/certctl/certctl.sh
	@@ -36,6 +36,7 @@
	############################################################ GLOBALS

	SCRIPTNAME="${0##*/}"
	+LINK=-lrs
	ERRORS=0
	NOOP=false
	UNPRIV=false
	@@ -110,7 +111,6 @@
	{
	local hash certhash otherfile otherhash
	local suffix
	- local link=${2:+-lrs}

	hash=$(do_hash "$1") \|\| return
	certhash=$(openssl x509 -sha1 -in "$1" -noout -fingerprint)
	@@ -130,7 +130,7 @@
	done
	suffix=$(get_decimal "$CERTDESTDIR" "$hash")
	verbose "Adding $hash.$suffix to trust store"
	- perform install ${INSTALLFLAGS} -m 0444 ${link} \
	+ perform install ${INSTALLFLAGS} -m 0444 ${LINK} \
	"$(realpath "$1")" "$CERTDESTDIR/$hash.$suffix"
	}

	@@ -159,7 +159,6 @@
	create_untrusted()
	{
	local srcfile filename
	- local link=${2:+-lrs}

	set -- $(resolve_certname "$1")
	srcfile=$1
	@@ -170,7 +169,7 @@
	fi

	verbose "Adding $filename to untrusted list"
	- perform install ${INSTALLFLAGS} -m 0444 ${link} \
	+ perform install ${INSTALLFLAGS} -m 0444 ${LINK} \
	"$srcfile" "$UNTRUSTDESTDIR/$filename"
	}

	@@ -190,7 +189,7 @@
	0)
	;;
	1)
	- "$CFUNC" "$CFILE" link
	+ "$CFUNC" "$CFILE"
	;;
	*)
	verbose "Multiple certificates found, splitting..."
	@@ -303,19 +302,20 @@
	echo " List trusted certificates"
	echo " $SCRIPTNAME [-v] untrusted"
	echo " List untrusted certificates"
	- echo " $SCRIPTNAME [-nUv] [-D <destdir>] [-d <distbase>] [-M <metalog>] rehash"
	- echo " Generate hash links for all certificates"
	- echo " $SCRIPTNAME [-nv] untrust <file>"
	+ echo " $SCRIPTNAME [-cnUv] [-D <destdir>] [-d <distbase>] [-M <metalog>] rehash"
	+ echo " Rehash all trusted and untrusted certificates"
	+ echo " $SCRIPTNAME [-cnv] untrust <file>"
	echo " Add <file> to the list of untrusted certificates"
	- echo " $SCRIPTNAME [-nv] trust <file>"
	+ echo " $SCRIPTNAME [-cnv] trust <file>"
	echo " Remove <file> from the list of untrusted certificates"
	exit 64
	}

	############################################################ MAIN

	-while getopts D:d:M:nUv flag; do
	+while getopts cD:d:M:nUv flag; do
	case "$flag" in
	+ c) LINK=-c ;;
	D) DESTDIR=${OPTARG} ;;
	d) DISTBASE=${OPTARG} ;;
	M) METALOG=${OPTARG} ;;
	@@ -334,7 +334,7 @@
	: ${METALOG:=${DESTDIR}/METALOG}
	INSTALLFLAGS=
	if "$UNPRIV" ; then
	- INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR} -o root -g wheel"
	+ INSTALLFLAGS="-U -M ${METALOG} -D ${DESTDIR:-/} -o root -g wheel"
	fi
	: ${LOCALBASE:=$(sysctl -n user.localbase)}
	: ${TRUSTPATH:=${DESTDIR}${DISTBASE}/usr/share/certs/trusted:${DESTDIR}${LOCALBASE}/share/certs:${DESTDIR}${LOCALBASE}/etc/ssl/certs}

File Metadata

Mime Type: text/plain
Expires: Tue, Feb 17, 3:03 PM (10 h, 56 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 28817070
Default Alt Text: D51373.diff (3 KB)

D51373.diffNo OneTemporaryActions

D51373.diffView Options

File Metadata

Event Timeline

D51373.diff
No OneTemporary
Actions

D51373.diff
View Options