diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | p11-kit/p11-kit.c | 58 | ||||
-rw-r--r-- | trust/Makefile.am | 3 | ||||
-rw-r--r-- | trust/extract.c | 38 | ||||
-rw-r--r-- | trust/extract.h | 3 | ||||
-rwxr-xr-x | trust/trust-extract-compat.in (renamed from trust/p11-kit-extract-trust.in) | 10 | ||||
-rw-r--r-- | trust/trust.c | 1 |
8 files changed, 81 insertions, 35 deletions
@@ -113,6 +113,7 @@ x86_64-w64-mingw32 /tools/p11-kit /trust/trust +/trust/trust-extract-compat /trust/p11-kit-extract-trust /p11-kit-?.? diff --git a/configure.ac b/configure.ac index c00603c..5a64e20 100644 --- a/configure.ac +++ b/configure.ac @@ -503,7 +503,7 @@ AC_CONFIG_FILES([Makefile p11-kit/p11-kit-1.pc p11-kit/pkcs11.conf.example trust/Makefile - trust/p11-kit-extract-trust + trust/trust-extract-compat trust/tests/Makefile ]) AC_OUTPUT diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c index 34b9476..da9d400 100644 --- a/p11-kit/p11-kit.c +++ b/p11-kit/p11-kit.c @@ -41,6 +41,7 @@ #include <assert.h> #include <ctype.h> +#include <errno.h> #include <getopt.h> #include <string.h> #include <stdio.h> @@ -52,7 +53,7 @@ int p11_kit_list_modules (int argc, char *argv[]); -int p11_kit_extract (int argc, +int p11_kit_trust (int argc, char *argv[]); int p11_kit_external (int argc, @@ -60,61 +61,62 @@ int p11_kit_external (int argc, static const p11_tool_command commands[] = { { "list-modules", p11_kit_list_modules, "List modules and tokens" }, - { "extract", p11_kit_extract, "Extract certificates and trust" }, - { P11_TOOL_FALLBACK, p11_kit_external, "List modules and tokens" }, + { P11_TOOL_FALLBACK, p11_kit_external, NULL }, { 0, } }; int -p11_kit_external (int argc, - char *argv[]) +p11_kit_trust (int argc, + char *argv[]) { - char *filename; - char *path; + char **args; - if (!asprintf (&filename, "p11-kit-%s", argv[0]) < 0) - return_val_if_reached (1); + args = calloc (argc + 2, sizeof (char *)); + return_val_if_fail (args != NULL, 1); - /* Add our libexec directory to the path */ - path = p11_path_build (PRIVATEDIR, filename, NULL); - return_val_if_fail (path != NULL, 1); + args[0] = BINDIR "/trust"; + memcpy (args + 1, argv, sizeof (char *) * argc); + args[argc + 1] = NULL; - argv[argc] = NULL; - execv (path, argv); + execv (args[0], args); /* At this point we have no command */ - p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]); + p11_message_err (errno, "couldn't run trust tool"); - free (filename); - free (path); + free (args); return 2; } int -p11_kit_extract (int argc, - char *argv[]) +p11_kit_external (int argc, + char *argv[]) { + char *filename; char *path; - char **args; - args = calloc (argc + 2, sizeof (char *)); - return_val_if_fail (args != NULL, 1); + /* These are trust commands, send them to that tool */ + if (strcmp (argv[0], "extract") == 0) { + return p11_kit_trust (argc, argv); + } else if (strcmp (argv[0], "extract-trust") == 0) { + argv[0] = "extract-compat"; + return p11_kit_trust (argc, argv); + } - args[0] = "trust"; - memcpy (args + 1, argv, sizeof (char *) * argc); - args[argc + 1] = NULL; + if (!asprintf (&filename, "p11-kit-%s", argv[0]) < 0) + return_val_if_reached (1); /* Add our libexec directory to the path */ - path = p11_path_build (BINDIR, args[0], NULL); + path = p11_path_build (PRIVATEDIR, filename, NULL); return_val_if_fail (path != NULL, 1); - execv (path, args); + argv[argc] = NULL; + execv (path, argv); /* At this point we have no command */ p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]); + free (filename); free (path); - free (args); return 2; } diff --git a/trust/Makefile.am b/trust/Makefile.am index 18fded6..7410f5d 100644 --- a/trust/Makefile.am +++ b/trust/Makefile.am @@ -10,6 +10,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/common \ -DDATADIR=\"$(datadir)\" \ -DSYSCONFDIR=\"$(sysconfdir)\" \ + -DPRIVATEDIR=\"$(privatedir)\" \ $(LIBTASN1_CFLAGS) \ $(NULL) @@ -111,7 +112,7 @@ trust_SOURCES = \ externaldir = $(privatedir) external_SCRIPTS = \ - p11-kit-extract-trust + trust-extract-compat EXTRA_DIST = \ p11-kit-trust.module diff --git a/trust/extract.c b/trust/extract.c index 0389d29..d12d18b 100644 --- a/trust/extract.c +++ b/trust/extract.c @@ -41,6 +41,7 @@ #include "iter.h" #include "message.h" #include "oid.h" +#include "path.h" #include "pkcs11.h" #include "pkcs11x.h" #include "save.h" @@ -48,6 +49,7 @@ #include <assert.h> #include <ctype.h> +#include <errno.h> #include <getopt.h> #include <stdint.h> #include <stdio.h> @@ -281,3 +283,39 @@ p11_trust_extract (int argc, p11_enumerate_cleanup (&ex); return ret; } + +int +p11_trust_extract_compat (int argc, + char *argv[]) +{ + char *path; + char *path2; + int error; + + argv[argc] = NULL; + + /* + * For compatibility with people who deployed p11-kit 0.18.x + * before trust stuff was put into its own branch. + */ + path2 = p11_path_build (PRIVATEDIR, "p11-kit-extract-trust", NULL); + return_val_if_fail (path2 != NULL, 1); + execv (path2, argv); + error = errno; + free (path2); + + if (error == ENOENT) { + path = p11_path_build (PRIVATEDIR, "trust-extract-compat", NULL); + return_val_if_fail (path != NULL, 1); + execv (path, argv); + error = errno; + free (path); + } + + /* At this point we have no command */ + p11_message_err (error, "could not run %s command", path); + + free (path); + free (path2); + return 2; +} diff --git a/trust/extract.h b/trust/extract.h index 1bd8e4a..ca14238 100644 --- a/trust/extract.h +++ b/trust/extract.h @@ -72,4 +72,7 @@ bool p11_extract_openssl_directory (p11_enumerate *ex, int p11_trust_extract (int argc, char **argv); +int p11_trust_extract_compat (int argc, + char *argv[]); + #endif /* P11_EXTRACT_H_ */ diff --git a/trust/p11-kit-extract-trust.in b/trust/trust-extract-compat.in index c7214e9..2d8809c 100755 --- a/trust/p11-kit-extract-trust.in +++ b/trust/trust-extract-compat.in @@ -7,20 +7,20 @@ # trust module is used to modifiy trust anchors and related data. if [ $# -ne 0 ]; then - echo "usage: p11-kit extract-trust" >&2 + echo "usage: trust extract-compat" >&2 exit 2 fi -echo "p11-kit: the placeholder extract-trust command has not been customized by your distribution." >&2 +echo "trust: the placeholder extract-compat command has not been customized by your distribution." >&2 # You can use commands like this to extract data from trust modules # into appropriate locations for your distribution. # -# p11-kit extract --format=openssl-bundle --filter=ca-anchors \ +# trust extract --format=openssl-bundle --filter=ca-anchors \ # --overwrite /tmp/openssl-bundle.pem -# p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite \ +# trust extract --format=pem-bundle --filter=ca-anchors --overwrite \ # --purpose server-auth /tmp/server-auth-bundle.pem -# p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite \ +# trust extract --format=java-cacerts --filter=ca-anchors --overwrite \ # --purpose server-auth /tmp/cacerts exit 1 diff --git a/trust/trust.c b/trust/trust.c index 4ed1df8..b006ec8 100644 --- a/trust/trust.c +++ b/trust/trust.c @@ -56,6 +56,7 @@ static const p11_tool_command commands[] = { { "list", p11_trust_list, "List trust or certificates" }, { "extract", p11_trust_extract, "Extract certificates and trust" }, + { "extract-compat", p11_trust_extract_compat, "Extract trust compatibility bundles" }, { "anchor", p11_trust_anchor, "Add, remove, change trust anchors" }, { 0, } }; |