summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--configure.ac2
-rw-r--r--p11-kit/p11-kit.c58
-rw-r--r--trust/Makefile.am3
-rw-r--r--trust/extract.c38
-rw-r--r--trust/extract.h3
-rwxr-xr-xtrust/trust-extract-compat.in (renamed from trust/p11-kit-extract-trust.in)10
-rw-r--r--trust/trust.c1
8 files changed, 81 insertions, 35 deletions
diff --git a/.gitignore b/.gitignore
index d8c0047..cd5978e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -113,6 +113,7 @@ x86_64-w64-mingw32
/tools/p11-kit
/trust/trust
+/trust/trust-extract-compat
/trust/p11-kit-extract-trust
/p11-kit-?.?
diff --git a/configure.ac b/configure.ac
index c00603c..5a64e20 100644
--- a/configure.ac
+++ b/configure.ac
@@ -503,7 +503,7 @@ AC_CONFIG_FILES([Makefile
p11-kit/p11-kit-1.pc
p11-kit/pkcs11.conf.example
trust/Makefile
- trust/p11-kit-extract-trust
+ trust/trust-extract-compat
trust/tests/Makefile
])
AC_OUTPUT
diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c
index 34b9476..da9d400 100644
--- a/p11-kit/p11-kit.c
+++ b/p11-kit/p11-kit.c
@@ -41,6 +41,7 @@
#include <assert.h>
#include <ctype.h>
+#include <errno.h>
#include <getopt.h>
#include <string.h>
#include <stdio.h>
@@ -52,7 +53,7 @@
int p11_kit_list_modules (int argc,
char *argv[]);
-int p11_kit_extract (int argc,
+int p11_kit_trust (int argc,
char *argv[]);
int p11_kit_external (int argc,
@@ -60,61 +61,62 @@ int p11_kit_external (int argc,
static const p11_tool_command commands[] = {
{ "list-modules", p11_kit_list_modules, "List modules and tokens" },
- { "extract", p11_kit_extract, "Extract certificates and trust" },
- { P11_TOOL_FALLBACK, p11_kit_external, "List modules and tokens" },
+ { P11_TOOL_FALLBACK, p11_kit_external, NULL },
{ 0, }
};
int
-p11_kit_external (int argc,
- char *argv[])
+p11_kit_trust (int argc,
+ char *argv[])
{
- char *filename;
- char *path;
+ char **args;
- if (!asprintf (&filename, "p11-kit-%s", argv[0]) < 0)
- return_val_if_reached (1);
+ args = calloc (argc + 2, sizeof (char *));
+ return_val_if_fail (args != NULL, 1);
- /* Add our libexec directory to the path */
- path = p11_path_build (PRIVATEDIR, filename, NULL);
- return_val_if_fail (path != NULL, 1);
+ args[0] = BINDIR "/trust";
+ memcpy (args + 1, argv, sizeof (char *) * argc);
+ args[argc + 1] = NULL;
- argv[argc] = NULL;
- execv (path, argv);
+ execv (args[0], args);
/* At this point we have no command */
- p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]);
+ p11_message_err (errno, "couldn't run trust tool");
- free (filename);
- free (path);
+ free (args);
return 2;
}
int
-p11_kit_extract (int argc,
- char *argv[])
+p11_kit_external (int argc,
+ char *argv[])
{
+ char *filename;
char *path;
- char **args;
- args = calloc (argc + 2, sizeof (char *));
- return_val_if_fail (args != NULL, 1);
+ /* These are trust commands, send them to that tool */
+ if (strcmp (argv[0], "extract") == 0) {
+ return p11_kit_trust (argc, argv);
+ } else if (strcmp (argv[0], "extract-trust") == 0) {
+ argv[0] = "extract-compat";
+ return p11_kit_trust (argc, argv);
+ }
- args[0] = "trust";
- memcpy (args + 1, argv, sizeof (char *) * argc);
- args[argc + 1] = NULL;
+ if (!asprintf (&filename, "p11-kit-%s", argv[0]) < 0)
+ return_val_if_reached (1);
/* Add our libexec directory to the path */
- path = p11_path_build (BINDIR, args[0], NULL);
+ path = p11_path_build (PRIVATEDIR, filename, NULL);
return_val_if_fail (path != NULL, 1);
- execv (path, args);
+ argv[argc] = NULL;
+ execv (path, argv);
/* At this point we have no command */
p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]);
+ free (filename);
free (path);
- free (args);
return 2;
}
diff --git a/trust/Makefile.am b/trust/Makefile.am
index 18fded6..7410f5d 100644
--- a/trust/Makefile.am
+++ b/trust/Makefile.am
@@ -10,6 +10,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/common \
-DDATADIR=\"$(datadir)\" \
-DSYSCONFDIR=\"$(sysconfdir)\" \
+ -DPRIVATEDIR=\"$(privatedir)\" \
$(LIBTASN1_CFLAGS) \
$(NULL)
@@ -111,7 +112,7 @@ trust_SOURCES = \
externaldir = $(privatedir)
external_SCRIPTS = \
- p11-kit-extract-trust
+ trust-extract-compat
EXTRA_DIST = \
p11-kit-trust.module
diff --git a/trust/extract.c b/trust/extract.c
index 0389d29..d12d18b 100644
--- a/trust/extract.c
+++ b/trust/extract.c
@@ -41,6 +41,7 @@
#include "iter.h"
#include "message.h"
#include "oid.h"
+#include "path.h"
#include "pkcs11.h"
#include "pkcs11x.h"
#include "save.h"
@@ -48,6 +49,7 @@
#include <assert.h>
#include <ctype.h>
+#include <errno.h>
#include <getopt.h>
#include <stdint.h>
#include <stdio.h>
@@ -281,3 +283,39 @@ p11_trust_extract (int argc,
p11_enumerate_cleanup (&ex);
return ret;
}
+
+int
+p11_trust_extract_compat (int argc,
+ char *argv[])
+{
+ char *path;
+ char *path2;
+ int error;
+
+ argv[argc] = NULL;
+
+ /*
+ * For compatibility with people who deployed p11-kit 0.18.x
+ * before trust stuff was put into its own branch.
+ */
+ path2 = p11_path_build (PRIVATEDIR, "p11-kit-extract-trust", NULL);
+ return_val_if_fail (path2 != NULL, 1);
+ execv (path2, argv);
+ error = errno;
+ free (path2);
+
+ if (error == ENOENT) {
+ path = p11_path_build (PRIVATEDIR, "trust-extract-compat", NULL);
+ return_val_if_fail (path != NULL, 1);
+ execv (path, argv);
+ error = errno;
+ free (path);
+ }
+
+ /* At this point we have no command */
+ p11_message_err (error, "could not run %s command", path);
+
+ free (path);
+ free (path2);
+ return 2;
+}
diff --git a/trust/extract.h b/trust/extract.h
index 1bd8e4a..ca14238 100644
--- a/trust/extract.h
+++ b/trust/extract.h
@@ -72,4 +72,7 @@ bool p11_extract_openssl_directory (p11_enumerate *ex,
int p11_trust_extract (int argc,
char **argv);
+int p11_trust_extract_compat (int argc,
+ char *argv[]);
+
#endif /* P11_EXTRACT_H_ */
diff --git a/trust/p11-kit-extract-trust.in b/trust/trust-extract-compat.in
index c7214e9..2d8809c 100755
--- a/trust/p11-kit-extract-trust.in
+++ b/trust/trust-extract-compat.in
@@ -7,20 +7,20 @@
# trust module is used to modifiy trust anchors and related data.
if [ $# -ne 0 ]; then
- echo "usage: p11-kit extract-trust" >&2
+ echo "usage: trust extract-compat" >&2
exit 2
fi
-echo "p11-kit: the placeholder extract-trust command has not been customized by your distribution." >&2
+echo "trust: the placeholder extract-compat command has not been customized by your distribution." >&2
# You can use commands like this to extract data from trust modules
# into appropriate locations for your distribution.
#
-# p11-kit extract --format=openssl-bundle --filter=ca-anchors \
+# trust extract --format=openssl-bundle --filter=ca-anchors \
# --overwrite /tmp/openssl-bundle.pem
-# p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite \
+# trust extract --format=pem-bundle --filter=ca-anchors --overwrite \
# --purpose server-auth /tmp/server-auth-bundle.pem
-# p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite \
+# trust extract --format=java-cacerts --filter=ca-anchors --overwrite \
# --purpose server-auth /tmp/cacerts
exit 1
diff --git a/trust/trust.c b/trust/trust.c
index 4ed1df8..b006ec8 100644
--- a/trust/trust.c
+++ b/trust/trust.c
@@ -56,6 +56,7 @@
static const p11_tool_command commands[] = {
{ "list", p11_trust_list, "List trust or certificates" },
{ "extract", p11_trust_extract, "Extract certificates and trust" },
+ { "extract-compat", p11_trust_extract_compat, "Extract trust compatibility bundles" },
{ "anchor", p11_trust_anchor, "Add, remove, change trust anchors" },
{ 0, }
};