From b6e065cda1db37a6c8ed52dac3432468e1277323 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 17 Jun 2013 14:36:37 +0200 Subject: tools: Only use our private path when looking for external commands Instead of looking for external commands in the path, just look for them in our private directory. We want to be conservative early on, and limit what sorta things we have to maintain later. We can later remove this restriction if a real use case presents itself. --- tools/tool.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/tools/tool.c b/tools/tool.c index a2dbcbd..dcbb1a5 100644 --- a/tools/tool.c +++ b/tools/tool.c @@ -194,20 +194,17 @@ exec_external (const char *command, char *argv[]) { char *filename; - const char *path; - char *env; + char *path; if (!asprintf (&filename, "p11-kit-%s", command) < 0) return_if_reached (); /* Add our libexec directory to the path */ - path = getenv ("PATH"); - if (!asprintf (&env, "PATH=%s%s%s", path ? path : "", path ? P11_PATH_SEP : "", PRIVATEDIR)) - return_if_reached (); - putenv (env); + path = p11_path_build (PRIVATEDIR, filename, NULL); + return_if_fail (path != NULL); argv[0] = filename; - execvp (filename, argv); + execvp (path, argv); } static void -- cgit v1.1 From e32481727387460d5900d0bbb495d3694facf64b Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 17 Jun 2013 14:45:36 +0200 Subject: tools: Fix passing args to external commands There were various bugs passing arguments, with duplicates being passed, as well as certain arguments being skipped.t --- tools/tool.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/tool.c b/tools/tool.c index dcbb1a5..313484a 100644 --- a/tools/tool.c +++ b/tools/tool.c @@ -204,6 +204,8 @@ exec_external (const char *command, return_if_fail (path != NULL); argv[0] = filename; + argv[argc] = NULL; + execvp (path, argv); } @@ -245,6 +247,8 @@ main (int argc, char *argv[]) if (!command) { skip = true; command = argv[in]; + } else { + skip = false; } /* The global long options */ -- cgit v1.1 From 41d2a28b89af41799d01d5973d026712d9174f31 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 17 Jun 2013 14:46:03 +0200 Subject: trust: Print out usage when extract-trust run incorrectly Also sorta covers --help and -h usage --- tools/p11-kit-extract-trust.in | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/p11-kit-extract-trust.in b/tools/p11-kit-extract-trust.in index b15dd7d..c7214e9 100755 --- a/tools/p11-kit-extract-trust.in +++ b/tools/p11-kit-extract-trust.in @@ -6,7 +6,12 @@ # appropriate. In the future this script will be called when the PKCS#11 # trust module is used to modifiy trust anchors and related data. -echo "p11-kit: the placeholder extract-trust command has not been customized by your distribution." +if [ $# -ne 0 ]; then + echo "usage: p11-kit extract-trust" >&2 + exit 2 +fi + +echo "p11-kit: the placeholder extract-trust command has not been customized by your distribution." >&2 # You can use commands like this to extract data from trust modules # into appropriate locations for your distribution. -- cgit v1.1 From 93f197792150ae2e2e3ffafb903dfab6854915cb Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 17 Jun 2013 14:51:49 +0200 Subject: trust: Move the extract-trust external placeholder command into trust/ --- .gitignore | 3 ++- configure.ac | 2 +- tools/Makefile.am | 4 ---- tools/p11-kit-extract-trust.in | 26 -------------------------- trust/Makefile.am | 4 ++++ trust/p11-kit-extract-trust.in | 26 ++++++++++++++++++++++++++ 6 files changed, 33 insertions(+), 32 deletions(-) delete mode 100755 tools/p11-kit-extract-trust.in create mode 100755 trust/p11-kit-extract-trust.in diff --git a/.gitignore b/.gitignore index 2fe4e8b..e5b5c8e 100644 --- a/.gitignore +++ b/.gitignore @@ -107,6 +107,7 @@ x86_64-w64-mingw32 /p11-kit/tests/uri-test /tools/p11-kit -/tools/p11-kit-extract-trust + +/trust/p11-kit-extract-trust /p11-kit-?.? diff --git a/configure.ac b/configure.ac index cf886a9..17995e7 100644 --- a/configure.ac +++ b/configure.ac @@ -429,9 +429,9 @@ AC_CONFIG_FILES([Makefile p11-kit/p11-kit-1.pc p11-kit/pkcs11.conf.example tools/Makefile - tools/p11-kit-extract-trust tools/tests/Makefile trust/Makefile + trust/p11-kit-extract-trust trust/tests/Makefile ]) AC_OUTPUT diff --git a/tools/Makefile.am b/tools/Makefile.am index 6155b6d..5e48149 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -50,8 +50,4 @@ p11_kit_SOURCES += \ save.c save.h \ $(NULL) -externaldir = $(privatedir) -external_SCRIPTS = \ - p11-kit-extract-trust - endif # WITH_ASN1 diff --git a/tools/p11-kit-extract-trust.in b/tools/p11-kit-extract-trust.in deleted file mode 100755 index c7214e9..0000000 --- a/tools/p11-kit-extract-trust.in +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -# This script is a placeholder designed to be replaced when this software -# has been customized for distribution. It should be symlinked linked to the -# distribution's update-ca-certificates or update-ca-trust command as -# appropriate. In the future this script will be called when the PKCS#11 -# trust module is used to modifiy trust anchors and related data. - -if [ $# -ne 0 ]; then - echo "usage: p11-kit extract-trust" >&2 - exit 2 -fi - -echo "p11-kit: the placeholder extract-trust command has not been customized by your distribution." >&2 - -# You can use commands like this to extract data from trust modules -# into appropriate locations for your distribution. -# -# p11-kit extract --format=openssl-bundle --filter=ca-anchors \ -# --overwrite /tmp/openssl-bundle.pem -# p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite \ -# --purpose server-auth /tmp/server-auth-bundle.pem -# p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite \ -# --purpose server-auth /tmp/cacerts - -exit 1 diff --git a/trust/Makefile.am b/trust/Makefile.am index 264ea7c..875c8c4 100644 --- a/trust/Makefile.am +++ b/trust/Makefile.am @@ -56,5 +56,9 @@ libtrust_testable_la_LDFLAGS = \ libtrust_testable_la_SOURCES = $(MODULE_SRCS) +externaldir = $(privatedir) +external_SCRIPTS = \ + p11-kit-extract-trust + EXTRA_DIST = \ p11-kit-trust.module diff --git a/trust/p11-kit-extract-trust.in b/trust/p11-kit-extract-trust.in new file mode 100755 index 0000000..c7214e9 --- /dev/null +++ b/trust/p11-kit-extract-trust.in @@ -0,0 +1,26 @@ +#!/bin/sh + +# This script is a placeholder designed to be replaced when this software +# has been customized for distribution. It should be symlinked linked to the +# distribution's update-ca-certificates or update-ca-trust command as +# appropriate. In the future this script will be called when the PKCS#11 +# trust module is used to modifiy trust anchors and related data. + +if [ $# -ne 0 ]; then + echo "usage: p11-kit extract-trust" >&2 + exit 2 +fi + +echo "p11-kit: the placeholder extract-trust command has not been customized by your distribution." >&2 + +# You can use commands like this to extract data from trust modules +# into appropriate locations for your distribution. +# +# p11-kit extract --format=openssl-bundle --filter=ca-anchors \ +# --overwrite /tmp/openssl-bundle.pem +# p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite \ +# --purpose server-auth /tmp/server-auth-bundle.pem +# p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite \ +# --purpose server-auth /tmp/cacerts + +exit 1 -- cgit v1.1