From f3a3e1e6a413dc93d0a1eb330a32404d803f5307 Mon Sep 17 00:00:00 2001
From: Stef Walter <stefw@gnome.org>
Date: Sun, 3 Feb 2013 13:05:26 +0100
Subject: Add a placeholder external 'extract-trust' command

---
 .gitignore                     |  1 +
 configure.ac                   |  1 +
 doc/p11-kit-devel.xml          | 23 +++++++++++++++++++++++
 doc/p11-kit.xml                | 19 +++++++++++++++++++
 tools/Makefile.am              |  4 ++++
 tools/p11-kit-extract-trust.in | 27 +++++++++++++++++++++++++++
 6 files changed, 75 insertions(+)
 create mode 100755 tools/p11-kit-extract-trust.in

diff --git a/.gitignore b/.gitignore
index 5c4792d..4193968 100644
--- a/.gitignore
+++ b/.gitignore
@@ -91,5 +91,6 @@ temp.txt
 /p11-kit/tests/uri-test
 
 /tools/p11-kit
+/tools/p11-kit-extract-trust
 
 /p11-kit-?.?
diff --git a/configure.ac b/configure.ac
index e7e490a..8f67a84 100644
--- a/configure.ac
+++ b/configure.ac
@@ -422,6 +422,7 @@ AC_CONFIG_FILES([Makefile
 	p11-kit/p11-kit-1.pc
 	p11-kit/pkcs11.conf.example
 	tools/Makefile
+	tools/p11-kit-extract-trust
 	tools/tests/Makefile
 	trust/Makefile
 	trust/tests/Makefile
diff --git a/doc/p11-kit-devel.xml b/doc/p11-kit-devel.xml
index f3acde1..cfacbf8 100644
--- a/doc/p11-kit-devel.xml
+++ b/doc/p11-kit-devel.xml
@@ -58,6 +58,29 @@ $ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
 
 	</section>
 
+	<section id="devel-commands">
+		<title>Customizing installed commands</title>
+
+		<para>The <literal>p11-kit</literal> tool provides a
+		<literal>extract-trust</literal> command which extracts trust
+		policy information such as certificate anchors and so on
+		into files for use with libraries that cannot read this trust
+		information directly.</para>
+
+		<para>In order to be useful the <literal>extract-trust</literal>
+		command needs to be customized per distribution or site. You can
+		find this file in at <literal>tools/p11-kit-trust-extract.in</literal>
+		in the p11-kit source code.</para>
+
+		<para>The command is implemented as a simple script which
+		performs the various <literal>p11-kit extract</literal> commands
+		necessary to extract the information.</para>
+
+		<para>Using this script as a standard way to extract this
+		information allows for consistency between distributions and ease
+		of system administration.</para>
+	</section>
+
 	<section id="devel-building">
 		<title>Compiling p11-kit from Source</title>
 		<para>This describes how to compiling the p11-kit package from
diff --git a/doc/p11-kit.xml b/doc/p11-kit.xml
index 162563b..98f5da5 100644
--- a/doc/p11-kit.xml
+++ b/doc/p11-kit.xml
@@ -188,6 +188,25 @@ $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/dire
 </refsect1>
 
 <refsect1>
+	<title>Extract Trust</title>
+
+	<para>Extract standard trust information files.</para>
+
+<programlisting>
+$ p11-kit extract-trust
+</programlisting>
+
+	<para>OpenSSL, GnuTLS and Java cannot currently read trust information
+	directly from the trust policy module. This command extracts trust
+	information such as certificate anchors for use by these libraries.</para>
+
+	<para>What this command does, and where it extracts the files is
+	distribution or site specific. Packagers or administrators are expected
+	customize this command.</para>
+
+</refsect1>
+
+<refsect1>
   <title>Bugs</title>
   <para>
     Please send bug reports to either the distribution bug tracker
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 32cc21e..e28f15f 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -48,4 +48,8 @@ p11_kit_SOURCES += \
 	save.c save.h \
 	$(NULL)
 
+externaldir = $(pkgdatadir)
+external_SCRIPTS = \
+	p11-kit-extract-trust
+
 endif # WITH_ASN1
diff --git a/tools/p11-kit-extract-trust.in b/tools/p11-kit-extract-trust.in
new file mode 100755
index 0000000..cc7e5fa
--- /dev/null
+++ b/tools/p11-kit-extract-trust.in
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# This script is a placeholder designed to be replaced when this software
+# has been customized for distribution.
+
+echo "WARNING: This placeholder extract-trust command has not been customized"
+echo "by your distribution or administrator. Extracting trust infromation to"
+echo "the following example locations:"
+echo
+echo "  ~/extract-trust-example/openssl-bundle.pem"
+echo "  ~/extract-trust-example/server-auth-bundle.pem"
+echo "  ~/extract-trust-example/cacerts"
+
+DEST=~/extract-trust-example
+
+# These are nested autoconf variables
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+
+mkdir -p $DEST
+
+@bindir@/p11-kit extract --format=openssl-bundle --filter=ca-anchors \
+	--overwrite $DEST/openssl-bundle.pem
+@bindir@/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite \
+	--purpose server-auth $DEST/server-auth-bundle.pem
+@bindir@/p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite \
+	--purpose server-auth $DEST/cacerts
-- 
cgit v1.1