From c980eb29619edc28610a03ccb62514683604257c Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 29 Aug 2013 12:12:46 +0200 Subject: Route 'p11-kit extract-trust' over to trust tool The actual command is 'trust extract-compat'. Make installed placeholder script reflect this. We still support the old placeholder script if it is present. --- trust/Makefile.am | 3 ++- trust/extract.c | 38 ++++++++++++++++++++++++++++++++++++++ trust/extract.h | 3 +++ trust/p11-kit-extract-trust.in | 26 -------------------------- trust/trust-extract-compat.in | 26 ++++++++++++++++++++++++++ trust/trust.c | 1 + 6 files changed, 70 insertions(+), 27 deletions(-) delete mode 100755 trust/p11-kit-extract-trust.in create mode 100755 trust/trust-extract-compat.in (limited to 'trust') diff --git a/trust/Makefile.am b/trust/Makefile.am index 18fded6..7410f5d 100644 --- a/trust/Makefile.am +++ b/trust/Makefile.am @@ -10,6 +10,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/common \ -DDATADIR=\"$(datadir)\" \ -DSYSCONFDIR=\"$(sysconfdir)\" \ + -DPRIVATEDIR=\"$(privatedir)\" \ $(LIBTASN1_CFLAGS) \ $(NULL) @@ -111,7 +112,7 @@ trust_SOURCES = \ externaldir = $(privatedir) external_SCRIPTS = \ - p11-kit-extract-trust + trust-extract-compat EXTRA_DIST = \ p11-kit-trust.module diff --git a/trust/extract.c b/trust/extract.c index 0389d29..d12d18b 100644 --- a/trust/extract.c +++ b/trust/extract.c @@ -41,6 +41,7 @@ #include "iter.h" #include "message.h" #include "oid.h" +#include "path.h" #include "pkcs11.h" #include "pkcs11x.h" #include "save.h" @@ -48,6 +49,7 @@ #include #include +#include #include #include #include @@ -281,3 +283,39 @@ p11_trust_extract (int argc, p11_enumerate_cleanup (&ex); return ret; } + +int +p11_trust_extract_compat (int argc, + char *argv[]) +{ + char *path; + char *path2; + int error; + + argv[argc] = NULL; + + /* + * For compatibility with people who deployed p11-kit 0.18.x + * before trust stuff was put into its own branch. + */ + path2 = p11_path_build (PRIVATEDIR, "p11-kit-extract-trust", NULL); + return_val_if_fail (path2 != NULL, 1); + execv (path2, argv); + error = errno; + free (path2); + + if (error == ENOENT) { + path = p11_path_build (PRIVATEDIR, "trust-extract-compat", NULL); + return_val_if_fail (path != NULL, 1); + execv (path, argv); + error = errno; + free (path); + } + + /* At this point we have no command */ + p11_message_err (error, "could not run %s command", path); + + free (path); + free (path2); + return 2; +} diff --git a/trust/extract.h b/trust/extract.h index 1bd8e4a..ca14238 100644 --- a/trust/extract.h +++ b/trust/extract.h @@ -72,4 +72,7 @@ bool p11_extract_openssl_directory (p11_enumerate *ex, int p11_trust_extract (int argc, char **argv); +int p11_trust_extract_compat (int argc, + char *argv[]); + #endif /* P11_EXTRACT_H_ */ diff --git a/trust/p11-kit-extract-trust.in b/trust/p11-kit-extract-trust.in deleted file mode 100755 index c7214e9..0000000 --- a/trust/p11-kit-extract-trust.in +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh - -# This script is a placeholder designed to be replaced when this software -# has been customized for distribution. It should be symlinked linked to the -# distribution's update-ca-certificates or update-ca-trust command as -# appropriate. In the future this script will be called when the PKCS#11 -# trust module is used to modifiy trust anchors and related data. - -if [ $# -ne 0 ]; then - echo "usage: p11-kit extract-trust" >&2 - exit 2 -fi - -echo "p11-kit: the placeholder extract-trust command has not been customized by your distribution." >&2 - -# You can use commands like this to extract data from trust modules -# into appropriate locations for your distribution. -# -# p11-kit extract --format=openssl-bundle --filter=ca-anchors \ -# --overwrite /tmp/openssl-bundle.pem -# p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite \ -# --purpose server-auth /tmp/server-auth-bundle.pem -# p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite \ -# --purpose server-auth /tmp/cacerts - -exit 1 diff --git a/trust/trust-extract-compat.in b/trust/trust-extract-compat.in new file mode 100755 index 0000000..2d8809c --- /dev/null +++ b/trust/trust-extract-compat.in @@ -0,0 +1,26 @@ +#!/bin/sh + +# This script is a placeholder designed to be replaced when this software +# has been customized for distribution. It should be symlinked linked to the +# distribution's update-ca-certificates or update-ca-trust command as +# appropriate. In the future this script will be called when the PKCS#11 +# trust module is used to modifiy trust anchors and related data. + +if [ $# -ne 0 ]; then + echo "usage: trust extract-compat" >&2 + exit 2 +fi + +echo "trust: the placeholder extract-compat command has not been customized by your distribution." >&2 + +# You can use commands like this to extract data from trust modules +# into appropriate locations for your distribution. +# +# trust extract --format=openssl-bundle --filter=ca-anchors \ +# --overwrite /tmp/openssl-bundle.pem +# trust extract --format=pem-bundle --filter=ca-anchors --overwrite \ +# --purpose server-auth /tmp/server-auth-bundle.pem +# trust extract --format=java-cacerts --filter=ca-anchors --overwrite \ +# --purpose server-auth /tmp/cacerts + +exit 1 diff --git a/trust/trust.c b/trust/trust.c index 4ed1df8..b006ec8 100644 --- a/trust/trust.c +++ b/trust/trust.c @@ -56,6 +56,7 @@ static const p11_tool_command commands[] = { { "list", p11_trust_list, "List trust or certificates" }, { "extract", p11_trust_extract, "Extract certificates and trust" }, + { "extract-compat", p11_trust_extract_compat, "Extract trust compatibility bundles" }, { "anchor", p11_trust_anchor, "Add, remove, change trust anchors" }, { 0, } }; -- cgit v1.1