[Bug 284749] certctl: add support for generating cert.pem CAfiles

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 284749] certctl: add support for generating cert.pem CAfiles"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 14 Feb 2025 16:07:56 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284749

Mel Pilgrim <ports.maintainer@evilphi.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #257481|0                           |1
        is obsolete|                            |

--- Comment #8 from Mel Pilgrim <ports.maintainer@evilphi.com> ---
Created attachment 257530
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=257530&action=edit
patch to add optional CAfile generation to certctl (v4)

(In reply to Michael Osipov from comment #7)

* NOOP is not obeyed

I used perform for the lines that delete or install (lines 186, 193, 194, 199,
285).  I didn't for TMPFILE operations in create_bundle (lines 184-187, 189),
which is consistent with SPLITDIR operations in do_scan (lines 224, 225, 229),
which is also just temporary data.

Which lines don't obey NOOP?

* Delete is, again, inconsistent

Revised again.

* only hashed links constitute the trust store

When CFILE contains more than one certificate, do_scan splits it into
individual certificate files and omits the "link" argument from the CFUNC call
so that it copies the certificates from SPLITDIR to CERTDESTDIR/UNTRUSTDESTDIR
instead of creating relative symlinks (lines 220-229).

* cat arg should be quoted

I'm guessing you mean it should be "-exec cat '{}' +" instead of "-exec cat
\{\} +".  Single quotes chosen for consistency with string-literals in other
command arguments.

-- 
You are receiving this mail because:
You are the assignee for the bug.