From 4b54a21001743707570bf2f94688c5b35bf226dd Mon Sep 17 00:00:00 2001 From: Mike Gilbert Date: Tue, 20 Apr 2021 10:33:28 -0400 Subject: [PATCH] update-ca-certificates: add a --root option This allows package managers to generate symlinks in DESTDIR. --- sbin/update-ca-certificates | 17 +++++++++++++++-- sbin/update-ca-certificates.8 | 3 +++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates index 789867f..3a5f67a 100755 --- a/sbin/update-ca-certificates +++ b/sbin/update-ca-certificates @@ -30,6 +30,8 @@ LOCALCERTSDIR=/usr/local/share/ca-certificates CERTBUNDLE=ca-certificates.crt ETCCERTSDIR=/etc/ssl/certs HOOKSDIR=/etc/ca-certificates/update.d +ROOT="" +RELPATH="../../.." while [ $# -gt 0 ]; do @@ -59,13 +61,24 @@ do --hooksdir) shift HOOKSDIR="$1";; + --root|-r) + shift + # Needed as c_rehash wants to read the files directly. + # This gets us from $CERTSCONF to $CERTSDIR. + ROOT=$(readlink -f "$1");; --help|-h|*) - echo "$0: [--verbose] [--fresh]" + echo "$0: [--verbose] [--fresh] [--root ]" exit;; esac shift done +CERTSCONF="$ROOT$CERTSCONF" +CERTSDIR="$ROOT$CERTSDIR" +LOCALCERTSDIR="$ROOT$LOCALCERTSDIR" +ETCCERTSDIR="$ROOT$ETCCERTSDIR" +HOOKSDIR="$ROOT$HOOKSDIR" + if [ ! -s "$CERTSCONF" ] then fresh=1 @@ -94,7 +107,7 @@ add() { -e 's/,/_/g').pem" if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] then - ln -sf "$CERT" "$PEM" + ln -sf "${RELPATH}${CERT#$ROOT}" "$PEM" echo "+$PEM" >> "$ADDED" fi # Add trailing newline to certificate, if it is missing (#635570) diff --git a/sbin/update-ca-certificates.8 b/sbin/update-ca-certificates.8 index c60eab1..1c21f65 100644 --- a/sbin/update-ca-certificates.8 +++ b/sbin/update-ca-certificates.8 @@ -54,6 +54,9 @@ Be verbose. Output \fBopenssl rehash\fP. .TP .B \-f, \-\-fresh Fresh updates. Remove symlinks in /etc/ssl/certs directory. +.TP +.B \-r, \-\-root +Apply updates relative to an alternate root directory. .SH FILES .TP .I /etc/ca-certificates.conf -- 2.31.1