Route 'p11-kit extract-trust' over to trust tool

The actual command is 'trust extract-compat'. Make installed placeholder
script reflect this. We still support the old placeholder script
if it is present.

diff --git a/.gitignore b/.gitignore
index d8c00479669334eae8e3e54a5c250d5ddc3027ca..cd5978e82b2d3066d17a966350682cd82a87d826 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -113,6 +113,7 @@ x86_64-w64-mingw32
 /tools/p11-kit
 
 /trust/trust
+/trust/trust-extract-compat
 /trust/p11-kit-extract-trust
 
 /p11-kit-?.?

diff --git a/configure.ac b/configure.ac
index c00603c07273dc9aea9324c65f6552f422f72a66..5a64e208c4c40781f909d9d290d3314c4e3ccee3 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -503,7 +503,7 @@ AC_CONFIG_FILES([Makefile
        p11-kit/p11-kit-1.pc
        p11-kit/pkcs11.conf.example
        trust/Makefile
-       trust/p11-kit-extract-trust
+       trust/trust-extract-compat
        trust/tests/Makefile
 ])
 AC_OUTPUT

diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c
index 34b9476ece25b96559556949fd731345af4a9f5e..da9d40010ce28d4c6f0554078968ce8524f8c523 100644 (file)
--- a/p11-kit/p11-kit.c
+++ b/p11-kit/p11-kit.c
@@ -41,6 +41,7 @@
 
 #include <assert.h>
 #include <ctype.h>
+#include <errno.h>
 #include <getopt.h>
 #include <string.h>
 #include <stdio.h>
@@ -52,7 +53,7 @@
 int       p11_kit_list_modules    (int argc,
                                    char *argv[]);
 
-int       p11_kit_extract         (int argc,
+int       p11_kit_trust           (int argc,
                                    char *argv[]);
 
 int       p11_kit_external        (int argc,
@@ -60,61 +61,62 @@ int       p11_kit_external        (int argc,
 
 static const p11_tool_command commands[] = {
        { "list-modules", p11_kit_list_modules, "List modules and tokens" },
-       { "extract", p11_kit_extract, "Extract certificates and trust" },
-       { P11_TOOL_FALLBACK, p11_kit_external, "List modules and tokens" },
+       { P11_TOOL_FALLBACK, p11_kit_external, NULL },
        { 0, }
 };
 
 int
-p11_kit_external (int argc,
-                  char *argv[])
+p11_kit_trust (int argc,
+               char *argv[])
 {
-       char *filename;
-       char *path;
+       char **args;
 
-       if (!asprintf (&filename, "p11-kit-%s", argv[0]) < 0)
-               return_val_if_reached (1);
+       args = calloc (argc + 2, sizeof (char *));
+       return_val_if_fail (args != NULL, 1);
 
-       /* Add our libexec directory to the path */
-       path = p11_path_build (PRIVATEDIR, filename, NULL);
-       return_val_if_fail (path != NULL, 1);
+       args[0] = BINDIR "/trust";
+       memcpy (args + 1, argv, sizeof (char *) * argc);
+       args[argc + 1] = NULL;
 
-       argv[argc] = NULL;
-       execv (path, argv);
+       execv (args[0], args);
 
        /* At this point we have no command */
-       p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]);
+       p11_message_err (errno, "couldn't run trust tool");
 
-       free (filename);
-       free (path);
+       free (args);
        return 2;
 }
 
 int
-p11_kit_extract (int argc,
-                 char *argv[])
+p11_kit_external (int argc,
+                  char *argv[])
 {
+       char *filename;
        char *path;
-       char **args;
 
-       args = calloc (argc + 2, sizeof (char *));
-       return_val_if_fail (args != NULL, 1);
+       /* These are trust commands, send them to that tool */
+       if (strcmp (argv[0], "extract") == 0) {
+               return p11_kit_trust (argc, argv);
+       } else if (strcmp (argv[0], "extract-trust") == 0) {
+               argv[0] = "extract-compat";
+               return p11_kit_trust (argc, argv);
+       }
 
-       args[0] = "trust";
-       memcpy (args + 1, argv, sizeof (char *) * argc);
-       args[argc + 1] = NULL;
+       if (!asprintf (&filename, "p11-kit-%s", argv[0]) < 0)
+               return_val_if_reached (1);
 
        /* Add our libexec directory to the path */
-       path = p11_path_build (BINDIR, args[0], NULL);
+       path = p11_path_build (PRIVATEDIR, filename, NULL);
        return_val_if_fail (path != NULL, 1);
 
-       execv (path, args);
+       argv[argc] = NULL;
+       execv (path, argv);
 
        /* At this point we have no command */
        p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]);
 
+       free (filename);
        free (path);
-       free (args);
        return 2;
 }
 

diff --git a/trust/Makefile.am b/trust/Makefile.am
index 18fded6c190d2cb755314aed235081f92f00afe3..7410f5d84da9fba36c8a0f66e7e4f8ad41acdc0e 100644 (file)
--- a/trust/Makefile.am
+++ b/trust/Makefile.am
@@ -10,6 +10,7 @@ AM_CPPFLAGS = \
        -I$(top_srcdir)/common \
        -DDATADIR=\"$(datadir)\" \
        -DSYSCONFDIR=\"$(sysconfdir)\" \
+       -DPRIVATEDIR=\"$(privatedir)\" \
        $(LIBTASN1_CFLAGS) \
        $(NULL)
 
@@ -111,7 +112,7 @@ trust_SOURCES = \
 
 externaldir = $(privatedir)
 external_SCRIPTS = \
-       p11-kit-extract-trust
+       trust-extract-compat
 
 EXTRA_DIST = \
        p11-kit-trust.module

diff --git a/trust/extract.c b/trust/extract.c
index 0389d29a178c06fee9a8bba808908ea9b687ffff..d12d18b239a5514cc4014ebb68d47f5690fa3328 100644 (file)
--- a/trust/extract.c
+++ b/trust/extract.c
@@ -41,6 +41,7 @@
 #include "iter.h"
 #include "message.h"
 #include "oid.h"
+#include "path.h"
 #include "pkcs11.h"
 #include "pkcs11x.h"
 #include "save.h"
@@ -48,6 +49,7 @@
 
 #include <assert.h>
 #include <ctype.h>
+#include <errno.h>
 #include <getopt.h>
 #include <stdint.h>
 #include <stdio.h>
@@ -281,3 +283,39 @@ p11_trust_extract (int argc,
        p11_enumerate_cleanup (&ex);
        return ret;
 }
+
+int
+p11_trust_extract_compat (int argc,
+                          char *argv[])
+{
+       char *path;
+       char *path2;
+       int error;
+
+       argv[argc] = NULL;
+
+       /*
+        * For compatibility with people who deployed p11-kit 0.18.x
+        * before trust stuff was put into its own branch.
+        */
+       path2 = p11_path_build (PRIVATEDIR, "p11-kit-extract-trust", NULL);
+       return_val_if_fail (path2 != NULL, 1);
+       execv (path2, argv);
+       error = errno;
+       free (path2);
+
+       if (error == ENOENT) {
+               path = p11_path_build (PRIVATEDIR, "trust-extract-compat", NULL);
+               return_val_if_fail (path != NULL, 1);
+               execv (path, argv);
+               error = errno;
+               free (path);
+       }
+
+       /* At this point we have no command */
+       p11_message_err (error, "could not run %s command", path);
+
+       free (path);
+       free (path2);
+       return 2;
+}

diff --git a/trust/extract.h b/trust/extract.h
index 1bd8e4a044d345d45a45eaeffe8f16720fa71e50..ca14238dc6a32260ad1b02745c0a21da5795816f 100644 (file)
--- a/trust/extract.h
+++ b/trust/extract.h
@@ -72,4 +72,7 @@ bool            p11_extract_openssl_directory  (p11_enumerate *ex,
 int             p11_trust_extract              (int argc,
                                                 char **argv);
 
+int             p11_trust_extract_compat       (int argc,
+                                                char *argv[]);
+
 #endif /* P11_EXTRACT_H_ */

diff --git a/trust/p11-kit-extract-trust.in b/trust/trust-extract-compat.in
similarity index 66%
rename from trust/p11-kit-extract-trust.in
rename to trust/trust-extract-compat.in
index c7214e934f7ee2e501669311427a1c9b4622cbce..2d8809c765647624a7220a727575bd357bac5588 100755 (executable)
--- a/trust/p11-kit-extract-trust.in
+++ b/trust/trust-extract-compat.in
@@ -7,20 +7,20 @@
 # trust module is used to modifiy trust anchors and related data.
 
 if [ $# -ne 0 ]; then
-       echo "usage: p11-kit extract-trust" >&2
+       echo "usage: trust extract-compat" >&2
        exit 2
 fi
 
-echo "p11-kit: the placeholder extract-trust command has not been customized by your distribution." >&2
+echo "trust: the placeholder extract-compat command has not been customized by your distribution." >&2
 
 # You can use commands like this to extract data from trust modules
 # into appropriate locations for your distribution.
 #
-# p11-kit extract --format=openssl-bundle --filter=ca-anchors \
+# trust extract --format=openssl-bundle --filter=ca-anchors \
 #      --overwrite /tmp/openssl-bundle.pem
-# p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite \
+# trust extract --format=pem-bundle --filter=ca-anchors --overwrite \
 #      --purpose server-auth /tmp/server-auth-bundle.pem
-# p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite \
+# trust extract --format=java-cacerts --filter=ca-anchors --overwrite \
 #      --purpose server-auth /tmp/cacerts
 
 exit 1

diff --git a/trust/trust.c b/trust/trust.c
index 4ed1df8164d10b9986100c9d96c4bf2e957036a5..b006ec8e6b670b717c52c0e5fa0a00462102085b 100644 (file)
--- a/trust/trust.c
+++ b/trust/trust.c
@@ -56,6 +56,7 @@
 static const p11_tool_command commands[] = {
        { "list", p11_trust_list, "List trust or certificates" },
        { "extract", p11_trust_extract, "Extract certificates and trust" },
+       { "extract-compat", p11_trust_extract_compat, "Extract trust compatibility bundles" },
        { "anchor", p11_trust_anchor, "Add, remove, change trust anchors" },
        { 0, }
 };