From e42c2ba50ab725a76af2255b4f121d8e896ec92b Mon Sep 17 00:00:00 2001
From: Frantisek Krenzelok <fkrenzel@redhat.com>
Date: Mon, 19 Aug 2024 12:02:07 +0200
Subject: [PATCH] update-ca-trust: return warnings on a unsupported argument

Resolves: RHEL-54695

update-ca-trust: return warnings on a unsupported argument instead of
error
---
 ca-certificates.spec |  5 ++++-
 update-ca-trust      | 37 +++++++++++++++++++++++++++----------
 2 files changed, 31 insertions(+), 11 deletions(-)
 mode change 100644 => 100755 update-ca-trust

diff --git a/ca-certificates.spec b/ca-certificates.spec
index 728e2c1..c79016c 100644
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -38,7 +38,7 @@ Name: ca-certificates
 Version: 2024.2.69_v8.0.303
 # for y-stream, please always use 91 <= release  < 100 (91,92,93)
 # for z-stream release branches, please use 90 <= release  < 91 (90.0, 90.1, ...)
-Release: 91.3%{?dist}
+Release: 91.4%{?dist}
 License: MIT AND GPL-2.0-or-later
 
 URL: https://fedoraproject.org/wiki/CA-Certificates
@@ -440,6 +440,9 @@ fi
 %ghost %{catrustdir}/extracted/pem/directory-hash/ca-certificates.crt
 
 %changelog
+*Fri Aug 16 2024 Frantisek Krenzelok <fkrenzel@redhat.com> - 2024.2.69_v8.0.303-91.4
+- update-ca-trust: return warnings on a unsupported argument instead of error
+
 *Wed Aug 7 2024 Frantisek Krenzelok <fkrenzel@redhat.com> - 2024.2.69_v8.0.303-91.3
 - Temporarily generate the directory-hash files in %%install ...(next item)
 - Add list of ghost files from directory-hash to %%files
diff --git a/update-ca-trust b/update-ca-trust
old mode 100644
new mode 100755
index a93f496..78ececa
--- a/update-ca-trust
+++ b/update-ca-trust
@@ -19,7 +19,7 @@ usage() {
 		Update the system trust store in $DEST.
 
 		COMMANDS
-		(absent/empty command): Same as the extract command described below.
+		(absent/empty command): Same as the extract command without arguments.
 
 		extract: Instruct update-ca-trust to scan the source configuration in
 		/usr/share/pki/ca-trust-source and /etc/pki/ca-trust/source and produce
@@ -42,6 +42,11 @@ extract() {
         while [ $# -ne 0 ]; do
 	    case "$1" in
 	      "-o"|"--output")
+		  if [ $# -lt 2 ]; then
+			  echo >&2 "Error: missing argument for '$1' option. See 'update-ca-trust --help' for usage."
+			  echo >&2
+			  exit 1
+		  fi
 	          USER_DEST=$2
 		  shift 2
 		  continue
@@ -51,7 +56,7 @@ extract() {
 		  break
 		  ;;
 		*)
-		  usage
+		  echo >&2 "Error: unknown extract argument '$1'. See 'update-ca-trust --help' for usage."
 		  exit 1
 		  ;;
 	    esac
@@ -98,6 +103,7 @@ extract() {
 	    /usr/bin/chmod u-w "$DEST/pem/directory-hash"
         fi
 }
+
 if [ $# -lt 1 ]; then
     set -- extract
 fi
@@ -105,16 +111,27 @@ fi
 case "$1" in
 	"extract")
 		shift
-		extract $@
+		extract "$@"
 	;;
-	"--"*|"-"*)
-		# First parameter seems to be an option, assume the command is 'extract'
-		extract $@
-	;;
-	*)
-		echo >&2 "Error: Unknown command: $1"
-		echo >&2
+	"--help")
 		usage
+		exit 0
+	;;
+	"-o"|"--output")
+		echo >&2 "Error: the '$1' option must be preceded with the 'extract' command. See 'update-ca-trust --help' for usage."
+		echo >&2
 		exit 1
 	;;
+	"enable")
+		echo >&2 "Warning: 'enable' is a deprecated argument. Use 'update-ca-trust extract' in future. See 'update-ca-trust --help' for usage."
+		echo >&2
+		echo >&2 "Proceeding with extraction anyway for backwards compatibility."
+		extract
+	;;
+	*)
+		echo >&2 "Warning: unknown command: '$1', see 'update-ca-trust --help' for usage."
+		echo >&2
+		echo >&2 "Proceeding with extraction anyway for backwards compatibility."
+		extract
+	;;
 esac