update-ca-trust: return warnings on a unsupported argument

Resolves: RHEL-54695

update-ca-trust: return warnings on a unsupported argument instead of
error
This commit is contained in:
Frantisek Krenzelok 2024-08-19 12:02:07 +02:00
parent 6c33b26707
commit e42c2ba50a
2 changed files with 31 additions and 11 deletions

View File

@ -38,7 +38,7 @@ Name: ca-certificates
Version: 2024.2.69_v8.0.303 Version: 2024.2.69_v8.0.303
# for y-stream, please always use 91 <= release < 100 (91,92,93) # for y-stream, please always use 91 <= release < 100 (91,92,93)
# for z-stream release branches, please use 90 <= release < 91 (90.0, 90.1, ...) # for z-stream release branches, please use 90 <= release < 91 (90.0, 90.1, ...)
Release: 91.3%{?dist} Release: 91.4%{?dist}
License: MIT AND GPL-2.0-or-later License: MIT AND GPL-2.0-or-later
URL: https://fedoraproject.org/wiki/CA-Certificates URL: https://fedoraproject.org/wiki/CA-Certificates
@ -440,6 +440,9 @@ fi
%ghost %{catrustdir}/extracted/pem/directory-hash/ca-certificates.crt %ghost %{catrustdir}/extracted/pem/directory-hash/ca-certificates.crt
%changelog %changelog
*Fri Aug 16 2024 Frantisek Krenzelok <fkrenzel@redhat.com> - 2024.2.69_v8.0.303-91.4
- update-ca-trust: return warnings on a unsupported argument instead of error
*Wed Aug 7 2024 Frantisek Krenzelok <fkrenzel@redhat.com> - 2024.2.69_v8.0.303-91.3 *Wed Aug 7 2024 Frantisek Krenzelok <fkrenzel@redhat.com> - 2024.2.69_v8.0.303-91.3
- Temporarily generate the directory-hash files in %%install ...(next item) - Temporarily generate the directory-hash files in %%install ...(next item)
- Add list of ghost files from directory-hash to %%files - Add list of ghost files from directory-hash to %%files

37
update-ca-trust Normal file → Executable file
View File

@ -19,7 +19,7 @@ usage() {
Update the system trust store in $DEST. Update the system trust store in $DEST.
COMMANDS COMMANDS
(absent/empty command): Same as the extract command described below. (absent/empty command): Same as the extract command without arguments.
extract: Instruct update-ca-trust to scan the source configuration in extract: Instruct update-ca-trust to scan the source configuration in
/usr/share/pki/ca-trust-source and /etc/pki/ca-trust/source and produce /usr/share/pki/ca-trust-source and /etc/pki/ca-trust/source and produce
@ -42,6 +42,11 @@ extract() {
while [ $# -ne 0 ]; do while [ $# -ne 0 ]; do
case "$1" in case "$1" in
"-o"|"--output") "-o"|"--output")
if [ $# -lt 2 ]; then
echo >&2 "Error: missing argument for '$1' option. See 'update-ca-trust --help' for usage."
echo >&2
exit 1
fi
USER_DEST=$2 USER_DEST=$2
shift 2 shift 2
continue continue
@ -51,7 +56,7 @@ extract() {
break break
;; ;;
*) *)
usage echo >&2 "Error: unknown extract argument '$1'. See 'update-ca-trust --help' for usage."
exit 1 exit 1
;; ;;
esac esac
@ -98,6 +103,7 @@ extract() {
/usr/bin/chmod u-w "$DEST/pem/directory-hash" /usr/bin/chmod u-w "$DEST/pem/directory-hash"
fi fi
} }
if [ $# -lt 1 ]; then if [ $# -lt 1 ]; then
set -- extract set -- extract
fi fi
@ -105,16 +111,27 @@ fi
case "$1" in case "$1" in
"extract") "extract")
shift shift
extract $@ extract "$@"
;; ;;
"--"*|"-"*) "--help")
# First parameter seems to be an option, assume the command is 'extract'
extract $@
;;
*)
echo >&2 "Error: Unknown command: $1"
echo >&2
usage usage
exit 0
;;
"-o"|"--output")
echo >&2 "Error: the '$1' option must be preceded with the 'extract' command. See 'update-ca-trust --help' for usage."
echo >&2
exit 1 exit 1
;; ;;
"enable")
echo >&2 "Warning: 'enable' is a deprecated argument. Use 'update-ca-trust extract' in future. See 'update-ca-trust --help' for usage."
echo >&2
echo >&2 "Proceeding with extraction anyway for backwards compatibility."
extract
;;
*)
echo >&2 "Warning: unknown command: '$1', see 'update-ca-trust --help' for usage."
echo >&2
echo >&2 "Proceeding with extraction anyway for backwards compatibility."
extract
;;
esac esac