From a05cc4f346011697b3a4b49abad809b00bc1105c Mon Sep 17 00:00:00 2001

From: Rob Crittenden <rcritten@redhat.com>

Date: Mon, 20 May 2019 16:37:23 -0400

Subject: [PATCH 26/29] Document key/cert file owner and mode options

The owner and permission options were available but not

documented either on the command-line or in the man page.

Affects request, resubmit and start-tracking commands.

https://bugzilla.redhat.com/show_bug.cgi?id=1549585

---

 src/getcert-request.1.in        |  8 ++++++++

 src/getcert-resubmit.1.in       |  8 ++++++++

 src/getcert-start-tracking.1.in |  8 ++++++++

 src/getcert.c                   | 12 ++++++++++++

 4 files changed, 36 insertions(+)

diff --git a/src/getcert-request.1.in b/src/getcert-request.1.in

index 8269b78..691ba35 100644

--- a/src/getcert-request.1.in

+++ b/src/getcert-request.1.in

@@ -208,6 +208,14 @@ one to fail.

 \fB\-v\fR

 Be verbose about errors.  Normally, the details of an error received from

 the daemon will be suppressed if the client can make a diagnostic suggestion.

+\fB\-o\fR OWNER, --key-owner=OWNER

+After generation set the owner on the private key file or database to OWNER.

+\fB\-m\fR MODE, --key-perms=MODE

+After generation set the file permissions on the private key file or database to MODE.

+\fB\-O\fR OWNER, --cert-owner=OWNER

+After generation set the owner on the certificate file or database to OWNER.

+\fB\-M\fR MODE, --cert-perms=MODE

+After generation set the file permissions on the certificate file or database to MODE.

 .SH NOTES

 Locations specified for key and certificate storage need to be

diff --git a/src/getcert-resubmit.1.in b/src/getcert-resubmit.1.in

index 62d5f28..89ea609 100644

--- a/src/getcert-resubmit.1.in

+++ b/src/getcert-resubmit.1.in

@@ -145,6 +145,14 @@ one to fail.

 \fB\-v\fR

 Be verbose about errors.  Normally, the details of an error received from

 the daemon will be suppressed if the client can make a diagnostic suggestion.

+\fB\-o\fR OWNER, --key-owner=OWNER

+After generation set the owner on the private key file or database to OWNER.

+\fB\-m\fR MODE, --key-perms=MODE

+After generation set the file permissions on the private key file or database to MODE.

+\fB\-O\fR OWNER, --cert-owner=OWNER

+After generation set the owner on the certificate file or database to OWNER.

+\fB\-M\fR MODE, --cert-perms=MODE

+After generation set the file permissions on the certificate file or database to MODE.

 .SH BUGS

 Please file tickets for any that you find at https://fedorahosted.org/certmonger/

diff --git a/src/getcert-start-tracking.1.in b/src/getcert-start-tracking.1.in

index 9daeed3..e1c9dd4 100644

--- a/src/getcert-start-tracking.1.in

+++ b/src/getcert-start-tracking.1.in

@@ -181,6 +181,14 @@ the attempt to obtain a new one to fail.

 \fB\-v\fR

 Be verbose about errors.  Normally, the details of an error received from

 the daemon will be suppressed if the client can make a diagnostic suggestion.

+\fB\-o\fR OWNER, --key-owner=OWNER

+After generation set the owner on the private key file or database to OWNER.

+\fB\-m\fR MODE, --key-perms=MODE

+After generation set the file permissions on the private key file or database to MODE.

+\fB\-O\fR OWNER, --cert-owner=OWNER

+After generation set the owner on the certificate file or database to OWNER.

+\fB\-M\fR MODE, --cert-perms=MODE

+After generation set the file permissions on the certificate file or database to MODE.

 .SH NOTES

 Locations specified for key and certificate storage need to be

diff --git a/src/getcert.c b/src/getcert.c

index 03af587..bddba29 100644

--- a/src/getcert.c

+++ b/src/getcert.c

@@ -4743,6 +4743,10 @@ help(const char *twopartcmd, const char *category)

 		N_("  -a	NSS database in which to store the CA's certificates\n"),

 		N_("  -w	try to wait for the certificate to be issued\n"),

 		N_("  -v	report all details of errors\n"),

+		N_("  -o OWNER	owner information for private key\n"),

+		N_("  -m MODE	file permissions for private key\n"),

+		N_("  -O OWNER	owner information for certificate\n"),

+		N_("  -M MODE	file permissions for certificate\n"),

 		NULL,

 	};

 	const char *start_tracking_help[] = {

@@ -4793,6 +4797,10 @@ help(const char *twopartcmd, const char *category)

 		N_("  -a	NSS database in which to store the CA's certificates\n"),

 		N_("  -w	try to wait for the certificate to be issued\n"),

 		N_("  -v	report all details of errors\n"),

+		N_("  -o OWNER	owner information for private key\n"),

+		N_("  -m MODE	file permissions for private key\n"),

+		N_("  -O OWNER	owner information for certificate\n"),

+		N_("  -M MODE	file permissions for certificate\n"),

 		NULL,

 	};

 	const char *stop_tracking_help[] = {

@@ -4865,6 +4873,10 @@ help(const char *twopartcmd, const char *category)

 		N_("  -a	NSS database in which to store the CA's certificates\n"),

 		N_("  -w	try to wait for the certificate to be issued\n"),

 		N_("  -v	report all details of errors\n"),

+		N_("  -o OWNER	owner information for private key\n"),

+		N_("  -m MODE	file permissions for private key\n"),

+		N_("  -O OWNER	owner information for certificate\n"),

+		N_("  -M MODE	file permissions for certificate\n"),

 		NULL,

 	};

 	const char *rekey_help[] = {

-- 

2.17.2