|
|
52bf73 |
From a05cc4f346011697b3a4b49abad809b00bc1105c Mon Sep 17 00:00:00 2001
|
|
|
52bf73 |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
52bf73 |
Date: Mon, 20 May 2019 16:37:23 -0400
|
|
|
52bf73 |
Subject: [PATCH 26/29] Document key/cert file owner and mode options
|
|
|
52bf73 |
|
|
|
52bf73 |
The owner and permission options were available but not
|
|
|
52bf73 |
documented either on the command-line or in the man page.
|
|
|
52bf73 |
|
|
|
52bf73 |
Affects request, resubmit and start-tracking commands.
|
|
|
52bf73 |
|
|
|
52bf73 |
https://bugzilla.redhat.com/show_bug.cgi?id=1549585
|
|
|
52bf73 |
---
|
|
|
52bf73 |
src/getcert-request.1.in | 8 ++++++++
|
|
|
52bf73 |
src/getcert-resubmit.1.in | 8 ++++++++
|
|
|
52bf73 |
src/getcert-start-tracking.1.in | 8 ++++++++
|
|
|
52bf73 |
src/getcert.c | 12 ++++++++++++
|
|
|
52bf73 |
4 files changed, 36 insertions(+)
|
|
|
52bf73 |
|
|
|
52bf73 |
diff --git a/src/getcert-request.1.in b/src/getcert-request.1.in
|
|
|
52bf73 |
index 8269b78..691ba35 100644
|
|
|
52bf73 |
--- a/src/getcert-request.1.in
|
|
|
52bf73 |
+++ b/src/getcert-request.1.in
|
|
|
52bf73 |
@@ -208,6 +208,14 @@ one to fail.
|
|
|
52bf73 |
\fB\-v\fR
|
|
|
52bf73 |
Be verbose about errors. Normally, the details of an error received from
|
|
|
52bf73 |
the daemon will be suppressed if the client can make a diagnostic suggestion.
|
|
|
52bf73 |
+\fB\-o\fR OWNER, --key-owner=OWNER
|
|
|
52bf73 |
+After generation set the owner on the private key file or database to OWNER.
|
|
|
52bf73 |
+\fB\-m\fR MODE, --key-perms=MODE
|
|
|
52bf73 |
+After generation set the file permissions on the private key file or database to MODE.
|
|
|
52bf73 |
+\fB\-O\fR OWNER, --cert-owner=OWNER
|
|
|
52bf73 |
+After generation set the owner on the certificate file or database to OWNER.
|
|
|
52bf73 |
+\fB\-M\fR MODE, --cert-perms=MODE
|
|
|
52bf73 |
+After generation set the file permissions on the certificate file or database to MODE.
|
|
|
52bf73 |
|
|
|
52bf73 |
.SH NOTES
|
|
|
52bf73 |
Locations specified for key and certificate storage need to be
|
|
|
52bf73 |
diff --git a/src/getcert-resubmit.1.in b/src/getcert-resubmit.1.in
|
|
|
52bf73 |
index 62d5f28..89ea609 100644
|
|
|
52bf73 |
--- a/src/getcert-resubmit.1.in
|
|
|
52bf73 |
+++ b/src/getcert-resubmit.1.in
|
|
|
52bf73 |
@@ -145,6 +145,14 @@ one to fail.
|
|
|
52bf73 |
\fB\-v\fR
|
|
|
52bf73 |
Be verbose about errors. Normally, the details of an error received from
|
|
|
52bf73 |
the daemon will be suppressed if the client can make a diagnostic suggestion.
|
|
|
52bf73 |
+\fB\-o\fR OWNER, --key-owner=OWNER
|
|
|
52bf73 |
+After generation set the owner on the private key file or database to OWNER.
|
|
|
52bf73 |
+\fB\-m\fR MODE, --key-perms=MODE
|
|
|
52bf73 |
+After generation set the file permissions on the private key file or database to MODE.
|
|
|
52bf73 |
+\fB\-O\fR OWNER, --cert-owner=OWNER
|
|
|
52bf73 |
+After generation set the owner on the certificate file or database to OWNER.
|
|
|
52bf73 |
+\fB\-M\fR MODE, --cert-perms=MODE
|
|
|
52bf73 |
+After generation set the file permissions on the certificate file or database to MODE.
|
|
|
52bf73 |
|
|
|
52bf73 |
.SH BUGS
|
|
|
52bf73 |
Please file tickets for any that you find at https://fedorahosted.org/certmonger/
|
|
|
52bf73 |
diff --git a/src/getcert-start-tracking.1.in b/src/getcert-start-tracking.1.in
|
|
|
52bf73 |
index 9daeed3..e1c9dd4 100644
|
|
|
52bf73 |
--- a/src/getcert-start-tracking.1.in
|
|
|
52bf73 |
+++ b/src/getcert-start-tracking.1.in
|
|
|
52bf73 |
@@ -181,6 +181,14 @@ the attempt to obtain a new one to fail.
|
|
|
52bf73 |
\fB\-v\fR
|
|
|
52bf73 |
Be verbose about errors. Normally, the details of an error received from
|
|
|
52bf73 |
the daemon will be suppressed if the client can make a diagnostic suggestion.
|
|
|
52bf73 |
+\fB\-o\fR OWNER, --key-owner=OWNER
|
|
|
52bf73 |
+After generation set the owner on the private key file or database to OWNER.
|
|
|
52bf73 |
+\fB\-m\fR MODE, --key-perms=MODE
|
|
|
52bf73 |
+After generation set the file permissions on the private key file or database to MODE.
|
|
|
52bf73 |
+\fB\-O\fR OWNER, --cert-owner=OWNER
|
|
|
52bf73 |
+After generation set the owner on the certificate file or database to OWNER.
|
|
|
52bf73 |
+\fB\-M\fR MODE, --cert-perms=MODE
|
|
|
52bf73 |
+After generation set the file permissions on the certificate file or database to MODE.
|
|
|
52bf73 |
|
|
|
52bf73 |
.SH NOTES
|
|
|
52bf73 |
Locations specified for key and certificate storage need to be
|
|
|
52bf73 |
diff --git a/src/getcert.c b/src/getcert.c
|
|
|
52bf73 |
index 03af587..bddba29 100644
|
|
|
52bf73 |
--- a/src/getcert.c
|
|
|
52bf73 |
+++ b/src/getcert.c
|
|
|
52bf73 |
@@ -4743,6 +4743,10 @@ help(const char *twopartcmd, const char *category)
|
|
|
52bf73 |
N_(" -a NSS database in which to store the CA's certificates\n"),
|
|
|
52bf73 |
N_(" -w try to wait for the certificate to be issued\n"),
|
|
|
52bf73 |
N_(" -v report all details of errors\n"),
|
|
|
52bf73 |
+ N_(" -o OWNER owner information for private key\n"),
|
|
|
52bf73 |
+ N_(" -m MODE file permissions for private key\n"),
|
|
|
52bf73 |
+ N_(" -O OWNER owner information for certificate\n"),
|
|
|
52bf73 |
+ N_(" -M MODE file permissions for certificate\n"),
|
|
|
52bf73 |
NULL,
|
|
|
52bf73 |
};
|
|
|
52bf73 |
const char *start_tracking_help[] = {
|
|
|
52bf73 |
@@ -4793,6 +4797,10 @@ help(const char *twopartcmd, const char *category)
|
|
|
52bf73 |
N_(" -a NSS database in which to store the CA's certificates\n"),
|
|
|
52bf73 |
N_(" -w try to wait for the certificate to be issued\n"),
|
|
|
52bf73 |
N_(" -v report all details of errors\n"),
|
|
|
52bf73 |
+ N_(" -o OWNER owner information for private key\n"),
|
|
|
52bf73 |
+ N_(" -m MODE file permissions for private key\n"),
|
|
|
52bf73 |
+ N_(" -O OWNER owner information for certificate\n"),
|
|
|
52bf73 |
+ N_(" -M MODE file permissions for certificate\n"),
|
|
|
52bf73 |
NULL,
|
|
|
52bf73 |
};
|
|
|
52bf73 |
const char *stop_tracking_help[] = {
|
|
|
52bf73 |
@@ -4865,6 +4873,10 @@ help(const char *twopartcmd, const char *category)
|
|
|
52bf73 |
N_(" -a NSS database in which to store the CA's certificates\n"),
|
|
|
52bf73 |
N_(" -w try to wait for the certificate to be issued\n"),
|
|
|
52bf73 |
N_(" -v report all details of errors\n"),
|
|
|
52bf73 |
+ N_(" -o OWNER owner information for private key\n"),
|
|
|
52bf73 |
+ N_(" -m MODE file permissions for private key\n"),
|
|
|
52bf73 |
+ N_(" -O OWNER owner information for certificate\n"),
|
|
|
52bf73 |
+ N_(" -M MODE file permissions for certificate\n"),
|
|
|
52bf73 |
NULL,
|
|
|
52bf73 |
};
|
|
|
52bf73 |
const char *rekey_help[] = {
|
|
|
52bf73 |
--
|
|
|
52bf73 |
2.17.2
|
|
|
52bf73 |
|