Blame SOURCES/0026-Document-key-cert-file-owner-and-mode-options.patch

52bf73
From a05cc4f346011697b3a4b49abad809b00bc1105c Mon Sep 17 00:00:00 2001
52bf73
From: Rob Crittenden <rcritten@redhat.com>
52bf73
Date: Mon, 20 May 2019 16:37:23 -0400
52bf73
Subject: [PATCH 26/29] Document key/cert file owner and mode options
52bf73
52bf73
The owner and permission options were available but not
52bf73
documented either on the command-line or in the man page.
52bf73
52bf73
Affects request, resubmit and start-tracking commands.
52bf73
52bf73
https://bugzilla.redhat.com/show_bug.cgi?id=1549585
52bf73
---
52bf73
 src/getcert-request.1.in        |  8 ++++++++
52bf73
 src/getcert-resubmit.1.in       |  8 ++++++++
52bf73
 src/getcert-start-tracking.1.in |  8 ++++++++
52bf73
 src/getcert.c                   | 12 ++++++++++++
52bf73
 4 files changed, 36 insertions(+)
52bf73
52bf73
diff --git a/src/getcert-request.1.in b/src/getcert-request.1.in
52bf73
index 8269b78..691ba35 100644
52bf73
--- a/src/getcert-request.1.in
52bf73
+++ b/src/getcert-request.1.in
52bf73
@@ -208,6 +208,14 @@ one to fail.
52bf73
 \fB\-v\fR
52bf73
 Be verbose about errors.  Normally, the details of an error received from
52bf73
 the daemon will be suppressed if the client can make a diagnostic suggestion.
52bf73
+\fB\-o\fR OWNER, --key-owner=OWNER
52bf73
+After generation set the owner on the private key file or database to OWNER.
52bf73
+\fB\-m\fR MODE, --key-perms=MODE
52bf73
+After generation set the file permissions on the private key file or database to MODE.
52bf73
+\fB\-O\fR OWNER, --cert-owner=OWNER
52bf73
+After generation set the owner on the certificate file or database to OWNER.
52bf73
+\fB\-M\fR MODE, --cert-perms=MODE
52bf73
+After generation set the file permissions on the certificate file or database to MODE.
52bf73
 
52bf73
 .SH NOTES
52bf73
 Locations specified for key and certificate storage need to be
52bf73
diff --git a/src/getcert-resubmit.1.in b/src/getcert-resubmit.1.in
52bf73
index 62d5f28..89ea609 100644
52bf73
--- a/src/getcert-resubmit.1.in
52bf73
+++ b/src/getcert-resubmit.1.in
52bf73
@@ -145,6 +145,14 @@ one to fail.
52bf73
 \fB\-v\fR
52bf73
 Be verbose about errors.  Normally, the details of an error received from
52bf73
 the daemon will be suppressed if the client can make a diagnostic suggestion.
52bf73
+\fB\-o\fR OWNER, --key-owner=OWNER
52bf73
+After generation set the owner on the private key file or database to OWNER.
52bf73
+\fB\-m\fR MODE, --key-perms=MODE
52bf73
+After generation set the file permissions on the private key file or database to MODE.
52bf73
+\fB\-O\fR OWNER, --cert-owner=OWNER
52bf73
+After generation set the owner on the certificate file or database to OWNER.
52bf73
+\fB\-M\fR MODE, --cert-perms=MODE
52bf73
+After generation set the file permissions on the certificate file or database to MODE.
52bf73
 
52bf73
 .SH BUGS
52bf73
 Please file tickets for any that you find at https://fedorahosted.org/certmonger/
52bf73
diff --git a/src/getcert-start-tracking.1.in b/src/getcert-start-tracking.1.in
52bf73
index 9daeed3..e1c9dd4 100644
52bf73
--- a/src/getcert-start-tracking.1.in
52bf73
+++ b/src/getcert-start-tracking.1.in
52bf73
@@ -181,6 +181,14 @@ the attempt to obtain a new one to fail.
52bf73
 \fB\-v\fR
52bf73
 Be verbose about errors.  Normally, the details of an error received from
52bf73
 the daemon will be suppressed if the client can make a diagnostic suggestion.
52bf73
+\fB\-o\fR OWNER, --key-owner=OWNER
52bf73
+After generation set the owner on the private key file or database to OWNER.
52bf73
+\fB\-m\fR MODE, --key-perms=MODE
52bf73
+After generation set the file permissions on the private key file or database to MODE.
52bf73
+\fB\-O\fR OWNER, --cert-owner=OWNER
52bf73
+After generation set the owner on the certificate file or database to OWNER.
52bf73
+\fB\-M\fR MODE, --cert-perms=MODE
52bf73
+After generation set the file permissions on the certificate file or database to MODE.
52bf73
 
52bf73
 .SH NOTES
52bf73
 Locations specified for key and certificate storage need to be
52bf73
diff --git a/src/getcert.c b/src/getcert.c
52bf73
index 03af587..bddba29 100644
52bf73
--- a/src/getcert.c
52bf73
+++ b/src/getcert.c
52bf73
@@ -4743,6 +4743,10 @@ help(const char *twopartcmd, const char *category)
52bf73
 		N_("  -a	NSS database in which to store the CA's certificates\n"),
52bf73
 		N_("  -w	try to wait for the certificate to be issued\n"),
52bf73
 		N_("  -v	report all details of errors\n"),
52bf73
+		N_("  -o OWNER	owner information for private key\n"),
52bf73
+		N_("  -m MODE	file permissions for private key\n"),
52bf73
+		N_("  -O OWNER	owner information for certificate\n"),
52bf73
+		N_("  -M MODE	file permissions for certificate\n"),
52bf73
 		NULL,
52bf73
 	};
52bf73
 	const char *start_tracking_help[] = {
52bf73
@@ -4793,6 +4797,10 @@ help(const char *twopartcmd, const char *category)
52bf73
 		N_("  -a	NSS database in which to store the CA's certificates\n"),
52bf73
 		N_("  -w	try to wait for the certificate to be issued\n"),
52bf73
 		N_("  -v	report all details of errors\n"),
52bf73
+		N_("  -o OWNER	owner information for private key\n"),
52bf73
+		N_("  -m MODE	file permissions for private key\n"),
52bf73
+		N_("  -O OWNER	owner information for certificate\n"),
52bf73
+		N_("  -M MODE	file permissions for certificate\n"),
52bf73
 		NULL,
52bf73
 	};
52bf73
 	const char *stop_tracking_help[] = {
52bf73
@@ -4865,6 +4873,10 @@ help(const char *twopartcmd, const char *category)
52bf73
 		N_("  -a	NSS database in which to store the CA's certificates\n"),
52bf73
 		N_("  -w	try to wait for the certificate to be issued\n"),
52bf73
 		N_("  -v	report all details of errors\n"),
52bf73
+		N_("  -o OWNER	owner information for private key\n"),
52bf73
+		N_("  -m MODE	file permissions for private key\n"),
52bf73
+		N_("  -O OWNER	owner information for certificate\n"),
52bf73
+		N_("  -M MODE	file permissions for certificate\n"),
52bf73
 		NULL,
52bf73
 	};
52bf73
 	const char *rekey_help[] = {
52bf73
-- 
52bf73
2.17.2
52bf73