From a05cc4f346011697b3a4b49abad809b00bc1105c Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 20 May 2019 16:37:23 -0400
Subject: [PATCH 26/29] Document key/cert file owner and mode options

The owner and permission options were available but not
documented either on the command-line or in the man page.

Affects request, resubmit and start-tracking commands.

https://bugzilla.redhat.com/show_bug.cgi?id=1549585
---
 src/getcert-request.1.in        |  8 ++++++++
 src/getcert-resubmit.1.in       |  8 ++++++++
 src/getcert-start-tracking.1.in |  8 ++++++++
 src/getcert.c                   | 12 ++++++++++++
 4 files changed, 36 insertions(+)

diff --git a/src/getcert-request.1.in b/src/getcert-request.1.in
index 8269b78..691ba35 100644
--- a/src/getcert-request.1.in
+++ b/src/getcert-request.1.in
@@ -208,6 +208,14 @@ one to fail.
 \fB\-v\fR
 Be verbose about errors.  Normally, the details of an error received from
 the daemon will be suppressed if the client can make a diagnostic suggestion.
+\fB\-o\fR OWNER, --key-owner=OWNER
+After generation set the owner on the private key file or database to OWNER.
+\fB\-m\fR MODE, --key-perms=MODE
+After generation set the file permissions on the private key file or database to MODE.
+\fB\-O\fR OWNER, --cert-owner=OWNER
+After generation set the owner on the certificate file or database to OWNER.
+\fB\-M\fR MODE, --cert-perms=MODE
+After generation set the file permissions on the certificate file or database to MODE.
 
 .SH NOTES
 Locations specified for key and certificate storage need to be
diff --git a/src/getcert-resubmit.1.in b/src/getcert-resubmit.1.in
index 62d5f28..89ea609 100644
--- a/src/getcert-resubmit.1.in
+++ b/src/getcert-resubmit.1.in
@@ -145,6 +145,14 @@ one to fail.
 \fB\-v\fR
 Be verbose about errors.  Normally, the details of an error received from
 the daemon will be suppressed if the client can make a diagnostic suggestion.
+\fB\-o\fR OWNER, --key-owner=OWNER
+After generation set the owner on the private key file or database to OWNER.
+\fB\-m\fR MODE, --key-perms=MODE
+After generation set the file permissions on the private key file or database to MODE.
+\fB\-O\fR OWNER, --cert-owner=OWNER
+After generation set the owner on the certificate file or database to OWNER.
+\fB\-M\fR MODE, --cert-perms=MODE
+After generation set the file permissions on the certificate file or database to MODE.
 
 .SH BUGS
 Please file tickets for any that you find at https://fedorahosted.org/certmonger/
diff --git a/src/getcert-start-tracking.1.in b/src/getcert-start-tracking.1.in
index 9daeed3..e1c9dd4 100644
--- a/src/getcert-start-tracking.1.in
+++ b/src/getcert-start-tracking.1.in
@@ -181,6 +181,14 @@ the attempt to obtain a new one to fail.
 \fB\-v\fR
 Be verbose about errors.  Normally, the details of an error received from
 the daemon will be suppressed if the client can make a diagnostic suggestion.
+\fB\-o\fR OWNER, --key-owner=OWNER
+After generation set the owner on the private key file or database to OWNER.
+\fB\-m\fR MODE, --key-perms=MODE
+After generation set the file permissions on the private key file or database to MODE.
+\fB\-O\fR OWNER, --cert-owner=OWNER
+After generation set the owner on the certificate file or database to OWNER.
+\fB\-M\fR MODE, --cert-perms=MODE
+After generation set the file permissions on the certificate file or database to MODE.
 
 .SH NOTES
 Locations specified for key and certificate storage need to be
diff --git a/src/getcert.c b/src/getcert.c
index 03af587..bddba29 100644
--- a/src/getcert.c
+++ b/src/getcert.c
@@ -4743,6 +4743,10 @@ help(const char *twopartcmd, const char *category)
 		N_("  -a	NSS database in which to store the CA's certificates\n"),
 		N_("  -w	try to wait for the certificate to be issued\n"),
 		N_("  -v	report all details of errors\n"),
+		N_("  -o OWNER	owner information for private key\n"),
+		N_("  -m MODE	file permissions for private key\n"),
+		N_("  -O OWNER	owner information for certificate\n"),
+		N_("  -M MODE	file permissions for certificate\n"),
 		NULL,
 	};
 	const char *start_tracking_help[] = {
@@ -4793,6 +4797,10 @@ help(const char *twopartcmd, const char *category)
 		N_("  -a	NSS database in which to store the CA's certificates\n"),
 		N_("  -w	try to wait for the certificate to be issued\n"),
 		N_("  -v	report all details of errors\n"),
+		N_("  -o OWNER	owner information for private key\n"),
+		N_("  -m MODE	file permissions for private key\n"),
+		N_("  -O OWNER	owner information for certificate\n"),
+		N_("  -M MODE	file permissions for certificate\n"),
 		NULL,
 	};
 	const char *stop_tracking_help[] = {
@@ -4865,6 +4873,10 @@ help(const char *twopartcmd, const char *category)
 		N_("  -a	NSS database in which to store the CA's certificates\n"),
 		N_("  -w	try to wait for the certificate to be issued\n"),
 		N_("  -v	report all details of errors\n"),
+		N_("  -o OWNER	owner information for private key\n"),
+		N_("  -m MODE	file permissions for private key\n"),
+		N_("  -O OWNER	owner information for certificate\n"),
+		N_("  -M MODE	file permissions for certificate\n"),
 		NULL,
 	};
 	const char *rekey_help[] = {
-- 
2.17.2