initial commit
This commit is contained in:
@@ -0,0 +1 @@
|
||||
/target
|
||||
Generated
+1809
File diff suppressed because it is too large
Load Diff
+15
@@ -0,0 +1,15 @@
|
||||
[package]
|
||||
name = "ca-certs"
|
||||
version = "0.1.0"
|
||||
edition = "2024"
|
||||
|
||||
[dependencies]
|
||||
anyhow = "1.0.102"
|
||||
base64 = "0.22.1"
|
||||
clap = { version = "4.5.60", features = ["derive"] }
|
||||
clap_complete = "4.5.66"
|
||||
clap_mangen = "0.2.31"
|
||||
reqwest = { version = "0.13.2", default-features = false, features = ["blocking", "rustls"] }
|
||||
|
||||
[lints.rust]
|
||||
warnings = "deny"
|
||||
@@ -0,0 +1,21 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2026 SFG545 and ReallyUnusual
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the “Software”), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
@@ -0,0 +1,163 @@
|
||||
# ca-certs
|
||||
|
||||
`ca-certs` is a Linux CLI for managing CA trust store sources and extracted bundles in a `p11-kit` / `trust` (`update-ca-trust`-style) layout.
|
||||
|
||||
It supports:
|
||||
|
||||
- adding PEM CA certificates to `trust-source/anchors`
|
||||
- regenerating extracted trust outputs (PEM bundles, OpenSSL bundle, Java cacerts, hash dir)
|
||||
- syncing `/etc/ssl/certs` symlinks for the standard extraction path
|
||||
- fetching/parsing/converting Mozilla NSS `certdata.txt` into a `p11-kit` trust source
|
||||
- operating on an alternate root filesystem with `--root` (image/chroot builds)
|
||||
|
||||
## Requirements
|
||||
|
||||
- Linux (the tool exits on non-Linux targets)
|
||||
- `trust` (from `p11-kit`) available in `PATH`
|
||||
- `openssl` available in `PATH` for `certdata convert` / `certdata sync`
|
||||
- `chroot` available in `PATH` when using `--root` with a non-`/` rootfs
|
||||
- permission to write system trust paths (typically root)
|
||||
|
||||
## Build
|
||||
|
||||
### Cargo
|
||||
|
||||
```bash
|
||||
cargo build --release
|
||||
```
|
||||
|
||||
Binary output:
|
||||
|
||||
```text
|
||||
target/release/ca-certs
|
||||
```
|
||||
|
||||
### Meson (packaging-friendly)
|
||||
|
||||
Builds the Rust binary and installs the man page + shell completions from `contrib/`.
|
||||
|
||||
```bash
|
||||
meson setup build
|
||||
meson compile -C build
|
||||
meson install -C build
|
||||
```
|
||||
|
||||
## What It Manages
|
||||
|
||||
Default source and output paths mirror common `update-ca-trust` / `p11-kit` layouts:
|
||||
|
||||
- anchors: `/etc/ca-certificates/trust-source/anchors`
|
||||
- extracted output dir: `/etc/ca-certificates/extracted`
|
||||
- OpenSSL cert symlink dir: `/etc/ssl/certs`
|
||||
- Java cacerts symlink: `/etc/ssl/certs/java/cacerts`
|
||||
- Mozilla trust source (for `certdata convert/sync`): `/usr/share/ca-certificates/trust-source/mozilla.trust.p11-kit`
|
||||
|
||||
`extract` generates:
|
||||
|
||||
- `tls-ca-bundle.pem`
|
||||
- `email-ca-bundle.pem`
|
||||
- `objsign-ca-bundle.pem`
|
||||
- `ca-bundle.trust.crt`
|
||||
- `edk2-cacerts.bin`
|
||||
- `java-cacerts.jks`
|
||||
- `cadir/` (hashed cert directory)
|
||||
|
||||
## Usage
|
||||
|
||||
Show help:
|
||||
|
||||
```bash
|
||||
ca-certs --help
|
||||
ca-certs add --help
|
||||
ca-certs extract --help
|
||||
ca-certs certdata --help
|
||||
```
|
||||
|
||||
### Add a CA certificate
|
||||
|
||||
Adds a PEM certificate to the anchors directory and refreshes extracted outputs by default.
|
||||
|
||||
```bash
|
||||
sudo ca-certs add /path/to/company-root.pem
|
||||
```
|
||||
|
||||
Specify a custom anchor name:
|
||||
|
||||
```bash
|
||||
sudo ca-certs add /path/to/company-root.pem --name company-root
|
||||
```
|
||||
|
||||
Add without extraction:
|
||||
|
||||
```bash
|
||||
sudo ca-certs add /path/to/company-root.pem --no-extract
|
||||
```
|
||||
|
||||
Dry-run:
|
||||
|
||||
```bash
|
||||
ca-certs add /path/to/company-root.pem --dry-run
|
||||
```
|
||||
|
||||
### Regenerate extracted trust outputs
|
||||
|
||||
```bash
|
||||
sudo ca-certs extract
|
||||
```
|
||||
|
||||
Write extracted outputs to a custom directory (skips `/etc/ssl/certs` symlink sync for custom output):
|
||||
|
||||
```bash
|
||||
sudo ca-certs extract --output /tmp/ca-extracted
|
||||
```
|
||||
|
||||
### Work on a rootfs/chroot image
|
||||
|
||||
```bash
|
||||
sudo ca-certs extract --root /mnt/image
|
||||
sudo ca-certs add /path/to/company-root.pem --root /mnt/image
|
||||
```
|
||||
|
||||
## Mozilla `certdata.txt` workflow
|
||||
|
||||
The `certdata` command supports a fetch/parse/convert/sync pipeline for Mozilla NSS trust data.
|
||||
|
||||
Fetch `certdata.txt`:
|
||||
|
||||
```bash
|
||||
ca-certs certdata fetch --output certdata.txt
|
||||
```
|
||||
|
||||
Parse and print a summary:
|
||||
|
||||
```bash
|
||||
ca-certs certdata parse certdata.txt
|
||||
```
|
||||
|
||||
Convert to a `p11-kit` trust source and extract outputs:
|
||||
|
||||
```bash
|
||||
sudo ca-certs certdata convert certdata.txt
|
||||
```
|
||||
|
||||
Run the full pipeline (fetch -> convert -> extract):
|
||||
|
||||
```bash
|
||||
sudo ca-certs certdata sync
|
||||
```
|
||||
|
||||
Use `--dry-run` on these commands to preview actions without modifying files.
|
||||
|
||||
## Development
|
||||
|
||||
Run tests:
|
||||
|
||||
```bash
|
||||
cargo test
|
||||
```
|
||||
|
||||
The repository also includes a generated man page and shell completions under `contrib/`.
|
||||
|
||||
## License
|
||||
|
||||
MIT. See `LICENSE`.
|
||||
@@ -0,0 +1,31 @@
|
||||
.ie \n(.g .ds Aq \(aq
|
||||
.el .ds Aq '
|
||||
.TH ca-certs 8 "ca-certs 0.1.0"
|
||||
.SH NAME
|
||||
ca\-certs \- Manage Linux CA trust store sources and extracted bundles (p11\-kit/trust)
|
||||
.SH SYNOPSIS
|
||||
\fBca\-certs\fR [\fB\-h\fR|\fB\-\-help\fR] [\fB\-V\fR|\fB\-\-version\fR] <\fIsubcommands\fR>
|
||||
.SH DESCRIPTION
|
||||
Manage Linux CA trust store sources and extracted bundles (p11\-kit/trust)
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
\fB\-h\fR, \fB\-\-help\fR
|
||||
Print help
|
||||
.TP
|
||||
\fB\-V\fR, \fB\-\-version\fR
|
||||
Print version
|
||||
.SH SUBCOMMANDS
|
||||
.TP
|
||||
ca\-certs\-add(8)
|
||||
Add a PEM CA certificate to trust\-source/anchors and refresh extracted outputs
|
||||
.TP
|
||||
ca\-certs\-extract(8)
|
||||
Regenerate extracted trust bundles (like update\-ca\-trust extract)
|
||||
.TP
|
||||
ca\-certs\-certdata(8)
|
||||
Fetch and parse Mozilla/NSS certdata.txt (no certificate generation yet)
|
||||
.TP
|
||||
ca\-certs\-help(8)
|
||||
Print this message or the help of the given subcommand(s)
|
||||
.SH VERSION
|
||||
v0.1.0
|
||||
@@ -0,0 +1,401 @@
|
||||
#compdef ca-certs
|
||||
|
||||
autoload -U is-at-least
|
||||
|
||||
_ca-certs() {
|
||||
typeset -A opt_args
|
||||
typeset -a _arguments_options
|
||||
local ret=1
|
||||
|
||||
if is-at-least 5.2; then
|
||||
_arguments_options=(-s -S -C)
|
||||
else
|
||||
_arguments_options=(-s -C)
|
||||
fi
|
||||
|
||||
local context curcontext="$curcontext" state line
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
'-h[Print help]' \
|
||||
'--help[Print help]' \
|
||||
'-V[Print version]' \
|
||||
'--version[Print version]' \
|
||||
":: :_ca-certs_commands" \
|
||||
"*::: :->ca-certs" \
|
||||
&& ret=0
|
||||
case $state in
|
||||
(ca-certs)
|
||||
words=($line[1] "${words[@]}")
|
||||
(( CURRENT += 1 ))
|
||||
curcontext="${curcontext%:*:*}:ca-certs-command-$line[1]:"
|
||||
case $line[1] in
|
||||
(add)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
'-n+[Output certificate name (without extension). Defaults to the input filename stem]:NAME:_default' \
|
||||
'--name=[Output certificate name (without extension). Defaults to the input filename stem]:NAME:_default' \
|
||||
'-o+[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:OUTPUT:_files' \
|
||||
'--output=[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:OUTPUT:_files' \
|
||||
'--root=[Target root filesystem (for chroot/image builds)]:ROOT:_files' \
|
||||
'--force[Overwrite an existing anchor if contents differ]' \
|
||||
'--no-extract[Add certificate but do not run extraction]' \
|
||||
'--dry-run[Print actions without modifying files]' \
|
||||
'-h[Print help]' \
|
||||
'--help[Print help]' \
|
||||
':cert -- Path to a PEM-encoded CA certificate:_files' \
|
||||
&& ret=0
|
||||
;;
|
||||
(extract)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
'-o+[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:OUTPUT:_files' \
|
||||
'--output=[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:OUTPUT:_files' \
|
||||
'--root=[Target root filesystem (for chroot/image builds)]:ROOT:_files' \
|
||||
'--dry-run[Print actions without modifying files]' \
|
||||
'-h[Print help]' \
|
||||
'--help[Print help]' \
|
||||
&& ret=0
|
||||
;;
|
||||
(certdata)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
'-h[Print help]' \
|
||||
'--help[Print help]' \
|
||||
":: :_ca-certs__certdata_commands" \
|
||||
"*::: :->certdata" \
|
||||
&& ret=0
|
||||
|
||||
case $state in
|
||||
(certdata)
|
||||
words=($line[1] "${words[@]}")
|
||||
(( CURRENT += 1 ))
|
||||
curcontext="${curcontext%:*:*}:ca-certs-certdata-command-$line[1]:"
|
||||
case $line[1] in
|
||||
(fetch)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
'--url=[Source URL for certdata.txt]:URL:_default' \
|
||||
'--log-url=[Override log URL used to determine the latest revision (optional)]:LOG_URL:_default' \
|
||||
'-o+[Output file path]:OUTPUT:_files' \
|
||||
'--output=[Output file path]:OUTPUT:_files' \
|
||||
'--force[Overwrite an existing file if contents differ]' \
|
||||
'--no-revision-check[Always download even if the local file revision matches the remote revision]' \
|
||||
'--no-parse[Skip parsing/summary after download]' \
|
||||
'--dry-run[Print actions without modifying files]' \
|
||||
'-h[Print help]' \
|
||||
'--help[Print help]' \
|
||||
&& ret=0
|
||||
;;
|
||||
(parse)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
'--limit=[Print up to N object summaries after the aggregate stats]:LIMIT:_default' \
|
||||
'-h[Print help]' \
|
||||
'--help[Print help]' \
|
||||
'::input -- Path to certdata.txt:_files' \
|
||||
&& ret=0
|
||||
;;
|
||||
(convert)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
'--root=[Target root filesystem (for chroot/image builds)]:ROOT:_files' \
|
||||
'--output=[Destination p11-kit trust source file inside the target root]:OUTPUT:_files' \
|
||||
'-o+[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:EXTRACT_OUTPUT:_files' \
|
||||
'--extract-output=[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:EXTRACT_OUTPUT:_files' \
|
||||
'--force[Overwrite an existing output file if contents differ]' \
|
||||
'--no-extract[Skip running trust extraction after writing the Mozilla source bundle]' \
|
||||
'--dry-run[Print actions without modifying files]' \
|
||||
'-h[Print help]' \
|
||||
'--help[Print help]' \
|
||||
'::input -- Path to certdata.txt:_files' \
|
||||
&& ret=0
|
||||
;;
|
||||
(sync)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
'--url=[Source URL for certdata.txt]:URL:_default' \
|
||||
'--log-url=[Override log URL used to determine the latest revision (optional)]:LOG_URL:_default' \
|
||||
'--certdata-output=[Local certdata.txt path used for fetch and convert]:CERTDATA_OUTPUT:_files' \
|
||||
'--root=[Target root filesystem (for chroot/image builds)]:ROOT:_files' \
|
||||
'--mozilla-output=[Destination p11-kit trust source file inside the target root]:MOZILLA_OUTPUT:_files' \
|
||||
'-o+[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:EXTRACT_OUTPUT:_files' \
|
||||
'--extract-output=[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:EXTRACT_OUTPUT:_files' \
|
||||
'--force[Overwrite existing files if contents differ]' \
|
||||
'--no-revision-check[Always download even if the local certdata revision matches the remote revision]' \
|
||||
'--no-parse[Skip parsing/summary after download]' \
|
||||
'--no-extract[Skip running trust extraction after writing the Mozilla source bundle]' \
|
||||
'--dry-run[Print actions without modifying files]' \
|
||||
'-h[Print help]' \
|
||||
'--help[Print help]' \
|
||||
&& ret=0
|
||||
;;
|
||||
(help)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
":: :_ca-certs__certdata__help_commands" \
|
||||
"*::: :->help" \
|
||||
&& ret=0
|
||||
|
||||
case $state in
|
||||
(help)
|
||||
words=($line[1] "${words[@]}")
|
||||
(( CURRENT += 1 ))
|
||||
curcontext="${curcontext%:*:*}:ca-certs-certdata-help-command-$line[1]:"
|
||||
case $line[1] in
|
||||
(fetch)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
(parse)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
(convert)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
(sync)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
(help)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
(gen-artifacts)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
'--out-dir=[Directory to write generated packaging artifacts into]:OUT_DIR:_files' \
|
||||
'*--shell=[Shell completions to generate]:SHELLS:(bash fish zsh)' \
|
||||
'--dry-run[Print actions without modifying files]' \
|
||||
'-h[Print help]' \
|
||||
'--help[Print help]' \
|
||||
&& ret=0
|
||||
;;
|
||||
(help)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
":: :_ca-certs__help_commands" \
|
||||
"*::: :->help" \
|
||||
&& ret=0
|
||||
|
||||
case $state in
|
||||
(help)
|
||||
words=($line[1] "${words[@]}")
|
||||
(( CURRENT += 1 ))
|
||||
curcontext="${curcontext%:*:*}:ca-certs-help-command-$line[1]:"
|
||||
case $line[1] in
|
||||
(add)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
(extract)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
(certdata)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
":: :_ca-certs__help__certdata_commands" \
|
||||
"*::: :->certdata" \
|
||||
&& ret=0
|
||||
|
||||
case $state in
|
||||
(certdata)
|
||||
words=($line[1] "${words[@]}")
|
||||
(( CURRENT += 1 ))
|
||||
curcontext="${curcontext%:*:*}:ca-certs-help-certdata-command-$line[1]:"
|
||||
case $line[1] in
|
||||
(fetch)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
(parse)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
(convert)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
(sync)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
(gen-artifacts)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
(help)
|
||||
_arguments "${_arguments_options[@]}" : \
|
||||
&& ret=0
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
(( $+functions[_ca-certs_commands] )) ||
|
||||
_ca-certs_commands() {
|
||||
local commands; commands=(
|
||||
'add:Add a PEM CA certificate to trust-source/anchors and refresh extracted outputs' \
|
||||
'extract:Regenerate extracted trust bundles (like update-ca-trust extract)' \
|
||||
'certdata:Fetch and parse Mozilla/NSS certdata.txt (no certificate generation yet)' \
|
||||
'gen-artifacts:' \
|
||||
'help:Print this message or the help of the given subcommand(s)' \
|
||||
)
|
||||
_describe -t commands 'ca-certs commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__add_commands] )) ||
|
||||
_ca-certs__add_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs add commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__certdata_commands] )) ||
|
||||
_ca-certs__certdata_commands() {
|
||||
local commands; commands=(
|
||||
'fetch:Fetch certdata.txt from an NSS source URL' \
|
||||
'parse:Parse a local certdata.txt file and print a summary' \
|
||||
'convert:Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs' \
|
||||
'sync:Run the full pipeline\: fetch certdata.txt, convert to p11-kit source, then extract outputs' \
|
||||
'help:Print this message or the help of the given subcommand(s)' \
|
||||
)
|
||||
_describe -t commands 'ca-certs certdata commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__certdata__convert_commands] )) ||
|
||||
_ca-certs__certdata__convert_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs certdata convert commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__certdata__fetch_commands] )) ||
|
||||
_ca-certs__certdata__fetch_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs certdata fetch commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__certdata__help_commands] )) ||
|
||||
_ca-certs__certdata__help_commands() {
|
||||
local commands; commands=(
|
||||
'fetch:Fetch certdata.txt from an NSS source URL' \
|
||||
'parse:Parse a local certdata.txt file and print a summary' \
|
||||
'convert:Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs' \
|
||||
'sync:Run the full pipeline\: fetch certdata.txt, convert to p11-kit source, then extract outputs' \
|
||||
'help:Print this message or the help of the given subcommand(s)' \
|
||||
)
|
||||
_describe -t commands 'ca-certs certdata help commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__certdata__help__convert_commands] )) ||
|
||||
_ca-certs__certdata__help__convert_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs certdata help convert commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__certdata__help__fetch_commands] )) ||
|
||||
_ca-certs__certdata__help__fetch_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs certdata help fetch commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__certdata__help__help_commands] )) ||
|
||||
_ca-certs__certdata__help__help_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs certdata help help commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__certdata__help__parse_commands] )) ||
|
||||
_ca-certs__certdata__help__parse_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs certdata help parse commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__certdata__help__sync_commands] )) ||
|
||||
_ca-certs__certdata__help__sync_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs certdata help sync commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__certdata__parse_commands] )) ||
|
||||
_ca-certs__certdata__parse_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs certdata parse commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__certdata__sync_commands] )) ||
|
||||
_ca-certs__certdata__sync_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs certdata sync commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__extract_commands] )) ||
|
||||
_ca-certs__extract_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs extract commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__gen-artifacts_commands] )) ||
|
||||
_ca-certs__gen-artifacts_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs gen-artifacts commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__help_commands] )) ||
|
||||
_ca-certs__help_commands() {
|
||||
local commands; commands=(
|
||||
'add:Add a PEM CA certificate to trust-source/anchors and refresh extracted outputs' \
|
||||
'extract:Regenerate extracted trust bundles (like update-ca-trust extract)' \
|
||||
'certdata:Fetch and parse Mozilla/NSS certdata.txt (no certificate generation yet)' \
|
||||
'gen-artifacts:' \
|
||||
'help:Print this message or the help of the given subcommand(s)' \
|
||||
)
|
||||
_describe -t commands 'ca-certs help commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__help__add_commands] )) ||
|
||||
_ca-certs__help__add_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs help add commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__help__certdata_commands] )) ||
|
||||
_ca-certs__help__certdata_commands() {
|
||||
local commands; commands=(
|
||||
'fetch:Fetch certdata.txt from an NSS source URL' \
|
||||
'parse:Parse a local certdata.txt file and print a summary' \
|
||||
'convert:Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs' \
|
||||
'sync:Run the full pipeline\: fetch certdata.txt, convert to p11-kit source, then extract outputs' \
|
||||
)
|
||||
_describe -t commands 'ca-certs help certdata commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__help__certdata__convert_commands] )) ||
|
||||
_ca-certs__help__certdata__convert_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs help certdata convert commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__help__certdata__fetch_commands] )) ||
|
||||
_ca-certs__help__certdata__fetch_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs help certdata fetch commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__help__certdata__parse_commands] )) ||
|
||||
_ca-certs__help__certdata__parse_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs help certdata parse commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__help__certdata__sync_commands] )) ||
|
||||
_ca-certs__help__certdata__sync_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs help certdata sync commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__help__extract_commands] )) ||
|
||||
_ca-certs__help__extract_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs help extract commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__help__gen-artifacts_commands] )) ||
|
||||
_ca-certs__help__gen-artifacts_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs help gen-artifacts commands' commands "$@"
|
||||
}
|
||||
(( $+functions[_ca-certs__help__help_commands] )) ||
|
||||
_ca-certs__help__help_commands() {
|
||||
local commands; commands=()
|
||||
_describe -t commands 'ca-certs help help commands' commands "$@"
|
||||
}
|
||||
|
||||
if [ "$funcstack[1]" = "_ca-certs" ]; then
|
||||
_ca-certs "$@"
|
||||
else
|
||||
compdef _ca-certs ca-certs
|
||||
fi
|
||||
@@ -0,0 +1,558 @@
|
||||
_ca-certs() {
|
||||
local i cur prev opts cmd
|
||||
COMPREPLY=()
|
||||
if [[ "${BASH_VERSINFO[0]}" -ge 4 ]]; then
|
||||
cur="$2"
|
||||
else
|
||||
cur="${COMP_WORDS[COMP_CWORD]}"
|
||||
fi
|
||||
prev="$3"
|
||||
cmd=""
|
||||
opts=""
|
||||
|
||||
for i in "${COMP_WORDS[@]:0:COMP_CWORD}"
|
||||
do
|
||||
case "${cmd},${i}" in
|
||||
",$1")
|
||||
cmd="ca__certs"
|
||||
;;
|
||||
ca__certs,add)
|
||||
cmd="ca__certs__add"
|
||||
;;
|
||||
ca__certs,certdata)
|
||||
cmd="ca__certs__certdata"
|
||||
;;
|
||||
ca__certs,extract)
|
||||
cmd="ca__certs__extract"
|
||||
;;
|
||||
ca__certs,gen-artifacts)
|
||||
cmd="ca__certs__gen__artifacts"
|
||||
;;
|
||||
ca__certs,help)
|
||||
cmd="ca__certs__help"
|
||||
;;
|
||||
ca__certs__certdata,convert)
|
||||
cmd="ca__certs__certdata__convert"
|
||||
;;
|
||||
ca__certs__certdata,fetch)
|
||||
cmd="ca__certs__certdata__fetch"
|
||||
;;
|
||||
ca__certs__certdata,help)
|
||||
cmd="ca__certs__certdata__help"
|
||||
;;
|
||||
ca__certs__certdata,parse)
|
||||
cmd="ca__certs__certdata__parse"
|
||||
;;
|
||||
ca__certs__certdata,sync)
|
||||
cmd="ca__certs__certdata__sync"
|
||||
;;
|
||||
ca__certs__certdata__help,convert)
|
||||
cmd="ca__certs__certdata__help__convert"
|
||||
;;
|
||||
ca__certs__certdata__help,fetch)
|
||||
cmd="ca__certs__certdata__help__fetch"
|
||||
;;
|
||||
ca__certs__certdata__help,help)
|
||||
cmd="ca__certs__certdata__help__help"
|
||||
;;
|
||||
ca__certs__certdata__help,parse)
|
||||
cmd="ca__certs__certdata__help__parse"
|
||||
;;
|
||||
ca__certs__certdata__help,sync)
|
||||
cmd="ca__certs__certdata__help__sync"
|
||||
;;
|
||||
ca__certs__help,add)
|
||||
cmd="ca__certs__help__add"
|
||||
;;
|
||||
ca__certs__help,certdata)
|
||||
cmd="ca__certs__help__certdata"
|
||||
;;
|
||||
ca__certs__help,extract)
|
||||
cmd="ca__certs__help__extract"
|
||||
;;
|
||||
ca__certs__help,gen-artifacts)
|
||||
cmd="ca__certs__help__gen__artifacts"
|
||||
;;
|
||||
ca__certs__help,help)
|
||||
cmd="ca__certs__help__help"
|
||||
;;
|
||||
ca__certs__help__certdata,convert)
|
||||
cmd="ca__certs__help__certdata__convert"
|
||||
;;
|
||||
ca__certs__help__certdata,fetch)
|
||||
cmd="ca__certs__help__certdata__fetch"
|
||||
;;
|
||||
ca__certs__help__certdata,parse)
|
||||
cmd="ca__certs__help__certdata__parse"
|
||||
;;
|
||||
ca__certs__help__certdata,sync)
|
||||
cmd="ca__certs__help__certdata__sync"
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
case "${cmd}" in
|
||||
ca__certs)
|
||||
opts="-h -V --help --version add extract certdata gen-artifacts help"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 1 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__add)
|
||||
opts="-n -o -h --name --force --no-extract --output --root --dry-run --help <CERT>"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
--name)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
-n)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--output)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
-o)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--root)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__certdata)
|
||||
opts="-h --help fetch parse convert sync help"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__certdata__convert)
|
||||
opts="-o -h --root --output --force --no-extract --extract-output --dry-run --help [INPUT]"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
--root)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--output)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--extract-output)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
-o)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__certdata__fetch)
|
||||
opts="-o -h --url --log-url --output --force --no-revision-check --no-parse --dry-run --help"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
--url)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--log-url)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--output)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
-o)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__certdata__help)
|
||||
opts="fetch parse convert sync help"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__certdata__help__convert)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__certdata__help__fetch)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__certdata__help__help)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__certdata__help__parse)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__certdata__help__sync)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__certdata__parse)
|
||||
opts="-h --limit --help [INPUT]"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
--limit)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__certdata__sync)
|
||||
opts="-o -h --url --log-url --certdata-output --root --mozilla-output --force --no-revision-check --no-parse --no-extract --extract-output --dry-run --help"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
--url)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--log-url)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--certdata-output)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--root)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--mozilla-output)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--extract-output)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
-o)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__extract)
|
||||
opts="-o -h --output --root --dry-run --help"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
--output)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
-o)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--root)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__gen__artifacts)
|
||||
opts="-h --out-dir --shell --dry-run --help"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
--out-dir)
|
||||
COMPREPLY=($(compgen -f "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
--shell)
|
||||
COMPREPLY=($(compgen -W "bash fish zsh" -- "${cur}"))
|
||||
return 0
|
||||
;;
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__help)
|
||||
opts="add extract certdata gen-artifacts help"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__help__add)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__help__certdata)
|
||||
opts="fetch parse convert sync"
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__help__certdata__convert)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__help__certdata__fetch)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__help__certdata__parse)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__help__certdata__sync)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__help__extract)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__help__gen__artifacts)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
ca__certs__help__help)
|
||||
opts=""
|
||||
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
fi
|
||||
case "${prev}" in
|
||||
*)
|
||||
COMPREPLY=()
|
||||
;;
|
||||
esac
|
||||
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
|
||||
return 0
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
if [[ "${BASH_VERSINFO[0]}" -eq 4 && "${BASH_VERSINFO[1]}" -ge 4 || "${BASH_VERSINFO[0]}" -gt 4 ]]; then
|
||||
complete -F _ca-certs -o nosort -o bashdefault -o default ca-certs
|
||||
else
|
||||
complete -F _ca-certs -o bashdefault -o default ca-certs
|
||||
fi
|
||||
@@ -0,0 +1,99 @@
|
||||
# Print an optspec for argparse to handle cmd's options that are independent of any subcommand.
|
||||
function __fish_ca_certs_global_optspecs
|
||||
string join \n h/help V/version
|
||||
end
|
||||
|
||||
function __fish_ca_certs_needs_command
|
||||
# Figure out if the current invocation already has a command.
|
||||
set -l cmd (commandline -opc)
|
||||
set -e cmd[1]
|
||||
argparse -s (__fish_ca_certs_global_optspecs) -- $cmd 2>/dev/null
|
||||
or return
|
||||
if set -q argv[1]
|
||||
# Also print the command, so this can be used to figure out what it is.
|
||||
echo $argv[1]
|
||||
return 1
|
||||
end
|
||||
return 0
|
||||
end
|
||||
|
||||
function __fish_ca_certs_using_subcommand
|
||||
set -l cmd (__fish_ca_certs_needs_command)
|
||||
test -z "$cmd"
|
||||
and return 1
|
||||
contains -- $cmd[1] $argv
|
||||
end
|
||||
|
||||
complete -c ca-certs -n "__fish_ca_certs_needs_command" -s h -l help -d 'Print help'
|
||||
complete -c ca-certs -n "__fish_ca_certs_needs_command" -s V -l version -d 'Print version'
|
||||
complete -c ca-certs -n "__fish_ca_certs_needs_command" -f -a "add" -d 'Add a PEM CA certificate to trust-source/anchors and refresh extracted outputs'
|
||||
complete -c ca-certs -n "__fish_ca_certs_needs_command" -f -a "extract" -d 'Regenerate extracted trust bundles (like update-ca-trust extract)'
|
||||
complete -c ca-certs -n "__fish_ca_certs_needs_command" -f -a "certdata" -d 'Fetch and parse Mozilla/NSS certdata.txt (no certificate generation yet)'
|
||||
complete -c ca-certs -n "__fish_ca_certs_needs_command" -f -a "gen-artifacts"
|
||||
complete -c ca-certs -n "__fish_ca_certs_needs_command" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -s n -l name -d 'Output certificate name (without extension). Defaults to the input filename stem' -r
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -s o -l output -d 'Extracted output directory inside the target root (default: /etc/ca-certificates/extracted)' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -l root -d 'Target root filesystem (for chroot/image builds)' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -l force -d 'Overwrite an existing anchor if contents differ'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -l no-extract -d 'Add certificate but do not run extraction'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -l dry-run -d 'Print actions without modifying files'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -s h -l help -d 'Print help'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand extract" -s o -l output -d 'Extracted output directory inside the target root (default: /etc/ca-certificates/extracted)' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand extract" -l root -d 'Target root filesystem (for chroot/image builds)' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand extract" -l dry-run -d 'Print actions without modifying files'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand extract" -s h -l help -d 'Print help'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -s h -l help -d 'Print help'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -f -a "fetch" -d 'Fetch certdata.txt from an NSS source URL'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -f -a "parse" -d 'Parse a local certdata.txt file and print a summary'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -f -a "convert" -d 'Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -f -a "sync" -d 'Run the full pipeline: fetch certdata.txt, convert to p11-kit source, then extract outputs'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l url -d 'Source URL for certdata.txt' -r
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l log-url -d 'Override log URL used to determine the latest revision (optional)' -r
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -s o -l output -d 'Output file path' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l force -d 'Overwrite an existing file if contents differ'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l no-revision-check -d 'Always download even if the local file revision matches the remote revision'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l no-parse -d 'Skip parsing/summary after download'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l dry-run -d 'Print actions without modifying files'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -s h -l help -d 'Print help'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from parse" -l limit -d 'Print up to N object summaries after the aggregate stats' -r
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from parse" -s h -l help -d 'Print help'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -l root -d 'Target root filesystem (for chroot/image builds)' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -l output -d 'Destination p11-kit trust source file inside the target root' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -s o -l extract-output -d 'Extracted output directory inside the target root (default: /etc/ca-certificates/extracted)' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -l force -d 'Overwrite an existing output file if contents differ'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -l no-extract -d 'Skip running trust extraction after writing the Mozilla source bundle'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -l dry-run -d 'Print actions without modifying files'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -s h -l help -d 'Print help'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l url -d 'Source URL for certdata.txt' -r
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l log-url -d 'Override log URL used to determine the latest revision (optional)' -r
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l certdata-output -d 'Local certdata.txt path used for fetch and convert' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l root -d 'Target root filesystem (for chroot/image builds)' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l mozilla-output -d 'Destination p11-kit trust source file inside the target root' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -s o -l extract-output -d 'Extracted output directory inside the target root (default: /etc/ca-certificates/extracted)' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l force -d 'Overwrite existing files if contents differ'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l no-revision-check -d 'Always download even if the local certdata revision matches the remote revision'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l no-parse -d 'Skip parsing/summary after download'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l no-extract -d 'Skip running trust extraction after writing the Mozilla source bundle'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l dry-run -d 'Print actions without modifying files'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -s h -l help -d 'Print help'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from help" -f -a "fetch" -d 'Fetch certdata.txt from an NSS source URL'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from help" -f -a "parse" -d 'Parse a local certdata.txt file and print a summary'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from help" -f -a "convert" -d 'Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from help" -f -a "sync" -d 'Run the full pipeline: fetch certdata.txt, convert to p11-kit source, then extract outputs'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from help" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand gen-artifacts" -l out-dir -d 'Directory to write generated packaging artifacts into' -r -F
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand gen-artifacts" -l shell -d 'Shell completions to generate' -r -f -a "bash\t''
|
||||
fish\t''
|
||||
zsh\t''"
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand gen-artifacts" -l dry-run -d 'Print actions without modifying files'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand gen-artifacts" -s h -l help -d 'Print help'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and not __fish_seen_subcommand_from add extract certdata gen-artifacts help" -f -a "add" -d 'Add a PEM CA certificate to trust-source/anchors and refresh extracted outputs'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and not __fish_seen_subcommand_from add extract certdata gen-artifacts help" -f -a "extract" -d 'Regenerate extracted trust bundles (like update-ca-trust extract)'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and not __fish_seen_subcommand_from add extract certdata gen-artifacts help" -f -a "certdata" -d 'Fetch and parse Mozilla/NSS certdata.txt (no certificate generation yet)'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and not __fish_seen_subcommand_from add extract certdata gen-artifacts help" -f -a "gen-artifacts"
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and not __fish_seen_subcommand_from add extract certdata gen-artifacts help" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and __fish_seen_subcommand_from certdata" -f -a "fetch" -d 'Fetch certdata.txt from an NSS source URL'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and __fish_seen_subcommand_from certdata" -f -a "parse" -d 'Parse a local certdata.txt file and print a summary'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and __fish_seen_subcommand_from certdata" -f -a "convert" -d 'Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs'
|
||||
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and __fish_seen_subcommand_from certdata" -f -a "sync" -d 'Run the full pipeline: fetch certdata.txt, convert to p11-kit source, then extract outputs'
|
||||
+84
@@ -0,0 +1,84 @@
|
||||
project(
|
||||
'ca-certs',
|
||||
version: '0.1.0',
|
||||
meson_version: '>=0.60.0',
|
||||
)
|
||||
|
||||
cargo = find_program('cargo', required: true)
|
||||
sh = find_program('sh', required: true)
|
||||
|
||||
# Track Rust inputs explicitly so Meson knows when the Cargo build output is stale.
|
||||
tracked_rust_inputs = files(
|
||||
'Cargo.toml',
|
||||
'Cargo.lock',
|
||||
'src/main.rs',
|
||||
)
|
||||
|
||||
# Track packaging assets in one place so install rules stay auditable.
|
||||
tracked_packaging_assets = files(
|
||||
'LICENSE',
|
||||
'contrib/ca-certs.8',
|
||||
'contrib/completions/ca-certs.bash',
|
||||
'contrib/completions/ca-certs.fish',
|
||||
'contrib/completions/_ca-certs',
|
||||
)
|
||||
|
||||
tracked_install_paths = [
|
||||
join_paths(get_option('bindir'), 'ca-certs'),
|
||||
join_paths(get_option('datadir'), 'licenses', meson.project_name(), 'LICENSE'),
|
||||
join_paths(get_option('mandir'), 'man8', 'ca-certs.8'),
|
||||
join_paths(get_option('datadir'), 'bash-completion', 'completions', 'ca-certs'),
|
||||
join_paths(get_option('datadir'), 'fish', 'vendor_completions.d', 'ca-certs.fish'),
|
||||
join_paths(get_option('datadir'), 'zsh', 'site-functions', '_ca-certs'),
|
||||
]
|
||||
|
||||
cargo_target_dir = meson.current_build_dir() / 'cargo-target'
|
||||
|
||||
ca_certs_bin = custom_target(
|
||||
'ca-certs-bin',
|
||||
output: 'ca-certs',
|
||||
depend_files: tracked_rust_inputs,
|
||||
command: [
|
||||
sh, '-c',
|
||||
'set -eu; src="$1"; out="$2"; target_dir="$3"; cd "$src"; CARGO_TARGET_DIR="$target_dir" "$4" build --locked --release; cp "$target_dir/release/ca-certs" "$out"',
|
||||
'meson-cargo-build',
|
||||
meson.project_source_root(),
|
||||
'@OUTPUT@',
|
||||
cargo_target_dir,
|
||||
cargo,
|
||||
],
|
||||
build_by_default: true,
|
||||
console: true,
|
||||
install: true,
|
||||
install_dir: get_option('bindir'),
|
||||
)
|
||||
|
||||
install_data(
|
||||
'contrib/ca-certs.8',
|
||||
install_dir: join_paths(get_option('mandir'), 'man8'),
|
||||
)
|
||||
|
||||
install_data(
|
||||
'contrib/completions/ca-certs.bash',
|
||||
install_dir: join_paths(get_option('datadir'), 'bash-completion', 'completions'),
|
||||
rename: 'ca-certs',
|
||||
)
|
||||
|
||||
install_data(
|
||||
'contrib/completions/ca-certs.fish',
|
||||
install_dir: join_paths(get_option('datadir'), 'fish', 'vendor_completions.d'),
|
||||
)
|
||||
|
||||
install_data(
|
||||
'contrib/completions/_ca-certs',
|
||||
install_dir: join_paths(get_option('datadir'), 'zsh', 'site-functions'),
|
||||
)
|
||||
|
||||
summary(
|
||||
{
|
||||
'tracked rust inputs': tracked_rust_inputs.length(),
|
||||
'tracked packaging assets': tracked_packaging_assets.length(),
|
||||
'tracked install paths': '\n ' + '\n '.join(tracked_install_paths),
|
||||
},
|
||||
section: 'Packaging',
|
||||
)
|
||||
+1888
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user