initial commit

This commit is contained in:
2026-02-23 20:06:44 -06:00
parent 0a5a6c6a1d
commit 53104542f7
11 changed files with 5070 additions and 0 deletions
+1
View File
@@ -0,0 +1 @@
/target
Generated
+1809
View File
File diff suppressed because it is too large Load Diff
+15
View File
@@ -0,0 +1,15 @@
[package]
name = "ca-certs"
version = "0.1.0"
edition = "2024"
[dependencies]
anyhow = "1.0.102"
base64 = "0.22.1"
clap = { version = "4.5.60", features = ["derive"] }
clap_complete = "4.5.66"
clap_mangen = "0.2.31"
reqwest = { version = "0.13.2", default-features = false, features = ["blocking", "rustls"] }
[lints.rust]
warnings = "deny"
+21
View File
@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2026 SFG545 and ReallyUnusual
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the “Software”), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
+163
View File
@@ -0,0 +1,163 @@
# ca-certs
`ca-certs` is a Linux CLI for managing CA trust store sources and extracted bundles in a `p11-kit` / `trust` (`update-ca-trust`-style) layout.
It supports:
- adding PEM CA certificates to `trust-source/anchors`
- regenerating extracted trust outputs (PEM bundles, OpenSSL bundle, Java cacerts, hash dir)
- syncing `/etc/ssl/certs` symlinks for the standard extraction path
- fetching/parsing/converting Mozilla NSS `certdata.txt` into a `p11-kit` trust source
- operating on an alternate root filesystem with `--root` (image/chroot builds)
## Requirements
- Linux (the tool exits on non-Linux targets)
- `trust` (from `p11-kit`) available in `PATH`
- `openssl` available in `PATH` for `certdata convert` / `certdata sync`
- `chroot` available in `PATH` when using `--root` with a non-`/` rootfs
- permission to write system trust paths (typically root)
## Build
### Cargo
```bash
cargo build --release
```
Binary output:
```text
target/release/ca-certs
```
### Meson (packaging-friendly)
Builds the Rust binary and installs the man page + shell completions from `contrib/`.
```bash
meson setup build
meson compile -C build
meson install -C build
```
## What It Manages
Default source and output paths mirror common `update-ca-trust` / `p11-kit` layouts:
- anchors: `/etc/ca-certificates/trust-source/anchors`
- extracted output dir: `/etc/ca-certificates/extracted`
- OpenSSL cert symlink dir: `/etc/ssl/certs`
- Java cacerts symlink: `/etc/ssl/certs/java/cacerts`
- Mozilla trust source (for `certdata convert/sync`): `/usr/share/ca-certificates/trust-source/mozilla.trust.p11-kit`
`extract` generates:
- `tls-ca-bundle.pem`
- `email-ca-bundle.pem`
- `objsign-ca-bundle.pem`
- `ca-bundle.trust.crt`
- `edk2-cacerts.bin`
- `java-cacerts.jks`
- `cadir/` (hashed cert directory)
## Usage
Show help:
```bash
ca-certs --help
ca-certs add --help
ca-certs extract --help
ca-certs certdata --help
```
### Add a CA certificate
Adds a PEM certificate to the anchors directory and refreshes extracted outputs by default.
```bash
sudo ca-certs add /path/to/company-root.pem
```
Specify a custom anchor name:
```bash
sudo ca-certs add /path/to/company-root.pem --name company-root
```
Add without extraction:
```bash
sudo ca-certs add /path/to/company-root.pem --no-extract
```
Dry-run:
```bash
ca-certs add /path/to/company-root.pem --dry-run
```
### Regenerate extracted trust outputs
```bash
sudo ca-certs extract
```
Write extracted outputs to a custom directory (skips `/etc/ssl/certs` symlink sync for custom output):
```bash
sudo ca-certs extract --output /tmp/ca-extracted
```
### Work on a rootfs/chroot image
```bash
sudo ca-certs extract --root /mnt/image
sudo ca-certs add /path/to/company-root.pem --root /mnt/image
```
## Mozilla `certdata.txt` workflow
The `certdata` command supports a fetch/parse/convert/sync pipeline for Mozilla NSS trust data.
Fetch `certdata.txt`:
```bash
ca-certs certdata fetch --output certdata.txt
```
Parse and print a summary:
```bash
ca-certs certdata parse certdata.txt
```
Convert to a `p11-kit` trust source and extract outputs:
```bash
sudo ca-certs certdata convert certdata.txt
```
Run the full pipeline (fetch -> convert -> extract):
```bash
sudo ca-certs certdata sync
```
Use `--dry-run` on these commands to preview actions without modifying files.
## Development
Run tests:
```bash
cargo test
```
The repository also includes a generated man page and shell completions under `contrib/`.
## License
MIT. See `LICENSE`.
+31
View File
@@ -0,0 +1,31 @@
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.TH ca-certs 8 "ca-certs 0.1.0"
.SH NAME
ca\-certs \- Manage Linux CA trust store sources and extracted bundles (p11\-kit/trust)
.SH SYNOPSIS
\fBca\-certs\fR [\fB\-h\fR|\fB\-\-help\fR] [\fB\-V\fR|\fB\-\-version\fR] <\fIsubcommands\fR>
.SH DESCRIPTION
Manage Linux CA trust store sources and extracted bundles (p11\-kit/trust)
.SH OPTIONS
.TP
\fB\-h\fR, \fB\-\-help\fR
Print help
.TP
\fB\-V\fR, \fB\-\-version\fR
Print version
.SH SUBCOMMANDS
.TP
ca\-certs\-add(8)
Add a PEM CA certificate to trust\-source/anchors and refresh extracted outputs
.TP
ca\-certs\-extract(8)
Regenerate extracted trust bundles (like update\-ca\-trust extract)
.TP
ca\-certs\-certdata(8)
Fetch and parse Mozilla/NSS certdata.txt (no certificate generation yet)
.TP
ca\-certs\-help(8)
Print this message or the help of the given subcommand(s)
.SH VERSION
v0.1.0
+401
View File
@@ -0,0 +1,401 @@
#compdef ca-certs
autoload -U is-at-least
_ca-certs() {
typeset -A opt_args
typeset -a _arguments_options
local ret=1
if is-at-least 5.2; then
_arguments_options=(-s -S -C)
else
_arguments_options=(-s -C)
fi
local context curcontext="$curcontext" state line
_arguments "${_arguments_options[@]}" : \
'-h[Print help]' \
'--help[Print help]' \
'-V[Print version]' \
'--version[Print version]' \
":: :_ca-certs_commands" \
"*::: :->ca-certs" \
&& ret=0
case $state in
(ca-certs)
words=($line[1] "${words[@]}")
(( CURRENT += 1 ))
curcontext="${curcontext%:*:*}:ca-certs-command-$line[1]:"
case $line[1] in
(add)
_arguments "${_arguments_options[@]}" : \
'-n+[Output certificate name (without extension). Defaults to the input filename stem]:NAME:_default' \
'--name=[Output certificate name (without extension). Defaults to the input filename stem]:NAME:_default' \
'-o+[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:OUTPUT:_files' \
'--output=[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:OUTPUT:_files' \
'--root=[Target root filesystem (for chroot/image builds)]:ROOT:_files' \
'--force[Overwrite an existing anchor if contents differ]' \
'--no-extract[Add certificate but do not run extraction]' \
'--dry-run[Print actions without modifying files]' \
'-h[Print help]' \
'--help[Print help]' \
':cert -- Path to a PEM-encoded CA certificate:_files' \
&& ret=0
;;
(extract)
_arguments "${_arguments_options[@]}" : \
'-o+[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:OUTPUT:_files' \
'--output=[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:OUTPUT:_files' \
'--root=[Target root filesystem (for chroot/image builds)]:ROOT:_files' \
'--dry-run[Print actions without modifying files]' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(certdata)
_arguments "${_arguments_options[@]}" : \
'-h[Print help]' \
'--help[Print help]' \
":: :_ca-certs__certdata_commands" \
"*::: :->certdata" \
&& ret=0
case $state in
(certdata)
words=($line[1] "${words[@]}")
(( CURRENT += 1 ))
curcontext="${curcontext%:*:*}:ca-certs-certdata-command-$line[1]:"
case $line[1] in
(fetch)
_arguments "${_arguments_options[@]}" : \
'--url=[Source URL for certdata.txt]:URL:_default' \
'--log-url=[Override log URL used to determine the latest revision (optional)]:LOG_URL:_default' \
'-o+[Output file path]:OUTPUT:_files' \
'--output=[Output file path]:OUTPUT:_files' \
'--force[Overwrite an existing file if contents differ]' \
'--no-revision-check[Always download even if the local file revision matches the remote revision]' \
'--no-parse[Skip parsing/summary after download]' \
'--dry-run[Print actions without modifying files]' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(parse)
_arguments "${_arguments_options[@]}" : \
'--limit=[Print up to N object summaries after the aggregate stats]:LIMIT:_default' \
'-h[Print help]' \
'--help[Print help]' \
'::input -- Path to certdata.txt:_files' \
&& ret=0
;;
(convert)
_arguments "${_arguments_options[@]}" : \
'--root=[Target root filesystem (for chroot/image builds)]:ROOT:_files' \
'--output=[Destination p11-kit trust source file inside the target root]:OUTPUT:_files' \
'-o+[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:EXTRACT_OUTPUT:_files' \
'--extract-output=[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:EXTRACT_OUTPUT:_files' \
'--force[Overwrite an existing output file if contents differ]' \
'--no-extract[Skip running trust extraction after writing the Mozilla source bundle]' \
'--dry-run[Print actions without modifying files]' \
'-h[Print help]' \
'--help[Print help]' \
'::input -- Path to certdata.txt:_files' \
&& ret=0
;;
(sync)
_arguments "${_arguments_options[@]}" : \
'--url=[Source URL for certdata.txt]:URL:_default' \
'--log-url=[Override log URL used to determine the latest revision (optional)]:LOG_URL:_default' \
'--certdata-output=[Local certdata.txt path used for fetch and convert]:CERTDATA_OUTPUT:_files' \
'--root=[Target root filesystem (for chroot/image builds)]:ROOT:_files' \
'--mozilla-output=[Destination p11-kit trust source file inside the target root]:MOZILLA_OUTPUT:_files' \
'-o+[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:EXTRACT_OUTPUT:_files' \
'--extract-output=[Extracted output directory inside the target root (default\: /etc/ca-certificates/extracted)]:EXTRACT_OUTPUT:_files' \
'--force[Overwrite existing files if contents differ]' \
'--no-revision-check[Always download even if the local certdata revision matches the remote revision]' \
'--no-parse[Skip parsing/summary after download]' \
'--no-extract[Skip running trust extraction after writing the Mozilla source bundle]' \
'--dry-run[Print actions without modifying files]' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(help)
_arguments "${_arguments_options[@]}" : \
":: :_ca-certs__certdata__help_commands" \
"*::: :->help" \
&& ret=0
case $state in
(help)
words=($line[1] "${words[@]}")
(( CURRENT += 1 ))
curcontext="${curcontext%:*:*}:ca-certs-certdata-help-command-$line[1]:"
case $line[1] in
(fetch)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
(parse)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
(convert)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
(sync)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
(help)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
esac
;;
esac
;;
esac
;;
esac
;;
(gen-artifacts)
_arguments "${_arguments_options[@]}" : \
'--out-dir=[Directory to write generated packaging artifacts into]:OUT_DIR:_files' \
'*--shell=[Shell completions to generate]:SHELLS:(bash fish zsh)' \
'--dry-run[Print actions without modifying files]' \
'-h[Print help]' \
'--help[Print help]' \
&& ret=0
;;
(help)
_arguments "${_arguments_options[@]}" : \
":: :_ca-certs__help_commands" \
"*::: :->help" \
&& ret=0
case $state in
(help)
words=($line[1] "${words[@]}")
(( CURRENT += 1 ))
curcontext="${curcontext%:*:*}:ca-certs-help-command-$line[1]:"
case $line[1] in
(add)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
(extract)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
(certdata)
_arguments "${_arguments_options[@]}" : \
":: :_ca-certs__help__certdata_commands" \
"*::: :->certdata" \
&& ret=0
case $state in
(certdata)
words=($line[1] "${words[@]}")
(( CURRENT += 1 ))
curcontext="${curcontext%:*:*}:ca-certs-help-certdata-command-$line[1]:"
case $line[1] in
(fetch)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
(parse)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
(convert)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
(sync)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
esac
;;
esac
;;
(gen-artifacts)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
(help)
_arguments "${_arguments_options[@]}" : \
&& ret=0
;;
esac
;;
esac
;;
esac
;;
esac
}
(( $+functions[_ca-certs_commands] )) ||
_ca-certs_commands() {
local commands; commands=(
'add:Add a PEM CA certificate to trust-source/anchors and refresh extracted outputs' \
'extract:Regenerate extracted trust bundles (like update-ca-trust extract)' \
'certdata:Fetch and parse Mozilla/NSS certdata.txt (no certificate generation yet)' \
'gen-artifacts:' \
'help:Print this message or the help of the given subcommand(s)' \
)
_describe -t commands 'ca-certs commands' commands "$@"
}
(( $+functions[_ca-certs__add_commands] )) ||
_ca-certs__add_commands() {
local commands; commands=()
_describe -t commands 'ca-certs add commands' commands "$@"
}
(( $+functions[_ca-certs__certdata_commands] )) ||
_ca-certs__certdata_commands() {
local commands; commands=(
'fetch:Fetch certdata.txt from an NSS source URL' \
'parse:Parse a local certdata.txt file and print a summary' \
'convert:Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs' \
'sync:Run the full pipeline\: fetch certdata.txt, convert to p11-kit source, then extract outputs' \
'help:Print this message or the help of the given subcommand(s)' \
)
_describe -t commands 'ca-certs certdata commands' commands "$@"
}
(( $+functions[_ca-certs__certdata__convert_commands] )) ||
_ca-certs__certdata__convert_commands() {
local commands; commands=()
_describe -t commands 'ca-certs certdata convert commands' commands "$@"
}
(( $+functions[_ca-certs__certdata__fetch_commands] )) ||
_ca-certs__certdata__fetch_commands() {
local commands; commands=()
_describe -t commands 'ca-certs certdata fetch commands' commands "$@"
}
(( $+functions[_ca-certs__certdata__help_commands] )) ||
_ca-certs__certdata__help_commands() {
local commands; commands=(
'fetch:Fetch certdata.txt from an NSS source URL' \
'parse:Parse a local certdata.txt file and print a summary' \
'convert:Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs' \
'sync:Run the full pipeline\: fetch certdata.txt, convert to p11-kit source, then extract outputs' \
'help:Print this message or the help of the given subcommand(s)' \
)
_describe -t commands 'ca-certs certdata help commands' commands "$@"
}
(( $+functions[_ca-certs__certdata__help__convert_commands] )) ||
_ca-certs__certdata__help__convert_commands() {
local commands; commands=()
_describe -t commands 'ca-certs certdata help convert commands' commands "$@"
}
(( $+functions[_ca-certs__certdata__help__fetch_commands] )) ||
_ca-certs__certdata__help__fetch_commands() {
local commands; commands=()
_describe -t commands 'ca-certs certdata help fetch commands' commands "$@"
}
(( $+functions[_ca-certs__certdata__help__help_commands] )) ||
_ca-certs__certdata__help__help_commands() {
local commands; commands=()
_describe -t commands 'ca-certs certdata help help commands' commands "$@"
}
(( $+functions[_ca-certs__certdata__help__parse_commands] )) ||
_ca-certs__certdata__help__parse_commands() {
local commands; commands=()
_describe -t commands 'ca-certs certdata help parse commands' commands "$@"
}
(( $+functions[_ca-certs__certdata__help__sync_commands] )) ||
_ca-certs__certdata__help__sync_commands() {
local commands; commands=()
_describe -t commands 'ca-certs certdata help sync commands' commands "$@"
}
(( $+functions[_ca-certs__certdata__parse_commands] )) ||
_ca-certs__certdata__parse_commands() {
local commands; commands=()
_describe -t commands 'ca-certs certdata parse commands' commands "$@"
}
(( $+functions[_ca-certs__certdata__sync_commands] )) ||
_ca-certs__certdata__sync_commands() {
local commands; commands=()
_describe -t commands 'ca-certs certdata sync commands' commands "$@"
}
(( $+functions[_ca-certs__extract_commands] )) ||
_ca-certs__extract_commands() {
local commands; commands=()
_describe -t commands 'ca-certs extract commands' commands "$@"
}
(( $+functions[_ca-certs__gen-artifacts_commands] )) ||
_ca-certs__gen-artifacts_commands() {
local commands; commands=()
_describe -t commands 'ca-certs gen-artifacts commands' commands "$@"
}
(( $+functions[_ca-certs__help_commands] )) ||
_ca-certs__help_commands() {
local commands; commands=(
'add:Add a PEM CA certificate to trust-source/anchors and refresh extracted outputs' \
'extract:Regenerate extracted trust bundles (like update-ca-trust extract)' \
'certdata:Fetch and parse Mozilla/NSS certdata.txt (no certificate generation yet)' \
'gen-artifacts:' \
'help:Print this message or the help of the given subcommand(s)' \
)
_describe -t commands 'ca-certs help commands' commands "$@"
}
(( $+functions[_ca-certs__help__add_commands] )) ||
_ca-certs__help__add_commands() {
local commands; commands=()
_describe -t commands 'ca-certs help add commands' commands "$@"
}
(( $+functions[_ca-certs__help__certdata_commands] )) ||
_ca-certs__help__certdata_commands() {
local commands; commands=(
'fetch:Fetch certdata.txt from an NSS source URL' \
'parse:Parse a local certdata.txt file and print a summary' \
'convert:Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs' \
'sync:Run the full pipeline\: fetch certdata.txt, convert to p11-kit source, then extract outputs' \
)
_describe -t commands 'ca-certs help certdata commands' commands "$@"
}
(( $+functions[_ca-certs__help__certdata__convert_commands] )) ||
_ca-certs__help__certdata__convert_commands() {
local commands; commands=()
_describe -t commands 'ca-certs help certdata convert commands' commands "$@"
}
(( $+functions[_ca-certs__help__certdata__fetch_commands] )) ||
_ca-certs__help__certdata__fetch_commands() {
local commands; commands=()
_describe -t commands 'ca-certs help certdata fetch commands' commands "$@"
}
(( $+functions[_ca-certs__help__certdata__parse_commands] )) ||
_ca-certs__help__certdata__parse_commands() {
local commands; commands=()
_describe -t commands 'ca-certs help certdata parse commands' commands "$@"
}
(( $+functions[_ca-certs__help__certdata__sync_commands] )) ||
_ca-certs__help__certdata__sync_commands() {
local commands; commands=()
_describe -t commands 'ca-certs help certdata sync commands' commands "$@"
}
(( $+functions[_ca-certs__help__extract_commands] )) ||
_ca-certs__help__extract_commands() {
local commands; commands=()
_describe -t commands 'ca-certs help extract commands' commands "$@"
}
(( $+functions[_ca-certs__help__gen-artifacts_commands] )) ||
_ca-certs__help__gen-artifacts_commands() {
local commands; commands=()
_describe -t commands 'ca-certs help gen-artifacts commands' commands "$@"
}
(( $+functions[_ca-certs__help__help_commands] )) ||
_ca-certs__help__help_commands() {
local commands; commands=()
_describe -t commands 'ca-certs help help commands' commands "$@"
}
if [ "$funcstack[1]" = "_ca-certs" ]; then
_ca-certs "$@"
else
compdef _ca-certs ca-certs
fi
+558
View File
@@ -0,0 +1,558 @@
_ca-certs() {
local i cur prev opts cmd
COMPREPLY=()
if [[ "${BASH_VERSINFO[0]}" -ge 4 ]]; then
cur="$2"
else
cur="${COMP_WORDS[COMP_CWORD]}"
fi
prev="$3"
cmd=""
opts=""
for i in "${COMP_WORDS[@]:0:COMP_CWORD}"
do
case "${cmd},${i}" in
",$1")
cmd="ca__certs"
;;
ca__certs,add)
cmd="ca__certs__add"
;;
ca__certs,certdata)
cmd="ca__certs__certdata"
;;
ca__certs,extract)
cmd="ca__certs__extract"
;;
ca__certs,gen-artifacts)
cmd="ca__certs__gen__artifacts"
;;
ca__certs,help)
cmd="ca__certs__help"
;;
ca__certs__certdata,convert)
cmd="ca__certs__certdata__convert"
;;
ca__certs__certdata,fetch)
cmd="ca__certs__certdata__fetch"
;;
ca__certs__certdata,help)
cmd="ca__certs__certdata__help"
;;
ca__certs__certdata,parse)
cmd="ca__certs__certdata__parse"
;;
ca__certs__certdata,sync)
cmd="ca__certs__certdata__sync"
;;
ca__certs__certdata__help,convert)
cmd="ca__certs__certdata__help__convert"
;;
ca__certs__certdata__help,fetch)
cmd="ca__certs__certdata__help__fetch"
;;
ca__certs__certdata__help,help)
cmd="ca__certs__certdata__help__help"
;;
ca__certs__certdata__help,parse)
cmd="ca__certs__certdata__help__parse"
;;
ca__certs__certdata__help,sync)
cmd="ca__certs__certdata__help__sync"
;;
ca__certs__help,add)
cmd="ca__certs__help__add"
;;
ca__certs__help,certdata)
cmd="ca__certs__help__certdata"
;;
ca__certs__help,extract)
cmd="ca__certs__help__extract"
;;
ca__certs__help,gen-artifacts)
cmd="ca__certs__help__gen__artifacts"
;;
ca__certs__help,help)
cmd="ca__certs__help__help"
;;
ca__certs__help__certdata,convert)
cmd="ca__certs__help__certdata__convert"
;;
ca__certs__help__certdata,fetch)
cmd="ca__certs__help__certdata__fetch"
;;
ca__certs__help__certdata,parse)
cmd="ca__certs__help__certdata__parse"
;;
ca__certs__help__certdata,sync)
cmd="ca__certs__help__certdata__sync"
;;
*)
;;
esac
done
case "${cmd}" in
ca__certs)
opts="-h -V --help --version add extract certdata gen-artifacts help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 1 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__add)
opts="-n -o -h --name --force --no-extract --output --root --dry-run --help <CERT>"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
--name)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
-n)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--output)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
-o)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--root)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__certdata)
opts="-h --help fetch parse convert sync help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__certdata__convert)
opts="-o -h --root --output --force --no-extract --extract-output --dry-run --help [INPUT]"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
--root)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--output)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--extract-output)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
-o)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__certdata__fetch)
opts="-o -h --url --log-url --output --force --no-revision-check --no-parse --dry-run --help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
--url)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--log-url)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--output)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
-o)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__certdata__help)
opts="fetch parse convert sync help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__certdata__help__convert)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__certdata__help__fetch)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__certdata__help__help)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__certdata__help__parse)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__certdata__help__sync)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__certdata__parse)
opts="-h --limit --help [INPUT]"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
--limit)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__certdata__sync)
opts="-o -h --url --log-url --certdata-output --root --mozilla-output --force --no-revision-check --no-parse --no-extract --extract-output --dry-run --help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
--url)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--log-url)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--certdata-output)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--root)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--mozilla-output)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--extract-output)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
-o)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__extract)
opts="-o -h --output --root --dry-run --help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
--output)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
-o)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--root)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__gen__artifacts)
opts="-h --out-dir --shell --dry-run --help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
--out-dir)
COMPREPLY=($(compgen -f "${cur}"))
return 0
;;
--shell)
COMPREPLY=($(compgen -W "bash fish zsh" -- "${cur}"))
return 0
;;
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__help)
opts="add extract certdata gen-artifacts help"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 2 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__help__add)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__help__certdata)
opts="fetch parse convert sync"
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__help__certdata__convert)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__help__certdata__fetch)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__help__certdata__parse)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__help__certdata__sync)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 4 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__help__extract)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__help__gen__artifacts)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
ca__certs__help__help)
opts=""
if [[ ${cur} == -* || ${COMP_CWORD} -eq 3 ]] ; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
case "${prev}" in
*)
COMPREPLY=()
;;
esac
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
;;
esac
}
if [[ "${BASH_VERSINFO[0]}" -eq 4 && "${BASH_VERSINFO[1]}" -ge 4 || "${BASH_VERSINFO[0]}" -gt 4 ]]; then
complete -F _ca-certs -o nosort -o bashdefault -o default ca-certs
else
complete -F _ca-certs -o bashdefault -o default ca-certs
fi
+99
View File
@@ -0,0 +1,99 @@
# Print an optspec for argparse to handle cmd's options that are independent of any subcommand.
function __fish_ca_certs_global_optspecs
string join \n h/help V/version
end
function __fish_ca_certs_needs_command
# Figure out if the current invocation already has a command.
set -l cmd (commandline -opc)
set -e cmd[1]
argparse -s (__fish_ca_certs_global_optspecs) -- $cmd 2>/dev/null
or return
if set -q argv[1]
# Also print the command, so this can be used to figure out what it is.
echo $argv[1]
return 1
end
return 0
end
function __fish_ca_certs_using_subcommand
set -l cmd (__fish_ca_certs_needs_command)
test -z "$cmd"
and return 1
contains -- $cmd[1] $argv
end
complete -c ca-certs -n "__fish_ca_certs_needs_command" -s h -l help -d 'Print help'
complete -c ca-certs -n "__fish_ca_certs_needs_command" -s V -l version -d 'Print version'
complete -c ca-certs -n "__fish_ca_certs_needs_command" -f -a "add" -d 'Add a PEM CA certificate to trust-source/anchors and refresh extracted outputs'
complete -c ca-certs -n "__fish_ca_certs_needs_command" -f -a "extract" -d 'Regenerate extracted trust bundles (like update-ca-trust extract)'
complete -c ca-certs -n "__fish_ca_certs_needs_command" -f -a "certdata" -d 'Fetch and parse Mozilla/NSS certdata.txt (no certificate generation yet)'
complete -c ca-certs -n "__fish_ca_certs_needs_command" -f -a "gen-artifacts"
complete -c ca-certs -n "__fish_ca_certs_needs_command" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -s n -l name -d 'Output certificate name (without extension). Defaults to the input filename stem' -r
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -s o -l output -d 'Extracted output directory inside the target root (default: /etc/ca-certificates/extracted)' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -l root -d 'Target root filesystem (for chroot/image builds)' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -l force -d 'Overwrite an existing anchor if contents differ'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -l no-extract -d 'Add certificate but do not run extraction'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -l dry-run -d 'Print actions without modifying files'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand add" -s h -l help -d 'Print help'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand extract" -s o -l output -d 'Extracted output directory inside the target root (default: /etc/ca-certificates/extracted)' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand extract" -l root -d 'Target root filesystem (for chroot/image builds)' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand extract" -l dry-run -d 'Print actions without modifying files'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand extract" -s h -l help -d 'Print help'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -s h -l help -d 'Print help'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -f -a "fetch" -d 'Fetch certdata.txt from an NSS source URL'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -f -a "parse" -d 'Parse a local certdata.txt file and print a summary'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -f -a "convert" -d 'Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -f -a "sync" -d 'Run the full pipeline: fetch certdata.txt, convert to p11-kit source, then extract outputs'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and not __fish_seen_subcommand_from fetch parse convert sync help" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l url -d 'Source URL for certdata.txt' -r
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l log-url -d 'Override log URL used to determine the latest revision (optional)' -r
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -s o -l output -d 'Output file path' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l force -d 'Overwrite an existing file if contents differ'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l no-revision-check -d 'Always download even if the local file revision matches the remote revision'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l no-parse -d 'Skip parsing/summary after download'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -l dry-run -d 'Print actions without modifying files'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from fetch" -s h -l help -d 'Print help'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from parse" -l limit -d 'Print up to N object summaries after the aggregate stats' -r
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from parse" -s h -l help -d 'Print help'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -l root -d 'Target root filesystem (for chroot/image builds)' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -l output -d 'Destination p11-kit trust source file inside the target root' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -s o -l extract-output -d 'Extracted output directory inside the target root (default: /etc/ca-certificates/extracted)' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -l force -d 'Overwrite an existing output file if contents differ'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -l no-extract -d 'Skip running trust extraction after writing the Mozilla source bundle'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -l dry-run -d 'Print actions without modifying files'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from convert" -s h -l help -d 'Print help'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l url -d 'Source URL for certdata.txt' -r
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l log-url -d 'Override log URL used to determine the latest revision (optional)' -r
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l certdata-output -d 'Local certdata.txt path used for fetch and convert' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l root -d 'Target root filesystem (for chroot/image builds)' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l mozilla-output -d 'Destination p11-kit trust source file inside the target root' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -s o -l extract-output -d 'Extracted output directory inside the target root (default: /etc/ca-certificates/extracted)' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l force -d 'Overwrite existing files if contents differ'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l no-revision-check -d 'Always download even if the local certdata revision matches the remote revision'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l no-parse -d 'Skip parsing/summary after download'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l no-extract -d 'Skip running trust extraction after writing the Mozilla source bundle'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -l dry-run -d 'Print actions without modifying files'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from sync" -s h -l help -d 'Print help'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from help" -f -a "fetch" -d 'Fetch certdata.txt from an NSS source URL'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from help" -f -a "parse" -d 'Parse a local certdata.txt file and print a summary'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from help" -f -a "convert" -d 'Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from help" -f -a "sync" -d 'Run the full pipeline: fetch certdata.txt, convert to p11-kit source, then extract outputs'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand certdata; and __fish_seen_subcommand_from help" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand gen-artifacts" -l out-dir -d 'Directory to write generated packaging artifacts into' -r -F
complete -c ca-certs -n "__fish_ca_certs_using_subcommand gen-artifacts" -l shell -d 'Shell completions to generate' -r -f -a "bash\t''
fish\t''
zsh\t''"
complete -c ca-certs -n "__fish_ca_certs_using_subcommand gen-artifacts" -l dry-run -d 'Print actions without modifying files'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand gen-artifacts" -s h -l help -d 'Print help'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and not __fish_seen_subcommand_from add extract certdata gen-artifacts help" -f -a "add" -d 'Add a PEM CA certificate to trust-source/anchors and refresh extracted outputs'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and not __fish_seen_subcommand_from add extract certdata gen-artifacts help" -f -a "extract" -d 'Regenerate extracted trust bundles (like update-ca-trust extract)'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and not __fish_seen_subcommand_from add extract certdata gen-artifacts help" -f -a "certdata" -d 'Fetch and parse Mozilla/NSS certdata.txt (no certificate generation yet)'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and not __fish_seen_subcommand_from add extract certdata gen-artifacts help" -f -a "gen-artifacts"
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and not __fish_seen_subcommand_from add extract certdata gen-artifacts help" -f -a "help" -d 'Print this message or the help of the given subcommand(s)'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and __fish_seen_subcommand_from certdata" -f -a "fetch" -d 'Fetch certdata.txt from an NSS source URL'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and __fish_seen_subcommand_from certdata" -f -a "parse" -d 'Parse a local certdata.txt file and print a summary'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and __fish_seen_subcommand_from certdata" -f -a "convert" -d 'Convert certdata.txt into a Mozilla p11-kit trust bundle and optionally extract outputs'
complete -c ca-certs -n "__fish_ca_certs_using_subcommand help; and __fish_seen_subcommand_from certdata" -f -a "sync" -d 'Run the full pipeline: fetch certdata.txt, convert to p11-kit source, then extract outputs'
+84
View File
@@ -0,0 +1,84 @@
project(
'ca-certs',
version: '0.1.0',
meson_version: '>=0.60.0',
)
cargo = find_program('cargo', required: true)
sh = find_program('sh', required: true)
# Track Rust inputs explicitly so Meson knows when the Cargo build output is stale.
tracked_rust_inputs = files(
'Cargo.toml',
'Cargo.lock',
'src/main.rs',
)
# Track packaging assets in one place so install rules stay auditable.
tracked_packaging_assets = files(
'LICENSE',
'contrib/ca-certs.8',
'contrib/completions/ca-certs.bash',
'contrib/completions/ca-certs.fish',
'contrib/completions/_ca-certs',
)
tracked_install_paths = [
join_paths(get_option('bindir'), 'ca-certs'),
join_paths(get_option('datadir'), 'licenses', meson.project_name(), 'LICENSE'),
join_paths(get_option('mandir'), 'man8', 'ca-certs.8'),
join_paths(get_option('datadir'), 'bash-completion', 'completions', 'ca-certs'),
join_paths(get_option('datadir'), 'fish', 'vendor_completions.d', 'ca-certs.fish'),
join_paths(get_option('datadir'), 'zsh', 'site-functions', '_ca-certs'),
]
cargo_target_dir = meson.current_build_dir() / 'cargo-target'
ca_certs_bin = custom_target(
'ca-certs-bin',
output: 'ca-certs',
depend_files: tracked_rust_inputs,
command: [
sh, '-c',
'set -eu; src="$1"; out="$2"; target_dir="$3"; cd "$src"; CARGO_TARGET_DIR="$target_dir" "$4" build --locked --release; cp "$target_dir/release/ca-certs" "$out"',
'meson-cargo-build',
meson.project_source_root(),
'@OUTPUT@',
cargo_target_dir,
cargo,
],
build_by_default: true,
console: true,
install: true,
install_dir: get_option('bindir'),
)
install_data(
'contrib/ca-certs.8',
install_dir: join_paths(get_option('mandir'), 'man8'),
)
install_data(
'contrib/completions/ca-certs.bash',
install_dir: join_paths(get_option('datadir'), 'bash-completion', 'completions'),
rename: 'ca-certs',
)
install_data(
'contrib/completions/ca-certs.fish',
install_dir: join_paths(get_option('datadir'), 'fish', 'vendor_completions.d'),
)
install_data(
'contrib/completions/_ca-certs',
install_dir: join_paths(get_option('datadir'), 'zsh', 'site-functions'),
)
summary(
{
'tracked rust inputs': tracked_rust_inputs.length(),
'tracked packaging assets': tracked_packaging_assets.length(),
'tracked install paths': '\n ' + '\n '.join(tracked_install_paths),
},
section: 'Packaging',
)
+1888
View File
File diff suppressed because it is too large Load Diff