certctl(8): let one blacklist based on hashed filenames
It seems reasonable to allow, for instance: $ certctl list # reviews output -- ah, yeah, I don't trust that one $ certctl blacklist ce5e74ef.0 $ certctl rehash We can unambiguously determine what cert "ce5e74ef.0" refers to, and we've described it to them in `certctl list` output -- I see little sense in forcing another level of filesystem inspection to determien what cert file this physically corresponds to.
This commit is contained in:
parent
5989470c37
commit
94a5245c4c
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=353070
@ -74,11 +74,21 @@ create_trusted_link()
|
||||
|
||||
create_blacklisted()
|
||||
{
|
||||
local hash
|
||||
local hash srcfile filename
|
||||
|
||||
# If it exists as a file, we'll try that; otherwise, we'll scan
|
||||
if [ -e "$1" ]; then
|
||||
hash=$( do_hash "$1" ) || return
|
||||
[ $VERBOSE -gt 0 ] && echo "Adding $hash.0 to blacklist"
|
||||
[ $NOOP -eq 0 ] && ln -fs $(realpath "$1") "$BLACKLISTDESTDIR/$hash.0"
|
||||
srcfile=$(realpath "$1")
|
||||
filename="$hash.0"
|
||||
elif [ -e "${CERTDESTDIR}/$1" ]; then
|
||||
srcfile=$(realpath "${CERTDESTDIR}/$1")
|
||||
filename="$1"
|
||||
else
|
||||
return
|
||||
fi
|
||||
[ $VERBOSE -gt 0 ] && echo "Adding $filename to blacklist"
|
||||
[ $NOOP -eq 0 ] && ln -fs "$srcfile" "$BLACKLISTDESTDIR/$filename"
|
||||
}
|
||||
|
||||
do_scan()
|
||||
|
Loading…
Reference in New Issue
Block a user