Red Hat Bugzilla – Bug 1160783
p11-kit miss the extract option in help
Last modified: 2017-08-01 12:52:09 EDT
Description of problem: "p11-kit" doesn't print the "extract" option but manual contains it. RHEL-6 version prints this kind of information. Version-Release number of selected component (if applicable): p11-kit-0.20.7-2.el7 How reproducible: Always Steps to Reproduce: 1. zcat $(rpm -ql p11-kit | grep 'man' | grep '/p11-kit.') | grep 'extract' && { printf "\n======\n\n"; p11-kit --help 2>&1 | grep 'extract' && printf "\nPASS\n" || printf "\nFAIL\n"; } || echo 'PASS - no manual also' Actual results: .HP \w'\fBp11\-kit\ extract\fR\ 'u \fBp11\-kit extract\fR \&.\&.\&. ====== FAIL Expected results: .HP \w'\fBp11\-kit\ extract\fR\ 'u \fBp11\-kit extract\fR \-\-filter=<what> \-\-format=<type> /path/to/destination $ p11\-kit extract \-\-format=x509\-directory \-\-filter=ca\-anchors /path/to/directory You can specify the following options to control what to extract\&. The Specifies what certificates to extract\&. You can specify the following values: None of the available formats support storage of blacklist entries that do not contain a full certificate\&. Thus any certificates blacklisted by their issuer and serial number alone, are not included in the extracted blacklist\&. $ p11\-kit extract\-trust OpenSSL, GnuTLS and Java cannot currently read trust information directly from the trust policy module\&. This command extracts trust information such as certificate anchors for use by these libraries\&. What this command does, and where it extracts the files is distribution or site specific\&. Packagers or administrators are expected customize this command\&. ====== extract Extract certificates PASS Additional info: "p11-kit" utility has been refactored to "trust" utility in RHEL-7.1 but still "p11-kit" is present and allows this functionality.
This command has been moved to 'trust extract', it continues to work in its older 'p11-kit extract' form, however it is not listed in the help output. The 'man p11-kit' command refers you to the 'man trust' manual page. I believe this is all in order.
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.
Yes, the bug report is still valid although I find it really low priority. Current man page does not clearly state how to use the "p11-kit extract ..." command. It seems that both "p11-kit extract ..." and "trust extract ..." forms could be used but according to #c7 the user should rather use the trust command.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1981