From 8c4ace528c8af2e05ea737cdafdaad0d9e4d8e37 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Jul 26 2019 13:40:02 +0000
Subject: Document key/cert file owner and mode options


The owner and permission options were available but not
documented either on the command-line or in the man page.

Affects request, resubmit and start-tracking commands.

https://bugzilla.redhat.com/show_bug.cgi?id=1549585

---

diff --git a/src/getcert-request.1.in b/src/getcert-request.1.in
index ba43016..00c59b2 100644
--- a/src/getcert-request.1.in
+++ b/src/getcert-request.1.in
@@ -211,6 +211,14 @@ one to fail.
 \fB\-v\fR
 Be verbose about errors.  Normally, the details of an error received from
 the daemon will be suppressed if the client can make a diagnostic suggestion.
+\fB\-o\fR OWNER, --key-owner=OWNER
+After generation set the owner on the private key file or database to OWNER.
+\fB\-m\fR MODE, --key-perms=MODE
+After generation set the file permissions on the private key file or database to MODE.
+\fB\-O\fR OWNER, --cert-owner=OWNER
+After generation set the owner on the certificate file or database to OWNER.
+\fB\-M\fR MODE, --cert-perms=MODE
+After generation set the file permissions on the certificate file or database to MODE.
 
 .SH NOTES
 Locations specified for key and certificate storage need to be
diff --git a/src/getcert-resubmit.1.in b/src/getcert-resubmit.1.in
index f9e6bb1..3304eaa 100644
--- a/src/getcert-resubmit.1.in
+++ b/src/getcert-resubmit.1.in
@@ -145,6 +145,14 @@ one to fail.
 \fB\-v\fR
 Be verbose about errors.  Normally, the details of an error received from
 the daemon will be suppressed if the client can make a diagnostic suggestion.
+\fB\-o\fR OWNER, --key-owner=OWNER
+After generation set the owner on the private key file or database to OWNER.
+\fB\-m\fR MODE, --key-perms=MODE
+After generation set the file permissions on the private key file or database to MODE.
+\fB\-O\fR OWNER, --cert-owner=OWNER
+After generation set the owner on the certificate file or database to OWNER.
+\fB\-M\fR MODE, --cert-perms=MODE
+After generation set the file permissions on the certificate file or database to MODE.
 
 .SH BUGS
 Please file tickets for any that you find at https://fedorahosted.org/certmonger/
diff --git a/src/getcert-start-tracking.1.in b/src/getcert-start-tracking.1.in
index f60e4a7..cf26960 100644
--- a/src/getcert-start-tracking.1.in
+++ b/src/getcert-start-tracking.1.in
@@ -181,6 +181,14 @@ the attempt to obtain a new one to fail.
 \fB\-v\fR
 Be verbose about errors.  Normally, the details of an error received from
 the daemon will be suppressed if the client can make a diagnostic suggestion.
+\fB\-o\fR OWNER, --key-owner=OWNER
+After generation set the owner on the private key file or database to OWNER.
+\fB\-m\fR MODE, --key-perms=MODE
+After generation set the file permissions on the private key file or database to MODE.
+\fB\-O\fR OWNER, --cert-owner=OWNER
+After generation set the owner on the certificate file or database to OWNER.
+\fB\-M\fR MODE, --cert-perms=MODE
+After generation set the file permissions on the certificate file or database to MODE.
 
 .SH NOTES
 Locations specified for key and certificate storage need to be
diff --git a/src/getcert.c b/src/getcert.c
index ac51c2f..432871a 100644
--- a/src/getcert.c
+++ b/src/getcert.c
@@ -4902,6 +4902,10 @@ help(const char *twopartcmd, const char *category)
 		N_("  -a	NSS database in which to store the CA's certificates\n"),
 		N_("  -w	try to wait for the certificate to be issued\n"),
 		N_("  -v	report all details of errors\n"),
+		N_("  -o OWNER	owner information for private key\n"),
+		N_("  -m MODE	file permissions for private key\n"),
+		N_("  -O OWNER	owner information for certificate\n"),
+		N_("  -M MODE	file permissions for certificate\n"),
 		NULL,
 	};
 	const char *start_tracking_help[] = {
@@ -4952,6 +4956,10 @@ help(const char *twopartcmd, const char *category)
 		N_("  -a	NSS database in which to store the CA's certificates\n"),
 		N_("  -w	try to wait for the certificate to be issued\n"),
 		N_("  -v	report all details of errors\n"),
+		N_("  -o OWNER	owner information for private key\n"),
+		N_("  -m MODE	file permissions for private key\n"),
+		N_("  -O OWNER	owner information for certificate\n"),
+		N_("  -M MODE	file permissions for certificate\n"),
 		NULL,
 	};
 	const char *stop_tracking_help[] = {
@@ -5024,6 +5032,10 @@ help(const char *twopartcmd, const char *category)
 		N_("  -a	NSS database in which to store the CA's certificates\n"),
 		N_("  -w	try to wait for the certificate to be issued\n"),
 		N_("  -v	report all details of errors\n"),
+		N_("  -o OWNER	owner information for private key\n"),
+		N_("  -m MODE	file permissions for private key\n"),
+		N_("  -O OWNER	owner information for certificate\n"),
+		N_("  -M MODE	file permissions for certificate\n"),
 		NULL,
 	};
 	const char *rekey_help[] = {