$NetBSD: patch-sbin_update-ca-certificates,v 1.3 2023/05/21 16:33:50 kim Exp $

Add a configuration file for enabling CA certificate management in
a system directory (such as /etc/openssl on NetBSD).

--- sbin/update-ca-certificates.orig	2021-12-15 18:51:05.000000000 +0000
+++ sbin/update-ca-certificates	2023-05-21 15:58:00.334161148 +0000
@@ -28,9 +28,23 @@
 CERTSDIR=/usr/share/ca-certificates
 LOCALCERTSDIR=/usr/local/share/ca-certificates
 CERTBUNDLE=ca-certificates.crt
-ETCCERTSDIR=/etc/ssl/certs
+ETCCERTSDIR=disabled
+ETCCERTSDIRCONF=/etc/ca-certificates-dir.conf
 HOOKSDIR=/etc/ca-certificates/update.d
 
+if [ -s "$ETCCERTSDIRCONF" ]
+then
+  _ETCCERTSDIR="$(sed -n -e '
+      /^ETCCERTSDIR=/ {
+	  s///;
+	  s/#.*$//;
+	  s/  *$//;
+	  s/^  *//;
+	  p;
+      }' "$ETCCERTSDIRCONF")"
+  ETCCERTSDIR="${_ETCCERTSDIR:-${ETCCERTSDIR}}"
+fi
+
 while [ $# -gt 0 ];
 do
   case $1 in
@@ -66,6 +80,27 @@
   shift
 done
 
+case "$ETCCERTSDIR" in
+disabled)
+  cat <<-EOF
+	Please enable update-ca-certificates by editing
+	  $ETCCERTSDIRCONF
+	and then run it again.
+	EOF
+  exit 1
+  ;;
+/*)
+  ;;
+*)
+  cat <<-EOF
+	Please set ETCCERTSDIR to an absolute path in
+	  $ETCCERTSDIRCONF
+	and then run update-ca-certificates again.
+	EOF
+  exit 1
+  ;;
+esac
+
 if [ ! -s "$CERTSCONF" ]
 then
   fresh=1
