$NetBSD: patch-sbin_update-ca-certificates,v 1.5 2023/07/05 18:13:22 kim Exp $

Add a configuration file for enabling CA certificate management in
a system directory (such as /etc/openssl on NetBSD).

--- sbin/update-ca-certificates.orig	2021-12-15 18:51:05.000000000 +0000
+++ sbin/update-ca-certificates	2023-07-05 18:10:26.326602441 +0000
@@ -25,12 +25,27 @@
 fresh=0
 default=0
 CERTSCONF=/etc/ca-certificates.conf
-CERTSDIR=/usr/share/ca-certificates
+PROGDIR="$(dirname "${0}")"
+CERTSDIR="${PROGDIR}/../share/ca-certificates"
 LOCALCERTSDIR=/usr/local/share/ca-certificates
 CERTBUNDLE=ca-certificates.crt
-ETCCERTSDIR=/etc/ssl/certs
+ETCCERTSDIR=disabled
+ETCCERTSDIRCONF=/etc/ca-certificates-dir.conf
 HOOKSDIR=/etc/ca-certificates/update.d
 
+if [ -s "$ETCCERTSDIRCONF" ]
+then
+  _ETCCERTSDIR="$(sed -n -e '
+      /^ETCCERTSDIR=/ {
+	  s///;
+	  s/#.*$//;
+	  s/  *$//;
+	  s/^  *//;
+	  p;
+      }' "$ETCCERTSDIRCONF")"
+  ETCCERTSDIR="${_ETCCERTSDIR:-${ETCCERTSDIR}}"
+fi
+
 while [ $# -gt 0 ];
 do
   case $1 in
@@ -66,6 +81,20 @@
   shift
 done
 
+case "$ETCCERTSDIR" in
+/*)
+  ;;
+*)
+  cat <<-EOF
+	Please enable update-ca-certificates by setting ETCCERTSDIR
+	to an absolute path (e.g. /etc/ssl/certs) in
+	  $ETCCERTSDIRCONF
+	and then run update-ca-certificates again.
+	EOF
+  exit 1
+  ;;
+esac
+
 if [ ! -s "$CERTSCONF" ]
 then
   fresh=1