Update for openssl 3

• Update openssl command

Add clrtrust(1) man page

Man documentation added thanks to @puneetse!

Compatibility with binary apps

For compatibility with binary apps built on some distributions (most notably, Ubuntu), Clear Linux trust store provides a symlink to certificate bundle at /etc/ssl/certs/ca-certificates.crt (by a combination of 82f66ef and filesystem config).

Bug fixes

• clrtrust no longer exits with non-zero code when a duplicate is found (see #17).
• additional checks for openssl to be able to process a simple PEM-encoded X.509 self-signed certificate (see #11).
• use proper type in clrtrust-helper.c (see #18, kudos to @clsulliv).

Performance improvement

Many-fold performance improvement on trust store generation (first time boot and store updates).

Modified behavior of add and remove. Bug fixes.

• Simplified the implementation of add and remove commands. The behavior has been modified. Before, add or remove would not modify the trust store unless all the input (e.g. all the files) was valid. In the new implementation, these commands will still warn about invalid input and return an error, but will process the valid input.
• Fixed issue with locking in the containers (where no /run/lock present). #14
• Fixed handling of unrecognized commands

Store generation improvements

• Store generation is now serialized which prevents errors during (unlikely) parallel execution of the clrtrust generate
• If there are no certificates in the trust sources, the system store will not be generated and error message will be printed.

Improved diagnostics and documentation

• Introducing check command which performs basic sanity checks of the environment, such as presence and permissions of the directories. check is also executed as part of adding or removing trust.
• Certificate files are being check to contain single certificates when adding. This is to avoid silently allowing addition of certificate bundles: they will not (and should not) be handled properly for trust purposes.
• An implementation of c_rehash command is included with clrtrust. It removes dependency on external c_rehash. External c_rehash will be used if present, but is no longer required. Option -c|--internal-rehash has been added to force using the internal implementation.
• README.md is added, providing friendly description of the tool on github frontpage.
• Miscellaneous bug fixes.

v0.0.5

Bug fixes:

• Handle files with spaces in names properly
• Fix incorrect function call (kudos to @lfelipe)

v0.0.4

Fix critical issue with adding and removing certificates.