--- a/debian/postinst Mon Nov 09 22:25:53 2015 +0100
+++ b/debian/postinst Tue Nov 10 11:57:08 2015 +0100
@@ -19,36 +19,28 @@
CONF=/etc/ca-certificates.conf
DIR=/usr/share/ca-certificates
-CRTS=$DIR/schlittermann/*.crt
+CRTS=$(cd $DIR && ls schlittermann/*.crt)
hash() { openssl x509 -noout -in "$1" -hash; }
case "$1" in
configure)
# aus der ca-certificates.conf entfernen
- tmp=`mktemp`
- grep -v '^schlittermann-ca\.crt$' $CONF > $tmp
- cp $tmp $CONF
- rm -f $tmp
-
- # zuerst mal gucken, ob's nicht zufällig schon in /etc/ssl/certs
- # mit rumliegt von früher
+ echo "$CRTS" >> $CONF
+ update-ca-certificates --fresh
- for CRT in $CRTS; do
- CRT=$(basename $CRT)
- HASH=`hash $DIR/$CRT 2>/dev/null || echo 0`
- echo "$DIR/$CRT: $HASH"
-
- for p in /etc/ssl/certs/*.crt; do
- test -e "$p" || { rm -f "$p"; continue; } # dangling symlinks
- test "$HASH" = `hash "$p"` || continue
- test -L "$p" || { rm -v "$p"; continue; }
- test `readlink "$p"` = "$DIR/$CRT" || { rm "$p"; continue; }
+ # find schlittermann certs that are used somewhere
+ {
+ echo '/etc/ssl/certs/schlittermann-ca.pem';
+ find /etc/ssl/certs -name '*schlittermann*' -not -type l -type f -printf '%p\n'
+ } | sort -u | while read FILE; do
+ found=$(grep --exclude-dir '.hg' -rlF "$FILE" /etc) || continue
+ {
+ echo "WARNING: \`$FILE' used in:"
+ echo "$found"
+ echo "Please replace this with \`$DIR/schlittermann/schlittermann-ca-bundle.pem'"
+ } | sed 's/^/### /' >&2
done
- grep -F -q "schlittermann/$CRT" "$CONF" || echo "schlittermann/$CRT" >> "$CONF"
- done
-
- update-ca-certificates
;;
abort-upgrade|abort-remove|abort-deconfigure)