diff -r e23951f3f974 -r a9462fce24e1 debian/postinst
--- a/debian/postinst	Mon Nov 09 22:25:53 2015 +0100
+++ b/debian/postinst	Tue Nov 10 11:57:08 2015 +0100
@@ -19,36 +19,28 @@
 
 CONF=/etc/ca-certificates.conf
 DIR=/usr/share/ca-certificates
-CRTS=$DIR/schlittermann/*.crt
+CRTS=$(cd $DIR && ls schlittermann/*.crt)
 
 hash() { openssl x509 -noout -in "$1" -hash; }
 
 case "$1" in
     configure)
 	# aus der ca-certificates.conf entfernen
-	tmp=`mktemp`
-	grep -v '^schlittermann-ca\.crt$' $CONF > $tmp
-	cp $tmp $CONF
-	rm -f $tmp
-
-	# zuerst mal gucken, ob's nicht zufällig schon in /etc/ssl/certs
-	# mit rumliegt von früher
+	echo "$CRTS" >> $CONF
+	update-ca-certificates --fresh
 
-	for CRT in $CRTS; do
-	    CRT=$(basename $CRT)
-	    HASH=`hash $DIR/$CRT 2>/dev/null || echo 0`
-	    echo "$DIR/$CRT: $HASH"
-
-	    for p in /etc/ssl/certs/*.crt; do
-		test -e "$p" || { rm -f "$p"; continue; }   # dangling symlinks
-		test "$HASH" = `hash "$p"` || continue
-		test -L "$p" || { rm -v "$p"; continue; }
-		test `readlink "$p"` = "$DIR/$CRT" || { rm "$p"; continue; }
+	# find schlittermann certs that are used somewhere
+	{
+	    echo '/etc/ssl/certs/schlittermann-ca.pem'; 
+	    find /etc/ssl/certs -name '*schlittermann*' -not -type l -type f -printf '%p\n'
+	} | sort -u | while read FILE; do
+		found=$(grep --exclude-dir '.hg' -rlF "$FILE" /etc) || continue
+		{
+		    echo "WARNING: \`$FILE' used in:"
+		    echo "$found"
+		    echo "Please replace this with \`$DIR/schlittermann/schlittermann-ca-bundle.pem'"
+		} | sed 's/^/### /' >&2
 	    done
-	    grep -F -q "schlittermann/$CRT" "$CONF" || echo "schlittermann/$CRT" >> "$CONF"
-	done
-
-	update-ca-certificates
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)