# HG changeset patch # User Heiko Schlittermann # Date 1447153028 -3600 # Node ID a9462fce24e1d7c1e093f26f1edcef62f162f8c8 # Parent e23951f3f97476e2f1d5593a5f0b67d8cadc96ab [debian:ca-certificates-schlittermann_0.8] # --- # this is for package version ca-certificates-schlittermann_0.8 diff -r e23951f3f974 -r a9462fce24e1 Makefile --- a/Makefile Mon Nov 09 22:25:53 2015 +0100 +++ b/Makefile Tue Nov 10 11:57:08 2015 +0100 @@ -17,6 +17,5 @@ umask 022 ;\ for p in *-crt.pem; do \ openssl x509 -in $$p > $(DESTDIR)$(certbase)/schlittermann-$$(basename $$p -crt.pem).crt ;\ - openssl x509 -in $$p >> $(DESTDIR)$(certbase)/schlittermann-ca.pem ;\ + openssl x509 -in $$p >> $(DESTDIR)$(certbase)/schlittermann-ca-bundle.pem ;\ done - cp ${certbase}/schlittermann-ca.pem $(DESTDIR)${etc_ssl_certs}/schlittermann-ca.pem diff -r e23951f3f974 -r a9462fce24e1 debian/changelog --- a/debian/changelog Mon Nov 09 22:25:53 2015 +0100 +++ b/debian/changelog Tue Nov 10 11:57:08 2015 +0100 @@ -1,3 +1,9 @@ +ca-certificates-schlittermann (0.8) stable oldstable; urgency=medium + + * Do not place a bundle in /etc/ssl/certs + + -- Heiko Schlittermann (HS12-RIPE) Tue, 10 Nov 2015 11:57:01 +0100 + ca-certificates-schlittermann (0.7) stable oldstable; urgency=medium * Fix postrm diff -r e23951f3f974 -r a9462fce24e1 debian/postinst --- a/debian/postinst Mon Nov 09 22:25:53 2015 +0100 +++ b/debian/postinst Tue Nov 10 11:57:08 2015 +0100 @@ -19,36 +19,28 @@ CONF=/etc/ca-certificates.conf DIR=/usr/share/ca-certificates -CRTS=$DIR/schlittermann/*.crt +CRTS=$(cd $DIR && ls schlittermann/*.crt) hash() { openssl x509 -noout -in "$1" -hash; } case "$1" in configure) # aus der ca-certificates.conf entfernen - tmp=`mktemp` - grep -v '^schlittermann-ca\.crt$' $CONF > $tmp - cp $tmp $CONF - rm -f $tmp - - # zuerst mal gucken, ob's nicht zufällig schon in /etc/ssl/certs - # mit rumliegt von früher + echo "$CRTS" >> $CONF + update-ca-certificates --fresh - for CRT in $CRTS; do - CRT=$(basename $CRT) - HASH=`hash $DIR/$CRT 2>/dev/null || echo 0` - echo "$DIR/$CRT: $HASH" - - for p in /etc/ssl/certs/*.crt; do - test -e "$p" || { rm -f "$p"; continue; } # dangling symlinks - test "$HASH" = `hash "$p"` || continue - test -L "$p" || { rm -v "$p"; continue; } - test `readlink "$p"` = "$DIR/$CRT" || { rm "$p"; continue; } + # find schlittermann certs that are used somewhere + { + echo '/etc/ssl/certs/schlittermann-ca.pem'; + find /etc/ssl/certs -name '*schlittermann*' -not -type l -type f -printf '%p\n' + } | sort -u | while read FILE; do + found=$(grep --exclude-dir '.hg' -rlF "$FILE" /etc) || continue + { + echo "WARNING: \`$FILE' used in:" + echo "$found" + echo "Please replace this with \`$DIR/schlittermann/schlittermann-ca-bundle.pem'" + } | sed 's/^/### /' >&2 done - grep -F -q "schlittermann/$CRT" "$CONF" || echo "schlittermann/$CRT" >> "$CONF" - done - - update-ca-certificates ;; abort-upgrade|abort-remove|abort-deconfigure) diff -r e23951f3f974 -r a9462fce24e1 debian/postrm --- a/debian/postrm Mon Nov 09 22:25:53 2015 +0100 +++ b/debian/postrm Tue Nov 10 11:57:08 2015 +0100 @@ -19,25 +19,28 @@ # the debian-policy package CONF=/etc/ca-certificates.conf -CRT="schlittermann-ca.*\.crt" +CRT="schlittermann" + +clean_conf() { + + test -s $CONF || return + + tmp=`mktemp` + grep -Fv "$CRT" $CONF >$tmp + cp $tmp $CONF + rm $tmp + return +} case "$1" in purge) - TMP=`mktemp` - grep -v "$CRT" $CONF >$TMP - cp $TMP $CONF - rm $TMP + clean_conf update-ca-certificates --fresh ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - if test -s "$CONF"; then - tmp=`mktemp` - grep -F -v 'schlittermann-ca.crt' $CONF >$tmp - cp $tmp $CONF - rm $tmp - fi - update-ca-certificates --fresh + clean_conf + test "$1" = upgrade || update-ca-certificates --fresh ;; *)