[debian:ca-certificates-schlittermann_0.8]
# ---
# this is for package version ca-certificates-schlittermann_0.8
--- a/Makefile Mon Nov 09 22:25:53 2015 +0100
+++ b/Makefile Tue Nov 10 11:57:08 2015 +0100
@@ -17,6 +17,5 @@
umask 022 ;\
for p in *-crt.pem; do \
openssl x509 -in $$p > $(DESTDIR)$(certbase)/schlittermann-$$(basename $$p -crt.pem).crt ;\
- openssl x509 -in $$p >> $(DESTDIR)$(certbase)/schlittermann-ca.pem ;\
+ openssl x509 -in $$p >> $(DESTDIR)$(certbase)/schlittermann-ca-bundle.pem ;\
done
- cp ${certbase}/schlittermann-ca.pem $(DESTDIR)${etc_ssl_certs}/schlittermann-ca.pem
--- a/debian/changelog Mon Nov 09 22:25:53 2015 +0100
+++ b/debian/changelog Tue Nov 10 11:57:08 2015 +0100
@@ -1,3 +1,9 @@
+ca-certificates-schlittermann (0.8) stable oldstable; urgency=medium
+
+ * Do not place a bundle in /etc/ssl/certs
+
+ -- Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> Tue, 10 Nov 2015 11:57:01 +0100
+
ca-certificates-schlittermann (0.7) stable oldstable; urgency=medium
* Fix postrm
--- a/debian/postinst Mon Nov 09 22:25:53 2015 +0100
+++ b/debian/postinst Tue Nov 10 11:57:08 2015 +0100
@@ -19,36 +19,28 @@
CONF=/etc/ca-certificates.conf
DIR=/usr/share/ca-certificates
-CRTS=$DIR/schlittermann/*.crt
+CRTS=$(cd $DIR && ls schlittermann/*.crt)
hash() { openssl x509 -noout -in "$1" -hash; }
case "$1" in
configure)
# aus der ca-certificates.conf entfernen
- tmp=`mktemp`
- grep -v '^schlittermann-ca\.crt$' $CONF > $tmp
- cp $tmp $CONF
- rm -f $tmp
-
- # zuerst mal gucken, ob's nicht zufällig schon in /etc/ssl/certs
- # mit rumliegt von früher
+ echo "$CRTS" >> $CONF
+ update-ca-certificates --fresh
- for CRT in $CRTS; do
- CRT=$(basename $CRT)
- HASH=`hash $DIR/$CRT 2>/dev/null || echo 0`
- echo "$DIR/$CRT: $HASH"
-
- for p in /etc/ssl/certs/*.crt; do
- test -e "$p" || { rm -f "$p"; continue; } # dangling symlinks
- test "$HASH" = `hash "$p"` || continue
- test -L "$p" || { rm -v "$p"; continue; }
- test `readlink "$p"` = "$DIR/$CRT" || { rm "$p"; continue; }
+ # find schlittermann certs that are used somewhere
+ {
+ echo '/etc/ssl/certs/schlittermann-ca.pem';
+ find /etc/ssl/certs -name '*schlittermann*' -not -type l -type f -printf '%p\n'
+ } | sort -u | while read FILE; do
+ found=$(grep --exclude-dir '.hg' -rlF "$FILE" /etc) || continue
+ {
+ echo "WARNING: \`$FILE' used in:"
+ echo "$found"
+ echo "Please replace this with \`$DIR/schlittermann/schlittermann-ca-bundle.pem'"
+ } | sed 's/^/### /' >&2
done
- grep -F -q "schlittermann/$CRT" "$CONF" || echo "schlittermann/$CRT" >> "$CONF"
- done
-
- update-ca-certificates
;;
abort-upgrade|abort-remove|abort-deconfigure)
--- a/debian/postrm Mon Nov 09 22:25:53 2015 +0100
+++ b/debian/postrm Tue Nov 10 11:57:08 2015 +0100
@@ -19,25 +19,28 @@
# the debian-policy package
CONF=/etc/ca-certificates.conf
-CRT="schlittermann-ca.*\.crt"
+CRT="schlittermann"
+
+clean_conf() {
+
+ test -s $CONF || return
+
+ tmp=`mktemp`
+ grep -Fv "$CRT" $CONF >$tmp
+ cp $tmp $CONF
+ rm $tmp
+ return
+}
case "$1" in
purge)
- TMP=`mktemp`
- grep -v "$CRT" $CONF >$TMP
- cp $TMP $CONF
- rm $TMP
+ clean_conf
update-ca-certificates --fresh
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
- if test -s "$CONF"; then
- tmp=`mktemp`
- grep -F -v 'schlittermann-ca.crt' $CONF >$tmp
- cp $tmp $CONF
- rm $tmp
- fi
- update-ca-certificates --fresh
+ clean_conf
+ test "$1" = upgrade || update-ca-certificates --fresh
;;
*)