found 514220 ca-certificates/20090814
quit

Philipp Kern wrote:
> patches for this bug are welcome

What license terms do your debian/ directory use?  Granted, this is a
small enough patch that it is probably not copyrightable.

Completely untested, probably problematic:

-- %< --
Subject: postinst: do not remove unknown certs from ca-certificates.conf

An administrator might try to add local certificates to the
/etc/ssl/certs/ca-certificates.crt file that is maintained by
ca-certficates by editing the /etc/ca-certificates.conf file
directly.  Unfortuantely this configuration is destroyed when
ca-certificates runs its debconf thing next time.

A certificate not listed in $CERTS_AVAILABLE could be from an
older version of ca-certificates or it could be from the user.
This patch assumes that it is from the user and preserves it,
meaning that if future versions of ca-certificates remove
certificates, they will have to add in logic for that.

Fixes: http://bugs.debian.org/514220
Reported-by: Peter Palfrader <wea...@debian.org>
---
> (please not, that the
> config script is a mess, though).

I have some small suggestions for that, but they should probably
wait until later.  Please remind me if you remember.

Regards,
Jonathan

 debian/postinst |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/debian/postinst b/debian/postinst
index ca6aab0..ee0d9f7 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -66,6 +66,8 @@ case "$1" in
          do
            if echo "$line" | grep -q '^#'; then
             echo "$line"
+           elif ! memberp "$ca" "$CERTS_AVAILABLE"; then
+            echo "$line"
            else
             case "$line" in
             !*) ca=$(echo "$line" | sed -e 's/^!//');;
-- 




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to