Bug#1071143: lost certificate links are not recovered by postinst

[Harald Dunkel]

Package: ca-certificates
Version: 20230311

Somehow I lost a few symlinks in /etc/ssl/certs, for example:

        root@dpcl064:~# ls -al /etc/ssl/certs/*SSL.com*
        ls: cannot access '/etc/ssl/certs/*SSL.com*': No such file or directory

Problem is, they are neither recovered by update-ca-certificates, nor by
reinstalling the package:

        root@dpcl064:~# update-ca-certificates
        Updating certificates in /etc/ssl/certs...
        0 added, 0 removed; done.
        Running hooks in /etc/ca-certificates/update.d...
        p11-kit: ca-certificates.crt: BEGIN ...: pem block before p11-kit 
section header
        /etc/ssl/certs/adoptium/cacerts successfully populated.
        Processing triggers for ca-certificates-java (20230710~deb12u1) ...
        done.
        done.

        root@dpcl064:~# apt install --reinstall -o 
Dpkg::Options::="--force-confask,confnew,confmiss" ca-certificates
        Reading package lists... Done
        Building dependency tree... Done
        Reading state information... Done
        0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not 
upgraded.
        Need to get 0 B/153 kB of archives.
        After this operation, 0 B of additional disk space will be used.
        [master 42f304c] saving uncommitted changes in /etc prior to apt run
         1 file changed, 0 insertions(+), 0 deletions(-)
        Preconfiguring packages ...
        (Reading database ... 269567 files and directories currently installed.)
        Preparing to unpack .../ca-certificates_20230311_all.deb ...
        Unpacking ca-certificates (20230311) over (20230311) ...
        Setting up ca-certificates (20230311) ...
        Updating certificates in /etc/ssl/certs...
        0 added, 0 removed; done.
        Processing triggers for man-db (2.11.2-2) ...
        Processing triggers for ca-certificates (20230311) ...
        Updating certificates in /etc/ssl/certs...
        0 added, 0 removed; done.
        Running hooks in /etc/ca-certificates/update.d...
        p11-kit: ca-certificates.crt: BEGIN ...: pem block before p11-kit 
section header
        /etc/ssl/certs/adoptium/cacerts successfully populated.
        done.
        Processing triggers for ca-certificates-java (20230710~deb12u1) ...
        done.
        [master c6761b9] committing changes in /etc made by "apt install --reinstall 
-o Dpkg::Options::=--force-confask,confnew,confmiss ca-certificates"
         1 file changed, 0 insertions(+), 0 deletions(-)

        root@dpcl064:~# ls -al /etc/ssl/certs/*SSL.com*
        ls: cannot access '/etc/ssl/certs/*SSL.com*': No such file or directory

        root@dpcl064:~# ls -al /usr/share/ca-certificates/mozilla/*SSL.com*
        -rw-r--r-- 1 root root  956 Mar 11  2023 
/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
        -rw-r--r-- 1 root root 2114 Mar 11  2023 
/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
        -rw-r--r-- 1 root root  944 Mar 11  2023 
/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
        -rw-r--r-- 1 root root 2094 Mar 11  2023 
/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt

There should be a menu to select the trusted certificates from, similar
to first-time installation.


Regards
Harri