Bug#774059: ca-certificates: allow custom paths to configuration, certs etc

Sun, 28 Dec 2014 00:57:38 -0800 

Package: ca-certificates
Severity: wishlist
Tags: patch
X-Debbugs-CC: debian-ad...@lists.debian.org
User: debian-ad...@lists.debian.org
Usertags: needed-by-DSA-Team

Please apply the attached patch to allow custom paths to configuration,
certs etc. DSA will be using this patch to implement this plan for
consistent handling of SSL certificates on debian.org hosts:

https://lists.debian.org/debian-services-admin/2014/12/msg00000.html

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


From a54cb4f5b201bfcf6028782b723de7b639199d33 Mon Sep 17 00:00:00 2001
From: Paul Wise <p...@debian.org>
Date: Sun, 28 Dec 2014 14:41:57 +0800
Subject: [PATCH] Allow customisation of the paths used by
 update-ca-certificates

---
 sbin/update-ca-certificates | 40 ++++++++++++++++++++++++++++++++++------
 1 file changed, 34 insertions(+), 6 deletions(-)

diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
index 9303b07..bc56da5 100755
--- a/sbin/update-ca-certificates
+++ b/sbin/update-ca-certificates
@@ -23,6 +23,13 @@
 
 verbose=0
 fresh=0
+CERTSCONF=/etc/ca-certificates.conf
+CERTSDIR=/usr/share/ca-certificates
+LOCALCERTSDIR=/usr/local/share/ca-certificates
+CERTBUNDLE=ca-certificates.crt
+ETCCERTSDIR=/etc/ssl/certs
+HOOKSDIR=/etc/ca-certificates/update.d
+
 while [ $# -gt 0 ];
 do
   case $1 in
@@ -30,6 +37,24 @@ do
       verbose=1;;
     --fresh|-f)
       fresh=1;;
+    --certsconf)
+      shift
+      CERTSCONF="$1";;
+    --certsdir)
+      shift
+      CERTSDIR="$1";;
+    --localcertsdir)
+      shift
+      LOCALCERTSDIR="$1";;
+    --certbundle)
+      shift
+      CERTBUNDLE="$1";;
+    --etccertsdir)
+      shift
+      ETCCERTSDIR="$1";;
+    --hooksdir)
+      shift
+      HOOKSDIR="$1";;
     --help|-h|*)
       echo "$0: [--verbose] [--fresh]"
       exit;;
@@ -37,11 +62,10 @@ do
   shift
 done
 
-CERTSCONF=/etc/ca-certificates.conf
-CERTSDIR=/usr/share/ca-certificates
-LOCALCERTSDIR=/usr/local/share/ca-certificates
-CERTBUNDLE=ca-certificates.crt
-ETCCERTSDIR=/etc/ssl/certs
+if [ ! -s "$CERTSCONF" ]
+then
+  fresh=1
+fi
 
 cleanup() {
   rm -f "$TEMPBUNDLE"
@@ -151,7 +175,9 @@ mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
 
 echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
 
-HOOKSDIR=/etc/ca-certificates/update.d
+if [ -d "$HOOKSDIR" ]
+then
+
 echo -n "Running hooks in $HOOKSDIR...."
 VERBOSE_ARG=
 [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
@@ -162,5 +188,7 @@ do
 done
 echo "done."
 
+fi
+
 # vim:set et sw=2:
 
-- 
2.1.4

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to