Package: ca-certificates Severity: wishlist Tags: patch X-Debbugs-CC: debian-ad...@lists.debian.org User: debian-ad...@lists.debian.org Usertags: needed-by-DSA-Team
Please apply the attached patch to allow setting the certs in a dir to the default set. DSA will be using this patch to implement this plan for consistent handling of SSL certificates on debian.org hosts: https://lists.debian.org/debian-services-admin/2014/12/msg00000.html -- bye, pabs https://wiki.debian.org/PaulWise
From 2e959b1f5af51e753bb92ac59cd7a428a11566d1 Mon Sep 17 00:00:00 2001
From: Paul Wise <p...@debian.org>
Date: Tue, 30 Dec 2014 14:18:09 +0800
Subject: [PATCH] Add an option to set the certs in a directory to the defaults
---
sbin/update-ca-certificates | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
index bc56da5..580c95f 100755
--- a/sbin/update-ca-certificates
+++ b/sbin/update-ca-certificates
@@ -23,6 +23,7 @@
verbose=0
fresh=0
+default=0
CERTSCONF=/etc/ca-certificates.conf
CERTSDIR=/usr/share/ca-certificates
LOCALCERTSDIR=/usr/local/share/ca-certificates
@@ -37,6 +38,9 @@ do
verbose=1;;
--fresh|-f)
fresh=1;;
+ --default|-d)
+ default=1;;
+ fresh=1;;
--certsconf)
shift
CERTSCONF="$1";;
@@ -125,6 +129,14 @@ fi
echo -n "Updating certificates in $ETCCERTSDIR... "
+# Add default certificate authorities if requested
+if [ "$default" = 1; then
+ find -L "$CERTSDIR" -type f -name '*.crt' | sort | while read crt
+ do
+ add "$crt"
+ done
+fi
+
# Handle certificates that should be removed. This is an explicit act
# by prefixing lines in the configuration files with exclamation marks (!).
sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt
--
2.1.4
signature.asc
Description: This is a digitally signed message part
