On 2017-11-28 17:44, Dennis van Dok wrote: > Thanks for the report. The bug is an unfortunate side effect of the > integration with ca-certificates. The installation of the certificate > files under /usr/share/ca-certificates has the consequence that they are > automatically linked to /etc/ssl/certs whenever the ca-certificates > package is (re)configured. > > In retrospect I should never have implemented the integration of the > IGTF certificates with the system's ca-certificates; their purpose is so > different that it does not make sense to trust them in general for > e-mail signatures or web security. > > I am going to change the installation paths so none of this will happen > anymore, but the piuparts test as run will still fail the upgrade; the > bug is in the older version. > > Anyway, the symlinks are created by the ca-certificates package. > Removing or reconfiguring ca-certificates gets rid of the symlinks.
Sounds like you want to activate the 'update-ca-certificates' trigger from ca-certificates after changes (including removal or end of ca-certificates integration) to your certificates s.t. the links get updated (or removed) in a deterministic manner. Andreas
