Your message dated Mon, 02 Aug 2010 18:17:41 +0000
with message-id <e1ofza1-0005nx...@franck.debian.org>
and subject line Bug#514220: fixed in ca-certificates 20090814+nmu1
has caused the Debian Bug report #514220,
regarding ca-certificates: debconf update destroys local config
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
514220: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514220
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ca-certificates
Version: 20080809
Severity: serious
So,
Unfortunately there is no documented means to add local certificates to
the /etc/ssl/certs/ca-certificates.crt file that is maintained by
ca-certficates.
Adding local configuration to /usr/share/ca-certificates would work, but
I wanted to avoid that. So what I tried instead was adding a pointer
to the certificates directly to the packages configuration file
/etc/ca-certificates.conf:
| kate:~# tail -n1 /etc/ca-certificates.conf
| ../../../etc/ssl/certs/ca_came.pem
Filenames in this directory are relative to /usr/share/ca-certificates
so the ../../../ mess is needed to add the file that is already in
/etc/ssl to the ca-certificates.crt store.
This even works as expected:
| kate:~# ls -l /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca_came.pem*
| -rw-r--r-- 1 root root 1480 Feb 5 12:07 /etc/ssl/certs/ca-certificates.crt
| -rw-r--r-- 1 root root 1480 Jun 3 2008 /etc/ssl/certs/ca_came.pem
| lrwxrwxrwx 1 root root 61 Feb 5 12:07 /etc/ssl/certs/ca_came.pem.pem ->
/usr/share/ca-certificates/../../../etc/ssl/certs/ca_came.pem
Granted, not the nicest thing in the world, but hey.
Now git finally does the right thing.
Unfortuantely this configuration is destroyed when ca-certificates runs
its debconf thing next time:
| kate:~# tail -n1 /etc/ca-certificates.conf
| ../../../etc/ssl/certs/ca_came.pem
| kate:~# dpkg-reconfigure ca-certificates
| Updating certificates in /etc/ssl/certs....done.
| Running hooks in /etc/ca-certificates/update.d....done.
| kate:~# tail -n1 /etc/ca-certificates.conf
| !../../../etc/ssl/certs/ca_came.pem
Such local config shouldn't be broken.
(Ideally there would just be a place where the admin can dump certs, say
/etc/ca-certificates/local/ or whatever, then this whole mess wouldn't
be necessary.)
Cheers,
weasel
--- End Message ---
--- Begin Message ---
Source: ca-certificates
Source-Version: 20090814+nmu1
We believe that the bug you reported is fixed in the latest version of
ca-certificates, which is due to be installed in the Debian FTP archive:
ca-certificates_20090814+nmu1.dsc
to main/c/ca-certificates/ca-certificates_20090814+nmu1.dsc
ca-certificates_20090814+nmu1.tar.gz
to main/c/ca-certificates/ca-certificates_20090814+nmu1.tar.gz
ca-certificates_20090814+nmu1_all.deb
to main/c/ca-certificates/ca-certificates_20090814+nmu1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 514...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Maximiliano Curia <m...@debian.org> (supplier of updated ca-certificates
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 30 Jul 2010 12:55:28 -0400
Source: ca-certificates
Binary: ca-certificates
Architecture: source all
Version: 20090814+nmu1
Distribution: unstable
Urgency: low
Maintainer: Philipp Kern <pk...@debian.org>
Changed-By: Maximiliano Curia <m...@debian.org>
Description:
ca-certificates - Common CA certificates
Closes: 514220
Changes:
ca-certificates (20090814+nmu1) unstable; urgency=low
.
* Non-maintainer upload.
* Preserve user changes to the /etc/ca-certificates.conf.
(Closes: #514220)
Checksums-Sha1:
658f7fa8be3ae0642b6d08bae433077be10d83de 811 ca-certificates_20090814+nmu1.dsc
3de997fe7d31b5fd61fd7433c5c4b382b3dbdfb0 230695
ca-certificates_20090814+nmu1.tar.gz
c206f0536b6f8399101740153f7d1b9a6c14b2b5 152568
ca-certificates_20090814+nmu1_all.deb
Checksums-Sha256:
e87f82526e2100ad31f4c9329c13b4cf6fd94ea90007eb677aa9cd6a4d57d782 811
ca-certificates_20090814+nmu1.dsc
8d574a99aa854d1ae6b5265bfaeac9cfee1ba71119d4f4f37bbd586d4d4548c9 230695
ca-certificates_20090814+nmu1.tar.gz
aac76ed7e75de9d7539984d1ec4d07cd1e4c7328fbf8df77f5be372c4ec33ca4 152568
ca-certificates_20090814+nmu1_all.deb
Files:
c73c8f47cf2414f1e9d0628e3d041fe9 811 misc optional
ca-certificates_20090814+nmu1.dsc
a9bb49aa0455254a1d24e0f39a950cf2 230695 misc optional
ca-certificates_20090814+nmu1.tar.gz
f618b19b799f954f0feb28f5536aa7da 152568 misc optional
ca-certificates_20090814+nmu1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkxUYBcACgkQIntwtlWVB0oXTgCgjs0vd4y4UGFJwg+9RUmXiNKB
HxwAnRP1IXi/nBH5aOhED9Msqu4Tvcgv
=aoe4
-----END PGP SIGNATURE-----
--- End Message ---
