Your message dated Sat, 29 Apr 2017 19:32:08 +0000 with message-id <e1d4y6c-00068v...@fasolo.debian.org> and subject line Bug#783615: fixed in ca-certificates 20141019+deb8u3 has caused the Debian Bug report #783615, regarding "update-ca-certificates --fresh" doesn't correctly re-add certificates in /usr/local/share/ca-certificates to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 783615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783615 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ca-certificates Version: 20141019 Tags: patch If "update-ca-certificates" is called with the "--fresh" option, it doesn't correctly re-add certificates in /usr/local/share/ca-certificates. These are ignored. Although /etc/ssl/certs/ca-certificates.crt is re-created correctly, extension scripts in /etc/ca-certificates/update.d are not notified about added certificates. For example, the file /etc/ssl/certs/java/cacerts, managed by the package ca-certificates-java, won't be re-created correctly if it was removed before. The main cause seems to be that "update-ca-certificates" doesn't remove symlinks pointing to certificates in /usr/local/share/ca-certificates ($LOCALCERTSDIR), but only those pointing to /usr/share/ca-certificates (CERTSDIR). This causes that the add() function doesn't add all certificates to $ADDED. The following example shows the problem: The CA certificate "Test-CA" is stored to /usr/local/share/ca-certificates/test/Test-CA.crt: The first run of "update-ca-certificates --fresh" adds "Test-CA" as expected: # update-ca-certificates -f Clearing symlinks in /etc/ssl/certs...done. Updating certificates in /etc/ssl/certs... 3 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d.... Replacing debian:QuoVadis_Root_CA.pem Replacing debian:QuoVadis_Root_CA_2.pem Adding debian:Test-CA.pem done. done. But a subsequent execution of "update-ca-certificates --fresh" doesn't re-add "Test-CA": # update-ca-certificates -f Clearing symlinks in /etc/ssl/certs...done. Updating certificates in /etc/ssl/certs... 2 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d.... Replacing debian:QuoVadis_Root_CA.pem Replacing debian:QuoVadis_Root_CA_2.pem done. done. The attached patch contains a fix that might solve the problem.--- update-ca-certificates.old 2015-04-28 14:11:11.327796700 +0200 +++ update-ca-certificates 2015-04-28 14:12:50.895857560 +0200 @@ -89,7 +89,7 @@ find . -type l -print | while read symlink do case $(readlink $symlink) in - $CERTSDIR*) rm -f $symlink;; + $CERTSDIR*|$LOCALCERTSDIR*) rm -f $symlink;; esac done find . -type l -print | while read symlink
--- End Message ---
--- Begin Message ---Source: ca-certificates Source-Version: 20141019+deb8u3 We believe that the bug you reported is fixed in the latest version of ca-certificates, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 783...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Beckmann <a...@debian.org> (supplier of updated ca-certificates package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 29 Apr 2017 01:19:23 +0200 Source: ca-certificates Binary: ca-certificates Architecture: source all Version: 20141019+deb8u3 Distribution: jessie Urgency: medium Maintainer: Michael Shuler <mich...@pbandjelly.org> Changed-By: Andreas Beckmann <a...@debian.org> Description: ca-certificates - Common CA certificates Closes: 783615 825730 Changes: ca-certificates (20141019+deb8u3) jessie; urgency=medium . [ Michael Shuler ] * sbin/update-ca-certificates: Update local certificates directory when calling --fresh. Closes: #783615 . [ Andreas Beckmann ] * Backport another commit to make running update-certificates without hooks actually work (instead of showing a usage message). Closes: #825730 Checksums-Sha1: 250dbcd560130d7b5a87544d04261bda22969188 1779 ca-certificates_20141019+deb8u3.dsc 02c49c282c38e19f92dac721e6eb42b8f91df289 299472 ca-certificates_20141019+deb8u3.tar.xz 4926838b39306aa467005b355e2cef55723b890f 206870 ca-certificates_20141019+deb8u3_all.deb Checksums-Sha256: 00d74f6be7cdae6be14b97f0a0c7d98e6050fcf09044d2f0f637cf1a985b1234 1779 ca-certificates_20141019+deb8u3.dsc d6c6244b47b96ae9b718e4c1f3b6dc3487a455a31aeae70573361f313bc532a8 299472 ca-certificates_20141019+deb8u3.tar.xz bd799f47f5ae3260b6402b1fe19fe2c37f2f4125afcd19327bf69a9cf436aeff 206870 ca-certificates_20141019+deb8u3_all.deb Files: f526ddf5e7ee2d1dae4802d593c56c55 1779 misc optional ca-certificates_20141019+deb8u3.dsc ef5f4539994292176f10274b00e8075f 299472 misc optional ca-certificates_20141019+deb8u3.tar.xz f39a638adcc521e82fcfc802be156cf2 206870 misc optional ca-certificates_20141019+deb8u3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZA87LAAoJEF+zP5NZ6e0IweIP/0oHP9sTCkP9mHo+fvtex522 KFDx72wzWMH3weQJITUDQjRogADiDFyKiq5vUmugK3Ru66Y6UXQD1FFeUFfsPfr3 dbbcjV4AMG8ELJXNxkZRvmS2B819m16lQNSK3YzQPE4Bac2I6zi83vw95A/VIepW 12M6tfjSpKFrq/bbObif6dPrG1TXympmCX/0IQ3hkiHq+22e+Fh56e2QVblibgQO e1aIf7yksbvs3aQU90wbIB+DvF1jojlEVXsGowpULZ70I+sr9ujfW1xTDROVmrny PoMFw5wMefUqBPorJQGJj3jfmUW6XTfyeu9nMTUbCa4PHPkqQ7WQkI3oD0I3g725 tGo8R+ZxNVIrfVyn6gKEkNp8vVpEzRYXaKSEi/nKgKwQgrMEUNiVCd3O2C8mwGbG /49fKo9zARMZEoythSCMNkNLT7Z+jQLt98Q3hFDzPAWi7gxrH6EOH9vub0lwFncm CR+ixkH/jQyRYkDNHXqLREAOQtgHO+l5NSqjf1izwFHDeHZdrIlFoZGIHugT2TWR 9r8fHOCCUzWpJLxIRV9HH5xnkVXR91znIZmm2V7Kw45MTI3AJbH8apNdTyohg1Rq KPO8Y7gZPrAlBhHiPnfnp9ZWcd1VphDurpHSnP96OZSsj0DCdaNxn0d9RmrOATQF 14aibIS3DzUs4piXnqtt =VA4W -----END PGP SIGNATURE-----
--- End Message ---
