Here is how I experienced what I've reported.

I have the certificates for sendmail in  /etc/mail/tls, a list of *.crt files.
To have everything ok for sendmail, I need to have those certificates
in /etc/ssl/certs with the special name "hash".0.
As the name "hash".0 is not easy to maintain, I just create symlinks
in /etc/ssl/certs using :

$ cd /etc/ssl/certs
$ ln -s /etc/mail/tls/foo.crt `openssl x509 -noout -hash < 
/etc/mail/tls/foo.crt`.0

Then, each time I let ubuntu/debian upgrade the ca-certificates package,
my symlinks disapear.

Proof:

[EMAIL PROTECTED]:/etc/ssl # cp -a certs certs-orig
[EMAIL PROTECTED]:/etc/ssl # apt-get --reinstall install ca-certificates
Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 1 not upgraded.
Need to get 97.3kB of archives.
After unpacking 0B of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://archive.ubuntu.com gutsy/main ca-certificates 20070303 [97.3kB]
Fetched 97.3kB in 0s (185kB/s)       
Preconfiguring packages ...
(Reading database ... 145428 files and directories currently installed.)
Preparing to replace ca-certificates 20070303 (using 
.../ca-certificates_20070303_all.deb) ...
Unpacking replacement ca-certificates ...
Setting up ca-certificates (20070303) ...
Updating certificates in /etc/ssl/certs....done.

Now I check:

[EMAIL PROTECTED]:/etc/ssl # diff -qr certs-orig certs
Only in certs-orig: 4f293038.0
Only in certs-orig: 627c1091.0
.....more files only in certs-orig...
diff: certs-orig/cacert.org.pem: No such file or directory
diff: certs/cacert.org.pem: No such file or directory    <===== broken symlink 
(*)

[EMAIL PROTECTED]:/etc/ssl # ls -l certs-orig/4f293038.0
lrwxrwxrwx 1 root root 33 2007-05-14 22:13 certs-orig/4f293038.0 -> 
/etc/mail/tls/sendmail-server.crt
[EMAIL PROTECTED]:/etc/ssl # ls -l certs-orig/627c1091.0
lrwxrwxrwx 1 root root 33 2007-05-14 22:13 certs-orig/627c1091.0 -> 
/etc/mail/tls/xxxxxxxxx.org.crt

bingo, those two certs were for sendmail and they are gone.

(*) broken symlink:
[EMAIL PROTECTED]:/etc/ssl # ls -l certs/cacert.org.pem
lrwxrwxrwx 1 root root 52 2007-03-22 00:51 certs/cacert.org.pem -> 
/usr/share/ca-certificates/cacert.org/cacert.org.crt
[EMAIL PROTECTED]:/etc/ssl # ls -l 
/usr/share/ca-certificates/cacert.org/cacert.org.crt
ls: /usr/share/ca-certificates/cacert.org/cacert.org.crt: No such file or 
directory

-- 
ca-certificates removes all users certificates in /etc/ssl/certs
https://bugs.launchpad.net/bugs/114495
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to