diff options
author | Britney Fransen <brfransen@gmail.com> | 2015-09-21 13:38:23 (GMT) |
---|---|---|
committer | Britney Fransen <brfransen@gmail.com> | 2015-09-21 13:38:23 (GMT) |
commit | a539e75c078ac28e99b25b257a0700caaae60770 (patch) | |
tree | ac0abf9714cfe95c9c1022d5bc575f46e60f74b7 /abs/core/ca-certificates/ca-certificates-utils.install | |
parent | ceb6d3594fbd672587a1f15618427be552654241 (diff) | |
download | linhes_pkgbuild-a539e75c078ac28e99b25b257a0700caaae60770.zip linhes_pkgbuild-a539e75c078ac28e99b25b257a0700caaae60770.tar.gz linhes_pkgbuild-a539e75c078ac28e99b25b257a0700caaae60770.tar.bz2 |
ca-certificates: update to 20150402
Diffstat (limited to 'abs/core/ca-certificates/ca-certificates-utils.install')
-rw-r--r-- | abs/core/ca-certificates/ca-certificates-utils.install | 43 |
1 files changed, 29 insertions, 14 deletions
diff --git a/abs/core/ca-certificates/ca-certificates-utils.install b/abs/core/ca-certificates/ca-certificates-utils.install index bf18c7f..8120878 100644 --- a/abs/core/ca-certificates/ca-certificates-utils.install +++ b/abs/core/ca-certificates/ca-certificates-utils.install @@ -2,28 +2,43 @@ export LC_ALL=C post_install() { usr/bin/update-ca-trust -} -pre_upgrade() { - if (( $(vercmp $2 20140923-2) < 0 )); then - find /etc/ssl/certs -type l -print | while read symlink; do - case $(readlink $symlink) in - /usr/share/ca-certificates*) rm -f $symlink;; - esac - done - find /etc/ssl/certs -type l -print | while read symlink; do - test -f $symlink || rm -f $symlink - done - rm -f /etc/ssl/certs/ca-certificates.crt - fi + # This should be a normally packaged file, but that would + # require user intervention at upgrade + ln -srf etc/ca-certificates/extracted/tls-ca-bundle.pem \ + etc/ssl/certs/ca-certificates.crt } post_upgrade() { usr/bin/update-ca-trust + + if (( $(vercmp $2 20140923-7.1) < 0 )); then + cat <<MSG + The way local CA certificates are handled has changed. + If you have added any certificates manually: + + 1. Move certificates from /usr/local/share/ca-certificates/ + to /etc/ca-certificates/trust-source/anchors/ + 2. Do the same with root certificates added to /etc/ssl/certs/ + 3. Instead of \`update-ca-certificates\`, run \`trust extract-compat\` + + Also see \`man 8 update-ca-trust\` and \`trust --help\`. +MSG + fi + + if (( $(vercmp $2 20150402) < 0 )); then + ln -srf etc/ca-certificates/extracted/tls-ca-bundle.pem \ + etc/ssl/certs/ca-certificates.crt + + # Moved to etc/ca-certificates/extracted + rm -f etc/ssl/certs/ca-bundle.trust.crt + fi } pre_remove() { usr/bin/update-ca-trust + + rm -f etc/ssl/certs/{ca-certificates.crt,java/cacerts} } -# vim:set noet ts=8 sw=8: +# vim:set noet ts=8 sw=8 sts=0: |