export LC_ALL=C

post_install() {
	usr/bin/update-ca-trust

	# This should be a normally packaged file, but that would
	# require user intervention at upgrade
	ln -srf etc/ca-certificates/extracted/tls-ca-bundle.pem \
		etc/ssl/certs/ca-certificates.crt
}

post_upgrade() {
	usr/bin/update-ca-trust

	if (( $(vercmp $2 20140923-7.1) < 0 )); then
		cat <<MSG
  The way local CA certificates are handled has changed.
  If you have added any certificates manually:

  1. Move certificates from /usr/local/share/ca-certificates/
     to /etc/ca-certificates/trust-source/anchors/
  2. Do the same with root certificates added to /etc/ssl/certs/
  3. Instead of \`update-ca-certificates\`, run \`trust extract-compat\`

  Also see \`man 8 update-ca-trust\` and \`trust --help\`.
MSG
	fi

	if (( $(vercmp $2 20150402) < 0 )); then
		ln -srf etc/ca-certificates/extracted/tls-ca-bundle.pem \
			etc/ssl/certs/ca-certificates.crt

		# Moved to etc/ca-certificates/extracted
		rm -f etc/ssl/certs/ca-bundle.trust.crt
	fi
}

pre_remove() {
	usr/bin/update-ca-trust

	rm -f etc/ssl/certs/{ca-certificates.crt,java/cacerts}
}

# vim:set noet ts=8 sw=8 sts=0: