summaryrefslogtreecommitdiffstats
path: root/abs/core/ca-certificates/ca-certificates-utils.install
blob: 8120878d75ec469d1ae105399c0320290f412714 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
export LC_ALL=C

post_install() {
	usr/bin/update-ca-trust

	# This should be a normally packaged file, but that would
	# require user intervention at upgrade
	ln -srf etc/ca-certificates/extracted/tls-ca-bundle.pem \
		etc/ssl/certs/ca-certificates.crt
}

post_upgrade() {
	usr/bin/update-ca-trust

	if (( $(vercmp $2 20140923-7.1) < 0 )); then
		cat <<MSG
  The way local CA certificates are handled has changed.
  If you have added any certificates manually:

  1. Move certificates from /usr/local/share/ca-certificates/
     to /etc/ca-certificates/trust-source/anchors/
  2. Do the same with root certificates added to /etc/ssl/certs/
  3. Instead of \`update-ca-certificates\`, run \`trust extract-compat\`

  Also see \`man 8 update-ca-trust\` and \`trust --help\`.
MSG
	fi

	if (( $(vercmp $2 20150402) < 0 )); then
		ln -srf etc/ca-certificates/extracted/tls-ca-bundle.pem \
			etc/ssl/certs/ca-certificates.crt

		# Moved to etc/ca-certificates/extracted
		rm -f etc/ssl/certs/ca-bundle.trust.crt
	fi
}

pre_remove() {
	usr/bin/update-ca-trust

	rm -f etc/ssl/certs/{ca-certificates.crt,java/cacerts}
}

# vim:set noet ts=8 sw=8 sts=0: