This mail is intended for others who experience the same problem. Joey Schulze wrote: > Package: ca-certificates > Version: 20080514 > > After updating the spi-inc.org certificate that Debian uses my locally > added certificates have been disabled in /etc/ca-certificates.conf. > Naturally, this should not happen. The package should maintain a > blacklist of certs to disable instead of disabling everything in > that configuration file that doesn't come from the package (or > whatever heuristics it currently uses).
This problem still persists. However the package offers a means of handling this locally. One could add a script to the /etc/ca-certificates/update.d/ directory that re-adds the disabled certificates. In my case local certs are stored in /usr/local/share/ca-certificates/, Therefore ca-certificates.conf contains strincs such as ../../local/share/ca-certificates/infodrom-cacert.crt which get disabled every time the package is updated. To fix this the attached script can be used to re-enable them again and re-call update-ca-certificates. For local use the paths may require adjustments Regards, Joey -- Those who don't understand Unix are condemned to reinvent it, poorly. Please always Cc to me when replying to me on the lists.
#! /bin/sh conf=/etc/ca-certificates.conf # ../../local/share/ca-certificates/infodrom-cacert.crt if grep -q '^!.*local/share/ca-certificates/.*\.crt' $conf then # echo "Re-add local certificates" sed -i 's,^!\(.*local/share/ca-certificates/.*\.crt\),\1,' $conf (sleep 20; update-ca-certificates > /dev/null) & fi