This mail is intended for others who experience the same problem.
Joey Schulze wrote:
> Package: ca-certificates
> Version: 20080514
>
> After updating the spi-inc.org certificate that Debian uses my locally
> added certificates have been disabled in /etc/ca-certificates.conf.
> Naturally, this should not happen. The package should maintain a
> blacklist of certs to disable instead of disabling everything in
> that configuration file that doesn't come from the package (or
> whatever heuristics it currently uses).
This problem still persists. However the package offers a means of
handling this locally. One could add a script to the
/etc/ca-certificates/update.d/ directory that re-adds the disabled
certificates.
In my case local certs are stored in /usr/local/share/ca-certificates/,
Therefore ca-certificates.conf contains strincs such as
../../local/share/ca-certificates/infodrom-cacert.crt
which get disabled every time the package is updated. To fix this the
attached script can be used to re-enable them again and re-call
update-ca-certificates.
For local use the paths may require adjustments
Regards,
Joey
--
Those who don't understand Unix are condemned to reinvent it, poorly.
Please always Cc to me when replying to me on the lists.
#! /bin/sh
conf=/etc/ca-certificates.conf
# ../../local/share/ca-certificates/infodrom-cacert.crt
if grep -q '^!.*local/share/ca-certificates/.*\.crt' $conf
then
# echo "Re-add local certificates"
sed -i 's,^!\(.*local/share/ca-certificates/.*\.crt\),\1,' $conf
(sleep 20; update-ca-certificates > /dev/null) &
fi
