found 514220 ca-certificates/20090814 quit Philipp Kern wrote: > patches for this bug are welcome
What license terms do your debian/ directory use? Granted, this is a small enough patch that it is probably not copyrightable. Completely untested, probably problematic: -- %< -- Subject: postinst: do not remove unknown certs from ca-certificates.conf An administrator might try to add local certificates to the /etc/ssl/certs/ca-certificates.crt file that is maintained by ca-certficates by editing the /etc/ca-certificates.conf file directly. Unfortuantely this configuration is destroyed when ca-certificates runs its debconf thing next time. A certificate not listed in $CERTS_AVAILABLE could be from an older version of ca-certificates or it could be from the user. This patch assumes that it is from the user and preserves it, meaning that if future versions of ca-certificates remove certificates, they will have to add in logic for that. Fixes: http://bugs.debian.org/514220 Reported-by: Peter Palfrader <wea...@debian.org> --- > (please not, that the > config script is a mess, though). I have some small suggestions for that, but they should probably wait until later. Please remind me if you remember. Regards, Jonathan debian/postinst | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/debian/postinst b/debian/postinst index ca6aab0..ee0d9f7 100644 --- a/debian/postinst +++ b/debian/postinst @@ -66,6 +66,8 @@ case "$1" in do if echo "$line" | grep -q '^#'; then echo "$line" + elif ! memberp "$ca" "$CERTS_AVAILABLE"; then + echo "$line" else case "$line" in !*) ca=$(echo "$line" | sed -e 's/^!//');; -- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
