Hi,
Attached is a patch that was used in Ubuntu to both correct this error
and try and fix up it up for those that were affected as much as
possible. In order for it to work you will have to correct the
pt_BR_fixed_version=20070303-0ubuntu0.7.10
to be the version in which you first apply the patch. The patch
should be carried up until the next release, and then dropped
once that is out.
Here is a comment from the Ubuntu bug report
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/153625
that tries to explain the different cases that this fix will affect
* If the user has an empty file and the template has not been seen
it probably means that they installed under pt_BR and were hit by
this issue and they have not run dpkg-reconfigure ca-certificates.
It will then just behave like a new install.
* If the has an empty file an the template has been seen it means
one of two things
- Either they were hit by the issue and ran dpkg-reconfigure
ca-certificates.
- Or they were not hit by the issue and have deselected all
certificates.
= To help the first case if $LC_ALL=pt_BR.UTF-8 then we show
the question with critical priority and preselect everything,
so that they can select, but it's easy to get the behaviour
of a fresh install.
= If they are not currently under pt_BR.UTF-8 then we leave it
as is. The only users who will suffer from this are those that
were hit by the issue, ran dpkg-reconfigure, and have since
changed locales.
* Otherwise it just does nothing.
I have tested the following scenarios
* install in pt_BR and then upgrade - like default install
* install in pt_BR, dpkg-reconfigure and upgrade - question with all
certs selected by default
* install in pt_BR, switch to en_GB, upgrade - like default install
* install in pt_BR, dpkg-reconfigure, switch to en_GB, upgrade -
still empty file
- dpkg-reconfigure shows the question with no certs highlighted by
default.
* install new version in pt_BR - like default install
* install in en_GB, upgrade - like default install
* install new version in en_GB - like default install
* install in en_GB, dpkg-reconfigure and deselect all, upgrade -
empty file
* install in en_GB, dpkg-reconfigure and deselect all,
switch to pt_BR, upgrade - shown the question and have to
deselect all again.
I think this is good, as the only users it really annoys are those that
changed locales. Those who changed to en_GB have an empty file,
but dpkg-reconfigure will still work for them. Those that changed
to pt_BR have an extra question, but at least they don't get
certificates they don't want activated without their consent.
My only remaining worry is preseeding, does that set the seen
attribute of the questions that are preseeded? Otherwise
there may be unexpected behaviour their.
Also using a lt-ne version check only means that the last case will
be asked the question multiple times, once when they go
to the fixed version, and once for each dist-upgrade until hardy,
so if they are on edgy that could be as many as 4 times.
---
Please consider applying the patch. You don't have to take this
part though, you can just fix up the templates, but that would leave
some users with their package in a broken state.
Thanks,
James
diff -Nru ca-certificates-20070303/debian/changelog ca-certificates-20070303/debian/changelog
--- ca-certificates-20070303/debian/changelog 2007-03-04 05:17:28.0 +
+++ ca-certificates-20070303/debian/changelog 2008-04-02 18:32:14.0 +0100
@@ -1,3 +1,24 @@
+ca-certificates (20070303-0ubuntu0.7.10) gutsy-proposed; urgency=low
+
+ * Fix up generation of the /etc/ssl/certs/ca-certificates.crt
+file for those users who installed the package in a pt_BR
+locale (LP: #153625). A mistake in the translation template
+meant that the choices were not available in this locale,
+and so the file was always empty.
+- If you were affected and have not tried to reconfigure this
+ package, then the problem should be corrected for you
+ automatically.
+- If you were affected and have tried to reconfigure the package
+ you may be shown a debconf question to allow you to select
+ the certificates that you want.
+- The only users who were not affected by this bug but may
+ be affected by this fix are those who installed in a different
+ locale, and then reconfigured the package so that no
+ certificates are trusted, and who now run in a pt_BR locale.
+ They will have to deselect all of the certificates again.
+
+ -- James Westby [EMAIL PROTECTED] Wed, 02 Apr 2008 18:02:39 +0100
+
ca-certificates (20070303) unstable; urgency=low
* Add debconf.org crt. closes: Bug#342088
diff -Nru /tmp/hQRZSbk8Mh/ca-certificates-20070303/debian/config.in /tmp/S9OcHSwA4x/ca-certificates-20070303/debian/config.in
---