On Sun, Aug 27, 2023 at 10:53:58PM +0000, Taylor R Campbell wrote: > Currently, if /etc/openssl/certs.conf doesn't exist, `certctl rehash' > (the crux of `postinstall fix opensslcerts') will print an error > message and then exit with status 0. This combination is a bug -- > need to think a bit about it, but probably better to exit nonzero than > to suppress the error message.
Sounds good to me. Make the error message point at some docs and ask the user to - deinstall mozilla-rootcerts - manually copy /etc/openssl/certs.conf over or - add a manual certs.conf and keep using their old certificate setup. and then re-run postinstall. > So if you unpack new _non-etc_ sets, `postinstall fix' won't > clobber your /etc/openssl/certs directory. This is good. Martin
