CERTSCONF=/etc/ca-certificates.conf
CERTSDIR=/usr/share/ca-certificates
-LOCALCERTSDIR=/usr/local/share/ca-certificates
+-CERTBUNDLE=ca-certificates.crt
+LOCALCERTSDIR=/etc/certs
- CERTBUNDLE=/etc/openssl/ca-certificates.crt
++CERTBUNDLE=/etc/certs/ca-certificates.crt
ETCCERTSDIR=/etc/openssl/certs
cd $ETCCERTSDIR
+@@ -52,7 +52,7 @@
+
+ # Helper files. (Some of them are not simple arrays because we spawn
+ # subshells later on.)
+-TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")"
++TEMPBUNDLE="$(mktemp "${CERTBUNDLE}.tmp.XXXXXX")"
+ ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
+ REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
+
@@ -62,7 +62,7 @@
# bundle.
add() {
CERT="$1"
- PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
-+ PEM="$ETCCERTSDIR/$(basename "$CERT" | sed -e 's/.crt$/.pem/' -e 's/ /_/g' \
++ PEM="$ETCCERTSDIR/$(basename "$CERT" .pem | sed -e 's/.crt$/.pem/' -e 's/ /_/g' \
-e 's/[()]/=/g' \
-e 's/,/_/g').pem"
if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
remove() {
CERT="$1"
- PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem"
-+ PEM="$ETCCERTSDIR/$(basename "$CERT" | sed 's/.crt$/.pem/')"
++ PEM="$ETCCERTSDIR/$(basename "$CERT" .pem | sed 's/.crt$/.pem/').pem"
if test -L "$PEM"
then
rm -f "$PEM"
-@@ -110,24 +110,17 @@
+@@ -89,6 +89,7 @@
+ do
+ case $(readlink $symlink) in
+ $CERTSDIR*) rm -f $symlink;;
++ $LOCALCERTSDIR*) rm -f $symlink;;
+ esac
+ done
+ find . -type l -print | while read symlink
+@@ -110,24 +110,18 @@
sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
do
then
+ add "$CERTSDIR/$crt"
+ elif test -f "$LOCALCERTSDIR/$crt"
++ then
+ add "$LOCALCERTSDIR/$crt"
+ else
- echo "W: $CERTSDIR/$crt not found, but listed in $CERTSCONF." >&2