Need better support for adding site-local certificates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ca-certificates (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: ca-certificates
A wishlist item for ca-certificates 20080514-0ubuntu1 in intrepid:
I'm putting together a system image for a small corporate site. I am placing files under /usr/local/, and occasionally symlinking these into /etc, /usr, etc. as necessary (as opposed to assembling custom packages in a custom repository; this would be overkill for the site in question). This way, there is a clear distinction between files under the control of the package manager, and local files that aren't.
I want to add a couple of site-specific certificates to the set used by ca-certificates. My first approach was to symlink the subdirectory:
/usr/
This didn't work; "dpkg-reconfigure ca-certificates" would not show the new certs in the multiselect list. So I tried creating the subdirectory in /usr, and symlinking the individual .crt files:
/usr/
/usr/
Again, no go. The only way that debconf would see the new certs was to copy them in as regular files, into a regular subdirectory under /usr.
I would like to see a tweak in how this package finds certificates, to allow adding new ones without polluting /usr with non-dpkg-managed files. A couple of approaches come to mind:
1. Scan /usr/local/
2. Follow symlinks in /usr/share/
I prefer #1, as it is cleaner, and doesn't raise tricky questions of dangling/cyclic symlinks.
fixed in 20090624