Re: ca-certificates symlinks out of /etc
On Sat, Nov 04, 2006 at 02:30:54PM +0100, Joey Schulze wrote:
> Kurt Roeckx wrote:
> > On Sat, Nov 04, 2006 at 12:52:03PM +0100, Joey Schulze wrote:
> > >
> > > Maybe one improvement would be to reduce the number of links in this
> > > directory to one per certificate. Currently for each certificate
> > > provided by ca-certificates the certificate has a link to /usr/share/..
> > > and the hash has a link to the other link. Wouldn't it be possible to
> > > only create the hash link as a symbolic link to /usr/share/...?
> > I'm not sure the current c_rehash supports that. People (or scripts)
> > may want to run c_rehash on /etc/ssl/certs, at which point it would
> > remove the hash links, and you have nothing left.
> Are the hashes recalculated randomly? Which programs do that?
> (since I was left with a missing hash several times, at least
> I don't seem to have such a program installed)
It seems there is an update-ca-certificates, which has a config file
(/etc/ca-certificates.conf) that says which certificates should be
It runs c_rehash at the end of it, to regenerate the hashes.