[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ca-certificates symlinks out of /etc

On Sat, Nov 04, 2006 at 02:30:54PM +0100, Joey Schulze wrote:
> Kurt Roeckx wrote:
> > On Sat, Nov 04, 2006 at 12:52:03PM +0100, Joey Schulze wrote:
> > > 
> > > Maybe one improvement would be to reduce the number of links in this
> > > directory to one per certificate.  Currently for each certificate
> > > provided by ca-certificates the certificate has a link to /usr/share/..
> > > and the hash has a link to the other link.  Wouldn't it be possible to
> > > only create the hash link as a symbolic link to /usr/share/...?
> > 
> > I'm not sure the current c_rehash supports that.  People (or scripts)
> > may want to run c_rehash on /etc/ssl/certs, at which point it would
> > remove the hash links, and you have nothing left.
> 
> Are the hashes recalculated randomly?  Which programs do that?
> (since I was left with a missing hash several times, at least
> I don't seem to have such a program installed)

It seems there is an update-ca-certificates, which has a config file
(/etc/ca-certificates.conf) that says which certificates should be
enabled.

It runs c_rehash at the end of it, to regenerate the hashes.


Kurt
Reply to: