[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ca-certificates symlinks out of /etc

Kurt Roeckx wrote:
> > > > Maybe one improvement would be to reduce the number of links in this
> > > > directory to one per certificate.  Currently for each certificate
> > > > provided by ca-certificates the certificate has a link to /usr/share/..
> > > > and the hash has a link to the other link.  Wouldn't it be possible to
> > > > only create the hash link as a symbolic link to /usr/share/...?
> > > 
> > > I'm not sure the current c_rehash supports that.  People (or scripts)
> > > may want to run c_rehash on /etc/ssl/certs, at which point it would
> > > remove the hash links, and you have nothing left.
> > 
> > Are the hashes recalculated randomly?  Which programs do that?
> > (since I was left with a missing hash several times, at least
> > I don't seem to have such a program installed)
> It seems there is an update-ca-certificates, which has a config file
> (/etc/ca-certificates.conf) that says which certificates should be
> enabled.
> It runs c_rehash at the end of it, to regenerate the hashes.

The name suggests that it comes from the ca-certificates package.
If something in this package is changed, it shouldn't be a real
showstopper to modify this script as well, should it?



Reading is a lost art nowadays.  -- Michael Weber

Please always Cc to me when replying to me on the lists.

Reply to: