Re: ca-certificates symlinks out of /etc
Kurt Roeckx wrote:
> > > > Maybe one improvement would be to reduce the number of links in this
> > > > directory to one per certificate. Currently for each certificate
> > > > provided by ca-certificates the certificate has a link to /usr/share/..
> > > > and the hash has a link to the other link. Wouldn't it be possible to
> > > > only create the hash link as a symbolic link to /usr/share/...?
> > >
> > > I'm not sure the current c_rehash supports that. People (or scripts)
> > > may want to run c_rehash on /etc/ssl/certs, at which point it would
> > > remove the hash links, and you have nothing left.
> >
> > Are the hashes recalculated randomly? Which programs do that?
> > (since I was left with a missing hash several times, at least
> > I don't seem to have such a program installed)
>
> It seems there is an update-ca-certificates, which has a config file
> (/etc/ca-certificates.conf) that says which certificates should be
> enabled.
>
> It runs c_rehash at the end of it, to regenerate the hashes.
The name suggests that it comes from the ca-certificates package.
If something in this package is changed, it shouldn't be a real
showstopper to modify this script as well, should it?
Regards,
Joey
--
Reading is a lost art nowadays. -- Michael Weber
Please always Cc to me when replying to me on the lists.
Reply to: