Bug#767272: Bug#866670: ca-certificates: update-ca-certificates -f does not pass removed certs to hooks
Daniel von Obernitz
daniel.vonobernitz at uni-greifswald.de
Tue Jan 30 15:09:03 UTC 2018
Dear Maintainer,
I still run into this problem using debian stretch packages.
ca-certificates 20161130+nmu1
ca-certificates-java 20170531+nmu1
For testing I put/removed my own certificates to/from
"/usr/local/share/ca-certificates" and run "update-ca-certificates -f".
New certificates are correctly added to cacerts, but removed
certificates stay present in the cacerts.
I did a very nasty workaround by adding a
rm -f /etc/ssl/certs/java/cacerts
into the ca-certificates-java hook. That way the cacerts is build from
scratch every time, that way only existing certificates are used. But
IMHO this can't be the solution.
Best regards
Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5479 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20180130/26c7ee13/attachment.bin>
More information about the pkg-java-maintainers
mailing list