[Bug 293944] [NEW] Need better support for adding site-local certificates

Tue, 04 Nov 2008 19:56:02 -0800 

Public bug reported:

Binary package hint: ca-certificates

A wishlist item for ca-certificates 20080514-0ubuntu1 in intrepid:

I'm putting together a system image for a small corporate site. I am
placing files under /usr/local/, and occasionally symlinking these into
/etc, /usr, etc. as necessary (as opposed to assembling custom packages
in a custom repository; this would be overkill for the site in
question). This way, there is a clear distinction between files under
the control of the package manager, and local files that aren't.

I want to add a couple of site-specific certificates to the set used by
ca-certificates. My first approach was to symlink the subdirectory:

    /usr/share/ca-certificates/smallcorp -> /usr/local/share/ca-
certificates/smallcorp/

This didn't work; "dpkg-reconfigure ca-certificates" would not show the
new certs in the multiselect list. So I tried creating the subdirectory
in /usr, and symlinking the individual .crt files:

    /usr/share/ca-certificates/smallcorp/
    /usr/share/ca-certificates/smallcorp/SmallCorp_Root_CA.crt -> 
/usr/local/share/ca-certificates/smallcorp/SmallCorp_Root_CA.crt

Again, no go. The only way that debconf would see the new certs was to
copy them in as regular files, into a regular subdirectory under /usr.

I would like to see a tweak in how this package finds certificates, to
allow adding new ones without polluting /usr with non-dpkg-managed
files. A couple of approaches come to mind:

1. Scan /usr/local/share/ca-certificates/ in addition to /usr/share/ca-
certificates/.

2. Follow symlinks in /usr/share/ca-certificates/.

I prefer #1, as it is cleaner, and doesn't raise tricky questions of
dangling/cyclic symlinks.

** Affects: ca-certificates (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Need better support for adding site-local certificates
https://bugs.launchpad.net/bugs/293944
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to