Applied a patch by Martin F. Krafft to support hooks scripts. (Closes: #377314)

author Philipp Kern <pkern@debian.org>

Fri, 11 Apr 2008 18:48:57 +0000 (20:48 +0200)

committer Philipp Kern <pkern@debian.org>

Fri, 11 Apr 2008 18:49:32 +0000 (20:49 +0200)
author Philipp Kern <pkern@debian.org>
Fri, 11 Apr 2008 18:48:57 +0000 (20:48 +0200)
committer Philipp Kern <pkern@debian.org>
Fri, 11 Apr 2008 18:49:32 +0000 (20:49 +0200)
diff --git a/debian/changelog b/debian/changelog

index 8ef2c2e4094119ba57b3fa1b6eb8a49d9d059c7e..423a9a071bff64dd80c6bca66a7f750066ac0e50 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -53,6 +53,8 @@ ca-certificates (20080411) unstable; urgency=low
    * Reworded the description and made it static to ease translations.
    * Reworded and amended README.Debian.
    * Added myself to the uploaders of this package.
    * Reworded the description and made it static to ease translations.
    * Reworded and amended README.Debian.
    * Added myself to the uploaders of this package.
+  * Applied a patch by Martin F. Krafft to support hooks scripts
+    on add/remove of a certificate.  (Closes: #377314)
  
   -- Philipp Kern <pkern@debian.org>  Fri, 11 Apr 2008 18:56:42 +0200
  
  
   -- Philipp Kern <pkern@debian.org>  Fri, 11 Apr 2008 18:56:42 +0200
  
diff --git a/debian/dirs b/debian/dirs

index f04f347f1193571fd0b6171041f4a84cac6c20b6..b64bbd3c36bfd2d51e09502990773f861dbe3a41 100644 (file)
--- a/debian/dirs
+++ b/debian/dirs
@@ -1,3 +1,4 @@
  etc/ssl/certs
  usr/sbin
  usr/share/ca-certificates/
  etc/ssl/certs
  usr/sbin
  usr/share/ca-certificates/
+etc/ca-certificates/update.d
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates

index baa1bb92e7a28868df80564d1114ee221baf4720..46e4c10d81882c9cffc48ce15e11cf4d9696a575 100644 (file)
--- a/sbin/update-ca-certificates
+++ b/sbin/update-ca-certificates
@@ -38,9 +38,10 @@ done
  CERTSCONF=/etc/ca-certificates.conf
  CERTSDIR=/usr/share/ca-certificates
  CERTBUNDLE=ca-certificates.crt
  CERTSCONF=/etc/ca-certificates.conf
  CERTSDIR=/usr/share/ca-certificates
  CERTBUNDLE=ca-certificates.crt
-cd /etc/ssl/certs
+ETCCERTSDIR=/etc/ssl/certs
+cd $ETCCERTSDIR
  if [ "$fresh" = 1 ]; then
  if [ "$fresh" = 1 ]; then
-  echo -n "Clearing symlinks in /etc/ssl/certs..."
+  echo -n "Clearing symlinks in $ETCCERTSDIR..."
    find . -type l -print | while read symlink
    do
       case $(readlink $symlink) in
    find . -type l -print | while read symlink
    do
       case $(readlink $symlink) in
@@ -53,31 +54,49 @@ if [ "$fresh" = 1 ]; then
    done
    echo "done."
  fi
    done
    echo "done."
  fi
-echo -n "Updating certificates in /etc/ssl/certs...."
+echo -n "Updating certificates in $ETCCERTSDIR...."
  
  bundletmp=`mktemp "${CERTBUNDLE}.tmp.XXXXXX"`
  
  bundletmp=`mktemp "${CERTBUNDLE}.tmp.XXXXXX"`
-sed -ne 's/^!//p' $CERTSCONF | while read crt
+removed="$(sed -ne 's/^!//p' $CERTSCONF | while read crt
  do
   if test "$crt" = ""; then continue; fi
   pem=$(basename "$crt" .crt).pem
  do
   if test "$crt" = ""; then continue; fi
   pem=$(basename "$crt" .crt).pem
- if test -e "$pem"; then rm -f "$pem"; fi
-done
+ if test -e "$pem"; then
+  rm -f "$pem"
+  echo "-$ETCCERTSDIR/$pem"
+ fi
+done)"
  
  
-sed -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
+added="$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
  do
   if test "$crt" = ""; then continue; fi
   if ! test -f "$CERTSDIR/$crt"; then continue; fi
   pem=$(basename "$crt" .crt).pem
  do
   if test "$crt" = ""; then continue; fi
   if ! test -f "$CERTSDIR/$crt"; then continue; fi
   pem=$(basename "$crt" .crt).pem
+ if ! test -e "$pem"; then echo "+$ETCCERTSDIR/$pem"; fi
   ln -sf "$CERTSDIR/$crt" "$pem"
   cat "$CERTSDIR/$crt" >> "$bundletmp"
   ln -sf "$CERTSDIR/$crt" "$pem"
   cat "$CERTSDIR/$crt" >> "$bundletmp"
-done
+done)"
  chmod 0644 "$bundletmp"
  mv -f "$bundletmp" "$CERTBUNDLE"
  
  chmod 0644 "$bundletmp"
  mv -f "$bundletmp" "$CERTBUNDLE"
  
-if [ "$verbose" = 0 ]; then
-  c_rehash . > /dev/null 2>&1
+if [ -n "$added" ] || [ -n "$removed" ]; then
+  # only run if set of files has changed
+
+  if [ "$verbose" = 0 ]; then
+    c_rehash . > /dev/null 2>&1
+  else
+    c_rehash .
+  fi
+  echo "done."
+
+  HOOKSDIR=/etc/ca-certificates/update.d
+  echo -n "Running hooks in $HOOKSDIR...."
+  VERBOSE_ARG=
+  [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
+  eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook; do
+  printf -- "${removed:+$removed\n}${added:+$added\n}" | eval $hook
+  done
+  echo "done."
  else
  else
-  c_rehash .
+  echo "done."
  fi
  fi
-echo "done."
-
diff --git a/sbin/update-ca-certificates.8 b/sbin/update-ca-certificates.8

index 38d038627a6bf7ae76d6e23d8d07679b6bcc00fb..3c71502548e9c98ca96f4d65bb50ef780ab806b4 100644 (file)
--- a/sbin/update-ca-certificates.8
+++ b/sbin/update-ca-certificates.8
@@ -34,6 +34,11 @@ It reads /etc/ca-certificates.conf file. Each lines list pathname of
  activated CA certificates under /usr/share/ca-certificates.
  Lines that begin with "#" is comment line. 
  Lines that begin with "!" is deselect, deactivation of the CA certificates. 
  activated CA certificates under /usr/share/ca-certificates.
  Lines that begin with "#" is comment line. 
  Lines that begin with "!" is deselect, deactivation of the CA certificates. 
+.PP
+Before terminating, \fBupdate-ca-certificates\fP invokes
+\fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with
+a list of certificates: those added are prefixed with a +, those removed are
+prefixed with a -.
  .SH OPTIONS
  A summary of options is included below.
  .TP
  .SH OPTIONS
  A summary of options is included below.
  .TP
author	Philipp Kern <pkern@debian.org>
	Fri, 11 Apr 2008 18:48:57 +0000 (20:48 +0200)
committer	Philipp Kern <pkern@debian.org>
	Fri, 11 Apr 2008 18:49:32 +0000 (20:49 +0200)
debian/changelog		patch \| blob \| history
debian/dirs		patch \| blob \| history
sbin/update-ca-certificates		patch \| blob \| history
sbin/update-ca-certificates.8		patch \| blob \| history