tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: new certificate stuff

Manuel Bouyer <> writes:

>> The etc.tgz set, however, will have /etc/openssl/certs.conf.  So if
>> you naively unpack etc.tgz, `postinstall fix' will clobber your
>> /etc/openssl/certs directory.
> As it will clobber others /etc/ files, so that's fine.

Maybe this is too much, but perhaps certctl should look for a .certctl
in /etc/openssl/certs and only if present rm/replace.  Or really only
limit the rm; adding to an empty dir is fine.   Basically a token that
says the dir is under the control of certctl.  -f can override the
check and write the token.

I know this sounds like extra work, but the lesson I took from the pkgdb
change is that things like that this are at least 10x harder than you

Also people will have to uninstall mozilla-rootcerts-openssl.

Home | Main Index | Thread Index | Old Index