diff options
author | Michael Shuler <michael@pbandjelly.org> | 2018-12-20 17:22:59 -0600 |
---|---|---|
committer | Michael Shuler <michael@pbandjelly.org> | 2018-12-20 17:22:59 -0600 |
commit | 1ef0fd15cc77c854e79a4f599d5228a67548ab87 (patch) | |
tree | ef7e70745e8713f75aa8b8a16fd1e7c54eb0a32a | |
parent | bbc2ea59142000debec86dc666675f9da6c29977 (diff) | |
download | ca-certificates-1ef0fd15cc77c854e79a4f599d5228a67548ab87.tar.gz |
Remove all orphan symlinks found in /etc/ssl/certs
This should prevent `openssl rehash` from exiting with an error on a
symlink with nonexistent target, since the behavior changed from c_rehash.
See #895482, #895473.
-rw-r--r-- | debian/changelog | 3 | ||||
-rwxr-xr-x | sbin/update-ca-certificates | 8 |
2 files changed, 11 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index bec0b2d..45af3cf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,9 @@ ca-certificates (20181220) UNRELEASED; urgency=medium * debian/ca-certificates.postinst: Fix permissions on /usr/local/share/ca-certificates when using symlinks. Closes: #916833 + * sbin/update-ca-certificates: + Remove orphaned symlinks found in /etc/ssl/certs, to prevent `openssl + rehash` from exiting with an error. Closes: #895482, #895473 * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.28. The following certificate authorities were added (+): diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates index bdf5b27..175035a 100755 --- a/sbin/update-ca-certificates +++ b/sbin/update-ca-certificates @@ -111,6 +111,14 @@ remove() { fi } +# Remove all orphan symlinks found in ETCCERTSDIR, to prevent +# `openssl rehash` from exiting with an error. See #895482, #895473. +find $ETCCERTSDIR -type l ! -exec test -e {} \; -print | while read orphan +do + rm -f "$orphan" + echo "Removed orphan symlink $orphan" +done + cd "$ETCCERTSDIR" if [ "$fresh" = 1 ]; then echo "Clearing symlinks in $ETCCERTSDIR..." |