Hard-code the path of the trusted CA certificates (!3) · Merge requests · Debian / msttcorefonts

Christoph Anton Mitterer requested to merge calestyo-guest/msttcorefonts:specify-trusted-ca-certs into master Oct 30, 2024

Previously, wget used the configured system-wide trusted CA certificates (as found in /etc/ssl/certs).

While the ttf-mscorefonts-installer-package depends on the ca-certificates- package, there is no guarantee that the CA certificates of that are all enabled. If not, update-ms-fonts respectively the package installation fails.

This commit hard-codes the location of the trusted CA certificates used by wget to their location as provided by the ca-certificates-package.

Security-wise this should have no impact: Even if an administrator intentionally disabled some certificates, which may now be used nevertheless when update-ms-fonts invokes wget – the files’ hashsums are anyway verified against those that are statically stored in cabfiles.sha256sums.

Signed-off-by: Christoph Anton Mitterer mail@christoph.anton.mitterer.name

Hard-code the path of the trusted CA certificates

Merge request reports