--- gentoo.orig/app-misc/ca-certificates/Manifest	2011-08-31 19:31:04.000000000 +0200
+++ gentoo.orig/app-misc/ca-certificates/Manifest	2011-08-31 23:04:26.035276763 +0200
@@ -1,8 +1,10 @@ 
 DIST ca-certificates_20090709_all.deb 154620 RMD160 d2e1b846341b2d7201675418b76f56f7decc929b SHA1 19790e219ee2c775f50d7ddd486ec60dfd0c7106 SHA256 de1e35997eb39c7ba5713f206aba034ff8ce8aa3aebebfc7eb1823de9968d767
 DIST ca-certificates_20110421_all.deb 176778 RMD160 504d592cc997c827da47699a3db5d4a25521a63a SHA1 863a3eabb7366e69942bfe10f6c2cd99c145d0b8 SHA256 a60a9c0faf1847df4553ce13ffe337412b88dd1b9d502741ac1760204c0bdda3
+DIST ca-certificates_20110502+nmu1_all.deb 174242 RMD160 7fbfff59c2dc2fae6127389464c01c1af9a32dc5 SHA1 141c8bf62f46043c52442d9bb58cc9bf74ed1b4c SHA256 d44284ee9b733b9890a54516f66b68a382ac5fb2c0bdceafed4cf229aa3b05a1
 DIST ca-certificates_20110502_all.deb 175556 RMD160 22e74ea15def87024ee079191ad296e6a44351f4 SHA1 fa40b012ae21088963c7ffad5ce7d205664881a9 SHA256 fa14c729b48ed58f5c048b8721f09fded9824c1f450a656fb2cc396195935a98
 EBUILD ca-certificates-20090709.ebuild 2126 RMD160 3d24608ff5c55225ed5c81a67857c0f8f78b81c2 SHA1 6ef2729547b0b7aea0308fc1a8017ff07602063b SHA256 86820ea4d33d9e0e779c0a0d631242b12821bf4135ec6bccd2c284e948c51b19
 EBUILD ca-certificates-20110421.ebuild 2119 RMD160 4d43af5a2d49eede27e6cd6b41568bfc45e655d9 SHA1 0c8c63fa35f9ab2f0bf8b867951647cba76e345f SHA256 1223e4710e2d72fbb97f93bfa77351912b20b6ea07e83c7672bd24b1d812a634
+EBUILD ca-certificates-20110502-r1.ebuild 2125 RMD160 2c44dcf346ecadad99639b59bcc1bcefaef71ad5 SHA1 b8f364aa52cb1c78098620395f35592b14b0caf8 SHA256 ae8ec4ba9f33c950e01df4abbd62d06e14f98961ccdefacc409c63d0e20a95a0
 EBUILD ca-certificates-20110502.ebuild 2120 RMD160 eff412c030efac5272b3109326d483857cb62f67 SHA1 533aa547d6360b0cd5af7b696763cd22d5e33abe SHA256 11ba88945cc66cc74f3e2236f0be28ed5e55162b7f1133929f7c4d6c7081dc05
 MISC ChangeLog 6704 RMD160 25b9b2f4adb66a0c9988b9c82ea4a47e56ab925a SHA1 8c50b721c686575fcb2a481d52b61c6b52634cdc SHA256 c69775cb69b7e53d678384355f7b57da07b94ed782f9c91fb26e3e12bad7b0df
 MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
--- gentoo.orig/app-misc/ca-certificates/ca-certificates-20110502-r1.ebuild	1970-01-01 01:00:00.000000000 +0100
+++ gentoo.orig/app-misc/ca-certificates/ca-certificates-20110502-r1.ebuild	2011-08-31 23:01:16.346280185 +0200
@@ -0,0 +1,72 @@ 
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ca-certificates-20110502.ebuild,v 1.1 2011/08/31 17:25:31 robbat2 Exp $
+
+inherit eutils
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}+nmu1_all.deb"
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE=""
+
+DEPEND="|| ( >=sys-apps/coreutils-6.10-r1 sys-apps/mktemp sys-freebsd/freebsd-ubin )"
+RDEPEND="${DEPEND}
+	dev-libs/openssl
+	sys-apps/debianutils"
+
+S=${WORKDIR}
+
+src_unpack() {
+	unpack ${A}
+	unpack ./data.tar.gz
+	rm -f control.tar.gz data.tar.gz debian-binary
+}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f /etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_install() {
+	cp -pPR * "${D}"/ || die
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${D}"/usr/share/ca-certificates
+	find . -name '*.crt' | sort | cut -b3-
+	) > "${D}"/etc/ca-certificates.conf
+
+	mv "${D}"/usr/share/doc/{ca-certificates,${PF}} || die
+	prepalldocs
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ "${ROOT}" = "/" ] ; then
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		update-ca-certificates
+	fi
+
+	local c badcerts=0
+	for c in $(find -L "${ROOT}"etc/ssl/certs/ -type l) ; do
+		ewarn "Broken symlink for a certificate at $c"
+		badcerts=1
+	done
+	if [ $badcerts -eq 1 ]; then
+		ewarn "You MUST remove the above broken symlinks"
+		ewarn "Otherwise any SSL validation that use the directory may fail!"
+		ewarn "To batch-remove them, run:"
+		ewarn "find -L ${ROOT}etc/ssl/certs/ -type l -exec rm {} +"
+	fi
+}