From eef8ae78bcfdfe7664fb7911a3d3edbba6f57bf5 Mon Sep 17 00:00:00 2001
From: drochner <drochner@pkgsrc.org>
Date: Fri, 10 Jun 2011 16:23:45 +0000
Subject: [PATCH] add a hint for gnupg2 users (as claws-mail with the s/mime
 plugin)

---
 security/mozilla-rootcerts/MESSAGE | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/security/mozilla-rootcerts/MESSAGE b/security/mozilla-rootcerts/MESSAGE
index 68205f16a1ac..2212f38d4383 100644
--- a/security/mozilla-rootcerts/MESSAGE
+++ b/security/mozilla-rootcerts/MESSAGE
@@ -1,5 +1,5 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.2 2011/03/11 21:00:06 drochner Exp $
+$NetBSD: MESSAGE,v 1.3 2011/06/10 16:23:45 drochner Exp $
 
 Execute these commands to extract and rehash all CA root certificates
 distributed by the Mozilla Project, so that they can be used by third
@@ -15,4 +15,13 @@ be used by applications using GnuTLS, do the following:
 	# mkdir -p /etc/ssl/certs
 	# cd /etc/ssl/certs
 	# cat ../../openssl/certs/*.pem >ca-certificates.crt
+
+To mark these certificates as trusted for users of gnupg2, do
+the following (assuming default PKG_SYSCONFBASE and a Bourne shell):
+
+	# mkdir /usr/pkg/etc/gnupg
+	# cd /usr/pkg/etc/gnupg
+	# for c in /etc/openssl/certs/*.pem; do
+	> openssl x509 -in $c -noout -fingerprint|sed 's|^.*=\(.*\)|\1 S|'
+	> done > trustlist.txt
 ===========================================================================