From deed92b6e246f5b396b99664f9cd09ae8a1533f7 Mon Sep 17 00:00:00 2001
From: Alexandre CATTEAU <alexandre.catteau@gmail.com>
Date: Mon, 26 Dec 2022 18:59:30 +0100
Subject: [PATCH 1/2] Update install script to correct Debian use case

---
 install.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/install.sh b/install.sh
index cff34ce..63343c6 100755
--- a/install.sh
+++ b/install.sh
@@ -14,10 +14,11 @@ else
   sudo=""
 fi
 
-$sudo cp $run_directory/*.crt /etc/ca-certificates/trust-source/anchors/
 if command -v update-ca-trust > /dev/null; then
+  $sudo cp $run_directory/*.crt /etc/ca-certificates/trust-source/anchors/
   $sudo update-ca-trust
 elif command -v update-ca-certificates > /dev/null; then
+  $sudo cp $run_directory/*.crt /usr/local/share/ca-certificates/
   $sudo update-ca-certificates
 else
   echo "No update-ca binary found. Exiting with error!"

From f08edbcc2a65363cb785fe21cf1f6e1dc18c51ae Mon Sep 17 00:00:00 2001
From: Alexandre CATTEAU <alexandre.catteau@gmail.com>
Date: Mon, 26 Dec 2022 19:37:27 +0100
Subject: [PATCH 2/2] Add specific Debian use case in install script

---
 README.md  | 8 ++++++++
 install.sh | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/README.md b/README.md
index 4daabb5..79ac36f 100644
--- a/README.md
+++ b/README.md
@@ -6,3 +6,11 @@ This repository contains a small setup to automate the delivery of our root cert
 * `kto.crt` is our current only root certificate
 #### Installation
 * `install.sh` copies the certificates to the right location and then reloads the system's certificates
+
+### Firefox
+* On Mint, had to use the following so that Firefox uses system CAs:
+```
+sudo mv /usr/lib/firefox/libnssckbi.so /usr/lib/firefox/libnssckbi.so.bak
+sudo ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so
+```
+* Stil unclear: Will this be overwritten at Firefox update?
diff --git a/install.sh b/install.sh
index 63343c6..362c5cb 100755
--- a/install.sh
+++ b/install.sh
@@ -20,6 +20,9 @@ if command -v update-ca-trust > /dev/null; then
 elif command -v update-ca-certificates > /dev/null; then
   $sudo cp $run_directory/*.crt /usr/local/share/ca-certificates/
   $sudo update-ca-certificates
+elif [ -f /usr/sbin/update-ca-certificates ]; then # Debian...
+  $sudo cp $run_directory/*.crt /usr/local/share/ca-certificates/
+  $sudo update-ca-certificates
 else
   echo "No update-ca binary found. Exiting with error!"
   exit 1