fix(scripts): accept installed ca-certificates without update-ca-certificates on PATH

[kgarg2468]

Summary

Fix false-negative Linux prerequisite detection for ca-certificates when the package is installed but update-ca-certificates is not on the user PATH (reported on Devuan and similar). Aligns with existing dpkg-based checks in the same script.

Bug

• Issue: #370
• Symptom: ./builder build / ./scripts/compiler-unix.sh fails with ca-certificates: update-ca-certificates not available even when the ca-certificates package is installed.

Steps to Reproduce

1. Use a Linux environment where ca-certificates is installed per dpkg but update-ca-certificates is not available on the invoking user PATH (see issue In certain Debian derivatives and some other Linuxes the ca-certificates check may always fail #370).
2. From repo root: ./scripts/compiler-unix.sh or ./builder build.
3. Observe false failure on ca-certificates.

Root Cause

ca-certificates was validated only indirectly by requiring the update-ca-certificates command to be on PATH, unlike other packages that use dpkg -l ... ^ii in this same function.

Fix

• Add an explicit ca-certificates case: pass if dpkg -l ca-certificates shows ^ii or update-ca-certificates exists on PATH.
• Remove the inner ca-certificates → update-ca-certificates command mapping.

Why This Works

The script already uses dpkg -l with ^ii for *-dev and special-cases like libncurses-dev. Treating ca-certificates the same way matches established intent: verify the installed package, not only a helper binary location.

Testing / Validation

• bash -n scripts/compiler-unix.sh (pass)
• ./builder test --verbose blocked locally: CMake 4.3.0 rejected by macOS prerequisite check (environment issue, not caused by this diff). CI / another machine with supported CMake should run the full pipeline.

Type

• Bug fix

Checklist

• Tests added/updated — N/A: no shell test harness in repo; logic mirrors existing dpkg checks in the same file (libncurses-dev, *-dev).
• Tested locally (bash -n + manual review of branch logic)
• ./builder test pass status — blocked on this host (CMake version gate); no regression expected (Linux-only code path; macOS uses check_mac_dependencies)
• Conventional commit usage
• No secrets/credentials
• Wiki updated (if applicable) — N/A
• Breaking changes documented — None

Related Issues

Fixes #370

[coderabbitai]

Warning

Rate limit exceeded

@kgarg2468 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 12 minutes and 44 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: a44791c6-6521-4dd9-a455-de038a4cfd25

📥 Commits

Reviewing files that changed from the base of the PR and between f11c60c and 1883305.

📒 Files selected for processing (1)

• scripts/compiler-unix.sh

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[MrCsabaToth]

The only issue with this check would be if any of the components would actually try to execute update-ca-certificates, because that would still fail on my system. This might be needed if you are fiddling with some proxies and we are in a web of containers, so if there's any custom cert involved which needs to be added to the system. But possibly maybe the package criteria is to be sure that all the default cert bundle is installed on the system?