ordering fixes

etc/profile-a-l/chromium-common.profile

@@ -9,8 +9,8 @@ include chromium-common.local
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
 
-noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
 noblacklist /usr/lib/chromium/chrome-sandbox
 
 # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser
@@ -24,11 +24,11 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ${HOME}/.pki
 whitelist ${HOME}/.local/share/pki
+whitelist ${HOME}/.pki
 whitelist /usr/share/mozilla/extensions
 whitelist /usr/share/webext
 include whitelist-common.inc

etc/profile-a-l/ephemeral.profile

@@ -9,8 +9,8 @@ include globals.local
 # enforce private-cache
 #noblacklist ${HOME}/.cache/ephemeral
 
-noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
 
 # noexec ${HOME} breaks DRM binaries.
 ?BROWSER_ALLOW_DRM: ignore noexec ${HOME}
@@ -23,12 +23,12 @@ include disable-programs.inc
 
 # enforce private-cache
 #mkdir ${HOME}/.cache/ephemeral
-mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
+mkdir ${HOME}/.pki
 # enforce private-cache
 #whitelist ${HOME}/.cache/ephemeral
-whitelist ${HOME}/.pki
 whitelist ${HOME}/.local/share/pki
+whitelist ${HOME}/.pki
 whitelist ${DOWNLOADS}
 include whitelist-common.inc
 include whitelist-usr-share-common.inc

etc/profile-a-l/ferdi.profile

@@ -9,8 +9,8 @@ ignore noexec /tmp
 
 noblacklist ${HOME}/.cache/Ferdi
 noblacklist ${HOME}/.config/Ferdi
-noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,13 +20,13 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/Ferdi
 mkdir ${HOME}/.config/Ferdi
-mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/Ferdi
 whitelist ${HOME}/.config/Ferdi
-whitelist ${HOME}/.pki
 whitelist ${HOME}/.local/share/pki
+whitelist ${HOME}/.pki
 include whitelist-common.inc
 
 caps.drop all

etc/profile-a-l/firefox-common.profile

@@ -12,8 +12,8 @@ include firefox-common.local
 # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins.
 #include firefox-common-addons.profile
 
-noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,11 +22,11 @@ include disable-interpreters.inc
 include disable-proc.inc
 include disable-programs.inc
 
-mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ${HOME}/.pki
 whitelist ${HOME}/.local/share/pki
+whitelist ${HOME}/.pki
 include whitelist-common.inc
 include whitelist-run-common.inc
 include whitelist-runuser-common.inc

etc/profile-a-l/franz.profile

@@ -9,8 +9,8 @@ ignore noexec /tmp
 
 noblacklist ${HOME}/.cache/Franz
 noblacklist ${HOME}/.config/Franz
-noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -20,13 +20,13 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/Franz
 mkdir ${HOME}/.config/Franz
-mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/Franz
 whitelist ${HOME}/.config/Franz
-whitelist ${HOME}/.pki
 whitelist ${HOME}/.local/share/pki
+whitelist ${HOME}/.pki
 include whitelist-common.inc
 
 caps.drop all

etc/profile-m-z/midori.profile

@@ -12,10 +12,10 @@ include globals.local
 noblacklist ${HOME}/.cache/midori
 noblacklist ${HOME}/.config/midori
 noblacklist ${HOME}/.local/share/midori
+noblacklist ${HOME}/.local/share/pki
 # noblacklist ${HOME}/.local/share/webkit
 # noblacklist ${HOME}/.local/share/webkitgtk
 noblacklist ${HOME}/.pki
-noblacklist ${HOME}/.local/share/pki
 
 noblacklist ${HOME}/.cache/gnome-mplayer
 noblacklist ${HOME}/.config/gnome-mplayer
@@ -31,10 +31,10 @@ include disable-xdg.inc
 mkdir ${HOME}/.cache/midori
 mkdir ${HOME}/.config/midori
 mkdir ${HOME}/.local/share/midori
+mkdir ${HOME}/.local/share/pki
 mkdir ${HOME}/.local/share/webkit
 mkdir ${HOME}/.local/share/webkitgtk
 mkdir ${HOME}/.pki
-mkdir ${HOME}/.local/share/pki
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/gnome-mplayer/plugin
 whitelist ${HOME}/.cache/midori
@@ -42,10 +42,10 @@ whitelist ${HOME}/.config/gnome-mplayer
 whitelist ${HOME}/.config/midori
 whitelist ${HOME}/.lastpass
 whitelist ${HOME}/.local/share/midori
+whitelist ${HOME}/.local/share/pki
 whitelist ${HOME}/.local/share/webkit
 whitelist ${HOME}/.local/share/webkitgtk
 whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
 include whitelist-common.inc
 include whitelist-var-common.inc
 

etc/profile-m-z/otter-browser.profile

@@ -10,8 +10,8 @@ include globals.local
 
 noblacklist ${HOME}/.cache/Otter
 noblacklist ${HOME}/.config/otter
-noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -22,13 +22,13 @@ include disable-xdg.inc
 
 mkdir ${HOME}/.cache/Otter
 mkdir ${HOME}/.config/otter
-mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/Otter
 whitelist ${HOME}/.config/otter
-whitelist ${HOME}/.pki
 whitelist ${HOME}/.local/share/pki
+whitelist ${HOME}/.pki
 whitelist /usr/share/otter-browser
 include whitelist-common.inc
 include whitelist-runuser-common.inc

etc/profile-m-z/rambox.profile

@@ -7,8 +7,8 @@ include rambox.local
 include globals.local
 
 noblacklist ${HOME}/.config/Rambox
-noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -16,12 +16,12 @@ include disable-interpreters.inc
 include disable-programs.inc
 
 mkdir ${HOME}/.config/Rambox
-mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.config/Rambox
-whitelist ${HOME}/.pki
 whitelist ${HOME}/.local/share/pki
+whitelist ${HOME}/.pki
 include whitelist-common.inc
 
 caps.drop all

etc/profile-m-z/seamonkey.profile

@@ -8,8 +8,8 @@ include globals.local
 
 noblacklist ${HOME}/.cache/mozilla
 noblacklist ${HOME}/.mozilla
-noblacklist ${HOME}/.pki
 noblacklist ${HOME}/.local/share/pki
+noblacklist ${HOME}/.pki
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,8 +18,8 @@ include disable-programs.inc
 
 mkdir ${HOME}/.cache/mozilla
 mkdir ${HOME}/.mozilla
-mkdir ${HOME}/.pki
 mkdir ${HOME}/.local/share/pki
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/gnome-mplayer/plugin
 whitelist ${HOME}/.cache/mozilla
@@ -28,11 +28,11 @@ whitelist ${HOME}/.config/pipelight-silverlight5.1
 whitelist ${HOME}/.config/pipelight-widevine
 whitelist ${HOME}/.keysnail.js
 whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/pki
 whitelist ${HOME}/.mozilla
 whitelist ${HOME}/.pentadactyl
 whitelist ${HOME}/.pentadactylrc
 whitelist ${HOME}/.pki
-whitelist ${HOME}/.local/share/pki
 whitelist ${HOME}/.vimperator
 whitelist ${HOME}/.vimperatorrc
 whitelist ${HOME}/.wine-pipelight