ca-certificates/debian/config

#!/bin/sh
# $1 = action ('configure')
# $2 = current-installed-version
set -e

this_version='20030924'

if test -f /etc/ca-certificates.conf; then
  CERTSCONF=/etc/ca-certificates.conf
else
  CERTSCONF=/dev/null
fi

# CERTS_DISABLED: certs that user dont trust
CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)

# CERTS_TRUST: certs that user already trust
CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)

# CERTS_AVAILABLE: certs that user can choices
CERTS_AVAILABLE=""

# CERTS_ENABLED: certs that user already trusted
CERTS_ENABLED=""

# CERTS_LIST: certs that will be installed
CERTS_LIST="spi-inc.org/spi-ca.crt, debian.org/db.debian.org.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/Entrust.net_Global_Secure_Personal_CA.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_1_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_2_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/Verisign_Secure_Server_OCSP_Responder.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/beTRUSTed_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt"

# CERTS_NEW: new certificates that will be installed
CERTS_NEW=""

. /usr/share/debconf/confmodule || exit
db_version 2.0
db_capb multiselect

db_title "ca-certificates configuration"
db_input medium ca-certificates/trust_new_crts || true
db_go

trust_new="ask"
if db_get ca-certificates/trust_new_crts; then
  trust_new="$RET"
fi

if test -d /usr/share/ca-certificates; then
  cd /usr/share/ca-certificates
  for crt in $(find . -type f -name '*.crt' -print)
  do
   crt=$(echo $crt | sed -e 's/^\.\///')
   if test "$CERTS_AVAILABLE" = ""; then
     CERTS_AVAILABLE="$crt"
   else
     CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
   fi
   if echo "$CERTS_DISABLED" | fgrep -q -x "$crt" > /dev/null 2>&1; then
     : # echo "I: ignore $crt"
   elif echo "$CERTS_TRUST" | fgrep -q -x "$crt" > /dev/null 2>&1; then
     # already trusted
     if test "$CERTS_ENABLED" = ""; then
       CERTS_ENABLED="$crt"
     else
       CERTS_ENABLED="$CERTS_ENABLED, $crt"
     fi
   else
     # new certs?
     if test "$trust_new" = "yes"; then
       if test "$CERTS_ENABLED" = ""; then
          CERTS_ENABLED="$crt"
       else
          CERTS_ENABLED="$CERTS_ENABLED, $crt"
       fi
     elif test "$trust_new" = "ask"; then
       if test "$CERTS_NEW" = ""; then
          CERTS_NEW="$crt"
       else
          CERTS_NEW="$CERTS_NEW, $crt"
       fi
     else
	 : # trust_new=no, default disabled
     fi
   fi
  done
else
  # initial installation
  CERTS_AVAILABLE="$CERTS_LIST"
  CERTS_ENABLED="$CERTS_AVAILABLE"
  # XXX: ca-certificates/enable_crts should be used, so no need to ask new
  #     in this session
  trust_new="yes"
  CERTS_NEW=""
fi

seen=false
if db_get ca-certificates/enable_crts; then
 if (echo "$RET"; echo "$CERTS_ENABLED") | tr ',' '\n' | \
   sed -e 's/^[[:space:]]*//' | sort | uniq -c | grep -q "^[[:space:]]*1"; then
   seen=false
 else
   seen=true
 fi
fi

# XXX: in case reconfigure, force to select all available certificates
if dpkg --compare-versions "$2" eq "$this_version"; then
  seen=false
  trust_new=no
fi

if test "$trust_new" = "ask" && test "$CERTS_NEW" != ""; then
  # New certificates added
  db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
  db_fset ca-certificates/new_crts seen false
  db_title "ca-certificates configuration"
  db_input critical ca-certificates/new_crts || true
  db_go
  
  if db_get ca-certificates/new_crts; then
     if test "$CERTS_ENABLED" = ""; then
        CERTS_ENABLED="$RET"
     else
        CERTS_ENABLED="$CERTS_ENABLED, $RET"
     fi
  fi
  # XXX: old certificates keep current state?
  seen=true
fi

db_set ca-certificates/enable_crts "$CERTS_ENABLED"
db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
if test "$seen" != true; then
 db_fset ca-certificates/enable_crts seen false
fi
db_title "ca-certificates configuration"
db_input medium ca-certificates/enable_crts || true
db_go
exit 0
20031007 (patches unapplied) Imported using git-ubuntu import. 2003-10-07 03:06:06 +09:00			`#!/bin/sh`
			`# $1 = action ('configure')`
			`# $2 = current-installed-version`
			`set -e`

			`this_version='20030924'`

			`if test -f /etc/ca-certificates.conf; then`
			`CERTSCONF=/etc/ca-certificates.conf`
			`else`
			`CERTSCONF=/dev/null`
			`fi`

			`# CERTS_DISABLED: certs that user dont trust`
			`CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)`

			`# CERTS_TRUST: certs that user already trust`
			`CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)`

			`# CERTS_AVAILABLE: certs that user can choices`
			`CERTS_AVAILABLE=""`

			`# CERTS_ENABLED: certs that user already trusted`
			`CERTS_ENABLED=""`

			`# CERTS_LIST: certs that will be installed`
			CERTS_LIST="spi-inc.org/spi-ca.crt, debian.org/db.debian.org.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/Entrust.net_Global_Secure_Personal_CA.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_1_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_2_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/Verisign_Secure_Server_OCSP_Responder.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/beTRUSTed_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt"

			`# CERTS_NEW: new certificates that will be installed`
			`CERTS_NEW=""`

			`. /usr/share/debconf/confmodule \|\| exit`
			`db_version 2.0`
			`db_capb multiselect`

			`db_title "ca-certificates configuration"`
			`db_input medium ca-certificates/trust_new_crts \|\| true`
			`db_go`

			`trust_new="ask"`
			`if db_get ca-certificates/trust_new_crts; then`
			`trust_new="$RET"`
			`fi`

			`if test -d /usr/share/ca-certificates; then`
			`cd /usr/share/ca-certificates`
			`for crt in $(find . -type f -name '*.crt' -print)`
			`do`
			`crt=$(echo $crt \| sed -e 's/^\.\///')`
			`if test "$CERTS_AVAILABLE" = ""; then`
			`CERTS_AVAILABLE="$crt"`
			`else`
			`CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"`
			`fi`
			`if echo "$CERTS_DISABLED" \| fgrep -q -x "$crt" > /dev/null 2>&1; then`
			`: # echo "I: ignore $crt"`
			`elif echo "$CERTS_TRUST" \| fgrep -q -x "$crt" > /dev/null 2>&1; then`
			`# already trusted`
			`if test "$CERTS_ENABLED" = ""; then`
			`CERTS_ENABLED="$crt"`
			`else`
			`CERTS_ENABLED="$CERTS_ENABLED, $crt"`
			`fi`
			`else`
			`# new certs?`
			`if test "$trust_new" = "yes"; then`
			`if test "$CERTS_ENABLED" = ""; then`
			`CERTS_ENABLED="$crt"`
			`else`
			`CERTS_ENABLED="$CERTS_ENABLED, $crt"`
			`fi`
			`elif test "$trust_new" = "ask"; then`
			`if test "$CERTS_NEW" = ""; then`
			`CERTS_NEW="$crt"`
			`else`
			`CERTS_NEW="$CERTS_NEW, $crt"`
			`fi`
			`else`
			`: # trust_new=no, default disabled`
			`fi`
			`fi`
			`done`
			`else`
			`# initial installation`
			`CERTS_AVAILABLE="$CERTS_LIST"`
			`CERTS_ENABLED="$CERTS_AVAILABLE"`
			`# XXX: ca-certificates/enable_crts should be used, so no need to ask new`
			`# in this session`
			`trust_new="yes"`
			`CERTS_NEW=""`
			`fi`

			`seen=false`
			`if db_get ca-certificates/enable_crts; then`
			`if (echo "$RET"; echo "$CERTS_ENABLED") \| tr ',' '\n' \| \`
			`sed -e 's/^[[:space:]]//' \| sort \| uniq -c \| grep -q "^[[:space:]]1"; then`
			`seen=false`
			`else`
			`seen=true`
			`fi`
			`fi`

			`# XXX: in case reconfigure, force to select all available certificates`
			`if dpkg --compare-versions "$2" eq "$this_version"; then`
			`seen=false`
			`trust_new=no`
			`fi`

			`if test "$trust_new" = "ask" && test "$CERTS_NEW" != ""; then`
			`# New certificates added`
			`db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"`
			`db_fset ca-certificates/new_crts seen false`
			`db_title "ca-certificates configuration"`
			`db_input critical ca-certificates/new_crts \|\| true`
			`db_go`

			`if db_get ca-certificates/new_crts; then`
			`if test "$CERTS_ENABLED" = ""; then`
			`CERTS_ENABLED="$RET"`
			`else`
			`CERTS_ENABLED="$CERTS_ENABLED, $RET"`
			`fi`
			`fi`
			`# XXX: old certificates keep current state?`
			`seen=true`
			`fi`

			`db_set ca-certificates/enable_crts "$CERTS_ENABLED"`
			`db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"`
			`if test "$seen" != true; then`
			`db_fset ca-certificates/enable_crts seen false`
			`fi`
			`db_title "ca-certificates configuration"`
			`db_input medium ca-certificates/enable_crts \|\| true`
			`db_go`
			`exit 0`