public-mirrors/ca-certificates
1
0
Fork 0
mirror of https://git.launchpad.net/ubuntu/+source/ca-certificates synced 2025-04-13 09:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
ca-certificates/debian/config
Michael Shuler 3c76ee06a5 20111211 (patches unapplied) 
Imported using git-ubuntu import.
2011-12-15 03:21:43 +00:00

223 lines
12 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/sh
# $1 = action ('configure' or 'reconfigure')
# $2 = current-installed-version
set -e
action="$1"
cur_version="$2"
this_version='20111025.4'
pt_BR_fixed_version="20080616"
if test -f /etc/ca-certificates.conf; then
CERTSCONF=/etc/ca-certificates.conf
else
CERTSCONF=/dev/null
fi
# CERTS_DISABLED: certs that user dont trust
CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
# CERTS_TRUST: certs that user already trust
CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
# CERTS_AVAILABLE: certs that user can choices
CERTS_AVAILABLE=""
# CERTS_ENABLED: certs that user already trusted
CERTS_ENABLED=""
# CERTS_LIST: certs that will be installed
CERTS_LIST="debconf.org/ca.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/TC_TrustCenter_Class_3_CA_II.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Secure_Global_CA.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/CNNIC_ROOT.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/ACEDICOM_Root.crt, mozilla/Microsec_e-Szigno_Root_CA.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/ApplicationCA_-_Japanese_Government.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/Equifax_Secure_CA.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Certigna.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/AffirmTrust_Premium.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/Certinomis_-_Autorité_Racine.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/AddTrust_External_Root.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt, mozilla/Certum_Root_CA.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/SecureTrust_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/TC_TrustCenter_Universal_CA_III.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/Juur-SK.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/CA_Disig.crt, mozilla/Security_Communication_EV_RootCA1.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/IGC_A.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/Izenpe.com.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Buypass_Class_2_CA_1.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/TC_TrustCenter_Universal_CA_I.crt, mozilla/ComSign_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/Thawte_Server_CA.crt, mozilla/Root_CA_Generalitat_Valenciana.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/AC_Raíz_Certicámara_S.A..crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/AffirmTrust_Networking.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/SecureSign_RootCA11.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/A-Trust-nQual-03.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/ComSign_Secured_CA.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/TC_TrustCenter_Class_2_CA_II.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/Taiwan_GRCA.crt, mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/WellsSecure_Public_Root_Certificate_Authority.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/Buypass_Class_3_CA_1.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, cacert.org/cacert.org.crt, spi-inc.org/spi-ca-2003.crt, spi-inc.org/spi-cacert-2008.crt"
# CERTS_NEW: new certificates that will be installed
CERTS_NEW=""
members()
{
echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
do
if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
echo match
fi
done | grep -q match
}
. /usr/share/debconf/confmodule || exit
db_version 2.0
db_capb multiselect
db_settitle ca-certificates/title
db_input medium ca-certificates/trust_new_crts || true
db_go
trust_new="yes"
if db_get ca-certificates/trust_new_crts; then
trust_new="$RET"
fi
seen=false
if db_fget ca-certificates/enable_crts seen; then
seen="$RET"
fi
# XXX: in case reconfigure, force to select all available certificates
if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
seen=false
trust_new=no
fi
if test -d /usr/share/ca-certificates; then
cd /usr/share/ca-certificates
crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
sort | uniq)
for crt in $crts
do
if test "$CERTS_AVAILABLE" = ""; then
CERTS_AVAILABLE="$crt"
else
CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
fi
if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then
: # echo "I: ignore $crt"
elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then
# already trusted
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$crt"
else
CERTS_ENABLED="$CERTS_ENABLED, $crt"
fi
else
# new certs?
if test "$trust_new" = "yes"; then
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$crt"
else
CERTS_ENABLED="$CERTS_ENABLED, $crt"
fi
elif test "$trust_new" = "ask"; then
if test "$CERTS_NEW" = ""; then
CERTS_NEW="$crt"
else
CERTS_NEW="$CERTS_NEW, $crt"
fi
else
: # trust_new=no, default disabled
fi
fi
done
else
# initial installation
CERTS_AVAILABLE="$CERTS_LIST"
CERTS_ENABLED="$CERTS_AVAILABLE"
# XXX: ca-certificates/enable_crts should be used, so no need to ask new
# in this session
trust_new="yes"
CERTS_NEW=""
fi
enable_crts=""
if db_get ca-certificates/enable_crts; then
enable_crts="$RET"
fi
new_seen=false
if dpkg --compare-versions "$cur_version" lt 20040808; then
db_fset ca-certificates/new_crts seen false
fi
if db_fget ca-certificates/new_crts seen; then
new_seen="$RET"
fi
if members "$CERTS_NEW" "$enable_crts"; then
# already selected new_crts?
new_seen=true
fi
db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
# XXX: run this again in postinst
CERTS_ENABLED="$enable_crts"
fi
if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
# New certificates added
db_fset ca-certificates/new_crts seen false
db_input critical ca-certificates/new_crts || true
db_go
if db_get ca-certificates/new_crts; then
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$RET"
else
CERTS_ENABLED="$CERTS_ENABLED, $RET"
fi
fi
# XXX: old certificates keep current state?
seen=true
fi
# mark seen true, so that dont ask again while postinst
db_fset ca-certificates/new_crts seen true
# Ideally, we would be able to ask debconf for the language it's using, or
# at least have a shell binding for setlocale(). Since we don't, we have to
# do it all by hand.
is_pt_BR () {
current_lc_messages="$(eval `locale`; echo "$LC_MESSAGES")"
case "$LANGUAGE" in
pt_BR*)
return 0
;;
*)
case "$current_lc_messages" in
pt_BR*)
return 0
;;
esac
esac
return 1
}
PRIO=low
set_values=true
if dpkg --compare-versions "$cur_version" lt-nl "$pt_BR_fixed_version"; then
asked="false"
if db_fget ca-certificates/enable_crts asked_pt_br_question; then
asked="$RET"
fi
if [ "$asked" != "true" ]; then
if [ -e "/etc/ssl/certs/ca-certificates.crt" ] && [ ! -s "/etc/ssl/certs/ca-certificates.crt" ]; then
pt_seen="false"
if db_fget ca-certificates/enable_crts seen; then
pt_seen="$RET"
fi
if [ "$pt_seen" = "false" ]; then
CERTS_ENABLED="$CERTS_AVAILABLE"
elif is_pt_BR; then
PRIO=critical
CERTS_ENABLED="$CERTS_AVAILABLE"
seen=false
else
seen=true
fi
fi
else
set_values=false
fi
fi
if [ "$set_values" = "true" ]; then
db_set ca-certificates/enable_crts "$CERTS_ENABLED"
db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
if test "$seen" != true; then
db_fset ca-certificates/enable_crts seen false
fi
db_input $PRIO ca-certificates/enable_crts || true
db_go
if [ "$PRIO" = "critical" ]; then
db_fset ca-certificates/enable_crts asked_pt_br_question true
fi
fi
exit 0
Reference in a new issue View git blame Copy permalink