mirror of
https://git.launchpad.net/ubuntu/+source/ca-certificates
synced 2025-04-13 09:38:26 +00:00
149 lines
4.4 KiB
Bash
149 lines
4.4 KiB
Bash
#! /bin/sh -e
|
|
# postinst script for ca-certificates
|
|
#
|
|
# see: dh_installdeb(1)
|
|
|
|
# summary of how this script can be called:
|
|
# * <postinst> `configure' <most-recently-configured-version>
|
|
# * <old-postinst> `abort-upgrade' <new version>
|
|
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
|
|
# <new-version>
|
|
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
|
|
# <failed-install-package> <version> `removing'
|
|
# <conflicting-package> <version>
|
|
# for details, see /usr/share/doc/packaging-manual/
|
|
#
|
|
# quoting from the policy:
|
|
# Any necessary prompting should almost always be confined to the
|
|
# post-installation script, and should be protected with a conditional
|
|
# so that unnecessary prompting doesn't happen if a package's
|
|
# installation fails and the `postinst' is called with `abort-upgrade',
|
|
# `abort-remove' or `abort-deconfigure'.
|
|
|
|
each_value() {
|
|
echo "$l" |tr ',' '\n' | sed -e 's/^[[:space:]]*//'
|
|
}
|
|
|
|
memberp() {
|
|
m="$1"
|
|
l="$2"
|
|
each_value "$1" | grep -q "^$m\$"
|
|
}
|
|
|
|
delca() {
|
|
m="$1"
|
|
l="$2"
|
|
echo "$l" |sed -e 's|'"$m"', ||' -e 's|'"$m"'$||' -e 's/,[[:space:]]*,/, /' -e 's/^[[:space:]]*//' -e 's/,[[:space:]]*$//'
|
|
}
|
|
|
|
case "$1" in
|
|
configure)
|
|
if dpkg --compare-versions "$2" lt 20030414; then
|
|
# remove old *.pem files that ca-certificates installed
|
|
(cd /etc/ssl/certs; rm -f $(cat /usr/share/doc/ca-certificates/oldpemfiles))
|
|
fi
|
|
. /usr/share/debconf/confmodule
|
|
db_version 2.0
|
|
db_capb multiselect
|
|
db_metaget ca-certificates/enable_crts choices
|
|
CERTS_AVAILABLE="$RET"
|
|
db_get ca-certificates/enable_crts
|
|
CERTS_ENABLED="$RET"
|
|
# XXX unmark seen for next configuration
|
|
db_fset ca-certificates/new_crts seen false
|
|
# We should clean up this value now, as everyone will have
|
|
# upgraded to a fixed version.
|
|
db_fset ca-certificates/enable_crts asked_pt_br_question false
|
|
db_stop || true
|
|
if test -f /etc/ca-certificates.conf; then
|
|
# XXX: while in subshell?
|
|
while read line
|
|
do
|
|
if echo "$line" | grep -q '^#'; then
|
|
echo "$line"
|
|
else
|
|
case "$line" in
|
|
!*) ca=$(echo "$line" | sed -e 's/^!//');;
|
|
*) ca="$line";;
|
|
esac
|
|
if memberp "$ca" "$CERTS_ENABLED"; then
|
|
echo "$ca"
|
|
# CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED")
|
|
else
|
|
echo "!$ca"
|
|
fi
|
|
# CERTS_AVAILABLE=$(delca "$ca" "$CERTS_AVAILABLE")
|
|
fi
|
|
done < /etc/ca-certificates.conf > /etc/ca-certificates.conf.dpkg-new
|
|
if echo "$CERTS_ENABLED" | egrep -q "^([[:space:]]*,)*[[:space:]]*$"; then
|
|
:
|
|
else
|
|
each_value "$CERTS_ENABLED" | while read ca
|
|
do
|
|
if grep -q "^$ca" /etc/ca-certificates.conf.dpkg-new; then
|
|
:
|
|
else
|
|
echo "$ca" >> /etc/ca-certificates.conf.dpkg-new
|
|
fi
|
|
done
|
|
fi
|
|
each_value "$CERTS_AVAILABLE" | while read ca
|
|
do
|
|
if memberp "$ca" "$CERTS_ENABLED"; then
|
|
:
|
|
elif grep -q "^!$ca" /etc/ca-certificates.conf.dpkg-new; then
|
|
:
|
|
else
|
|
echo "!$ca" >> /etc/ca-certificates.conf.dpkg-new
|
|
fi
|
|
done
|
|
if cmp -s /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-new; then
|
|
rm -f /etc/ca-certificates.conf.dpkg-new
|
|
else
|
|
mv -f /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-old
|
|
mv /etc/ca-certificates.conf.dpkg-new /etc/ca-certificates.conf
|
|
fi
|
|
else
|
|
# new file
|
|
cat > /etc/ca-certificates.conf <<EOF
|
|
# This file lists certificates that you wish to use or to ignore to be
|
|
# installed in /etc/ssl/certs.
|
|
# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
|
|
#
|
|
# This is autogenerated by dpkg-reconfigure ca-certificates.
|
|
# Certificates should be installed under /usr/share/ca-certificates
|
|
# and files with extension '.crt' is recognized as available certs.
|
|
#
|
|
# line begins with # is comment.
|
|
# line begins with ! is certificate filename to be deselected.
|
|
#
|
|
EOF
|
|
(echo $CERTS_ENABLED | tr ',' '\n'; \
|
|
echo $CERTS_AVAILABLE | tr ',' '\n') | \
|
|
sed -e 's/^[[:space:]]*//' | \
|
|
sort | uniq -c | \
|
|
sed -e 's/^[[:space:]]*2[[:space:]]*//' \
|
|
-e 's/^[[:space:]]*1[[:space:]]*/!/' \
|
|
>> /etc/ca-certificates.conf
|
|
fi
|
|
update-ca-certificates
|
|
;;
|
|
|
|
abort-upgrade|abort-remove|abort-deconfigure)
|
|
|
|
;;
|
|
|
|
*)
|
|
echo "postinst called with unknown argument \`$1'" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# dh_installdeb will replace this with shell code automatically
|
|
# generated by other debhelper scripts.
|
|
|
|
#DEBHELPER#
|
|
|
|
exit 0
|
|
|
|
|