1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
#! /bin/sh
# postinst script for ca-certificates
#
# see: dh_installdeb(1)
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see /usr/share/doc/packaging-manual/
#
# quoting from the policy:
# Any necessary prompting should almost always be confined to the
# post-installation script, and should be protected with a conditional
# so that unnecessary prompting doesn't happen if a package's
# installation fails and the `postinst' is called with `abort-upgrade',
# `abort-remove' or `abort-deconfigure'.
set -e
each_value() {
echo "$1" |tr ',' '\n' | sed -e 's/^[[:space:]]*//'
}
memberp() {
m="$1"
l="$2"
each_value "$l" | grep -q "^$m\$"
}
delca() {
m="$1"
l="$2"
echo "$l" |sed -e 's|'"$m"', ||' -e 's|'"$m"'$||' -e 's/,[[:space:]]*,/, /' -e 's/^[[:space:]]*//' -e 's/,[[:space:]]*$//'
}
case "$1" in
configure)
if [ ! -e /usr/local/share/ca-certificates ]; then
if mkdir -m $(stat -L -c %a /usr/local) /usr/local/share/ca-certificates 2>/dev/null; then
chgrp $(stat -L -c %g /usr/local) /usr/local/share/ca-certificates
fi
# Handle upgrades and allow local admin to override:
# e.g. dpkg-statoverride --add root staff 2775 /usr/local/share/ca-certificates
elif ! dpkg-statoverride --list /usr/local/share/ca-certificates >/dev/null; then
chmod $(stat -L -c %a /usr/local) /usr/local/share/ca-certificates || true
chown $(stat -L -c %u /usr/local):$(stat -L -c %g /usr/local) /usr/local/share/ca-certificates || true
fi
. /usr/share/debconf/confmodule
db_version 2.0
db_capb multiselect
db_metaget ca-certificates/enable_crts choices
CERTS_AVAILABLE="$RET"
db_get ca-certificates/enable_crts
CERTS_ENABLED="$RET"
# XXX unmark seen for next configuration
db_fset ca-certificates/new_crts seen false
db_stop || true
if test -f /etc/ca-certificates.conf; then
# XXX: while in subshell?
while read line
do
if echo "$line" | grep -q '^#'; then
echo "$line"
else
case "$line" in
!*) ca=$(echo "$line" | sed -e 's/^!//');;
*) ca="$line";;
esac
if memberp "$ca" "$CERTS_ENABLED"; then
echo "$ca"
# CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED")
elif memberp "$ca" "$CERTS_AVAILABLE" ||
echo "$line" | grep -q '^!'; then
echo "!$ca"
elif [ -f /usr/share/ca-certificates/"$ca" ] || \
[ -f /usr/local/share/ca-certificates/"$ca" ]; then
echo "$ca"
else
echo "!$ca"
fi
# CERTS_AVAILABLE=$(delca "$ca" "$CERTS_AVAILABLE")
fi
done < /etc/ca-certificates.conf > /etc/ca-certificates.conf.dpkg-new
if echo "$CERTS_ENABLED" | egrep -q "^([[:space:]]*,)*[[:space:]]*$"; then
:
else
each_value "$CERTS_ENABLED" | while read ca
do
if grep -q "^$ca" /etc/ca-certificates.conf.dpkg-new; then
:
else
echo "$ca" >> /etc/ca-certificates.conf.dpkg-new
fi
done
fi
each_value "$CERTS_AVAILABLE" | while read ca
do
if memberp "$ca" "$CERTS_ENABLED"; then
:
elif grep -q "^!$ca" /etc/ca-certificates.conf.dpkg-new; then
:
else
echo "!$ca" >> /etc/ca-certificates.conf.dpkg-new
fi
done
if cmp -s /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-new; then
rm -f /etc/ca-certificates.conf.dpkg-new
else
mv -f /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-old
mv /etc/ca-certificates.conf.dpkg-new /etc/ca-certificates.conf
fi
else
# new file
cat > /etc/ca-certificates.conf <<EOF
# This file lists certificates that you wish to use or to ignore to be
# installed in /etc/ssl/certs.
# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
#
# This is autogenerated by dpkg-reconfigure ca-certificates.
# Certificates should be installed under /usr/share/ca-certificates
# and files with extension '.crt' is recognized as available certs.
#
# line begins with # is comment.
# line begins with ! is certificate filename to be deselected.
#
EOF
(echo $CERTS_ENABLED | tr ',' '\n'; \
echo $CERTS_AVAILABLE | tr ',' '\n') | \
sed -e 's/^[[:space:]]*//' | \
sort | uniq -c | \
sed -e 's/^[[:space:]]*2[[:space:]]*//' \
-e 's/^[[:space:]]*1[[:space:]]*/!/' \
>> /etc/ca-certificates.conf
fi
# update /etc/ssl/certs without running the hooks
# fix bogus symlink to ca-certificates.crt on upgrades; see
# Debian #643667; drop after wheezy
if dpkg --compare-versions "$2" lt-nl 20111025; then
update-ca-certificates --hooksdir "" --fresh
else
update-ca-certificates --hooksdir ""
fi
# deferred update of /etc/ssl/certs including running the hooks
dpkg-trigger --no-await update-ca-certificates
;;
triggered)
for trigger in $2; do
case "$trigger" in
update-ca-certificates)
update-ca-certificates
;;
update-ca-certificates-fresh)
update-ca-certificates --fresh
;;
*)
echo "postinst called with unknown trigger \`$2'">&2
exit 1
;;
esac;
done;
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
|
