diff options
Diffstat (limited to 'debian/ca-certificates.postinst')
| -rw-r--r-- | debian/ca-certificates.postinst | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/debian/ca-certificates.postinst b/debian/ca-certificates.postinst new file mode 100644 index 0000000..68501cf --- /dev/null +++ b/debian/ca-certificates.postinst @@ -0,0 +1,187 @@ +#! /bin/sh +# postinst script for ca-certificates +# +# see: dh_installdeb(1) + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see /usr/share/doc/packaging-manual/ +# +# quoting from the policy: +# Any necessary prompting should almost always be confined to the +# post-installation script, and should be protected with a conditional +# so that unnecessary prompting doesn't happen if a package's +# installation fails and the `postinst' is called with `abort-upgrade', +# `abort-remove' or `abort-deconfigure'. + +set -e + +each_value() { + echo "$1" |tr ',' '\n' | sed -e 's/^[[:space:]]*//' +} + +memberp() { + m="$1" + l="$2" + each_value "$l" | grep -q "^$m\$" +} + +delca() { + m="$1" + l="$2" + echo "$l" |sed -e 's|'"$m"', ||' -e 's|'"$m"'$||' -e 's/,[[:space:]]*,/, /' -e 's/^[[:space:]]*//' -e 's/,[[:space:]]*$//' +} + +case "$1" in + configure) + if [ ! -e /usr/local/share/ca-certificates ]; then + if mkdir -m $(stat -L -c %a /usr/local) /usr/local/share/ca-certificates 2>/dev/null; then + chgrp $(stat -L -c %g /usr/local) /usr/local/share/ca-certificates + fi + # Handle upgrades and allow local admin to override: + # e.g. dpkg-statoverride --add root staff 2775 /usr/local/share/ca-certificates + elif ! dpkg-statoverride --list /usr/local/share/ca-certificates >/dev/null; then + chmod $(stat -L -c %a /usr/local) /usr/local/share/ca-certificates || true + chown $(stat -L -c %u /usr/local):$(stat -L -c %g /usr/local) /usr/local/share/ca-certificates || true + fi + + . /usr/share/debconf/confmodule + db_version 2.0 + db_capb multiselect + db_metaget ca-certificates/enable_crts choices + CERTS_AVAILABLE="$RET" + db_get ca-certificates/enable_crts + CERTS_ENABLED="$RET" + # XXX unmark seen for next configuration + db_fset ca-certificates/new_crts seen false + db_stop || true + if test -f /etc/ca-certificates.conf; then + # XXX: while in subshell? + while read line + do + if echo "$line" | grep -q '^#'; then + echo "$line" + else + case "$line" in + !*) ca=$(echo "$line" | sed -e 's/^!//');; + *) ca="$line";; + esac + if memberp "$ca" "$CERTS_ENABLED"; then + echo "$ca" + # CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED") + elif memberp "$ca" "$CERTS_AVAILABLE" || + echo "$line" | grep -q '^!'; then + echo "!$ca" + elif [ -f /usr/share/ca-certificates/"$ca" ] || \ + [ -f /usr/local/share/ca-certificates/"$ca" ]; then + echo "$ca" + else + echo "!$ca" + fi + # CERTS_AVAILABLE=$(delca "$ca" "$CERTS_AVAILABLE") + fi + done < /etc/ca-certificates.conf > /etc/ca-certificates.conf.dpkg-new + if echo "$CERTS_ENABLED" | egrep -q "^([[:space:]]*,)*[[:space:]]*$"; then + : + else + each_value "$CERTS_ENABLED" | while read ca + do + if grep -q "^$ca" /etc/ca-certificates.conf.dpkg-new; then + : + else + echo "$ca" >> /etc/ca-certificates.conf.dpkg-new + fi + done + fi + each_value "$CERTS_AVAILABLE" | while read ca + do + if memberp "$ca" "$CERTS_ENABLED"; then + : + elif grep -q "^!$ca" /etc/ca-certificates.conf.dpkg-new; then + : + else + echo "!$ca" >> /etc/ca-certificates.conf.dpkg-new + fi + done + if cmp -s /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-new; then + rm -f /etc/ca-certificates.conf.dpkg-new + else + mv -f /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-old + mv /etc/ca-certificates.conf.dpkg-new /etc/ca-certificates.conf + fi + else + # new file + cat > /etc/ca-certificates.conf <<EOF +# This file lists certificates that you wish to use or to ignore to be +# installed in /etc/ssl/certs. +# update-ca-certificates(8) will update /etc/ssl/certs by reading this file. +# +# This is autogenerated by dpkg-reconfigure ca-certificates. +# Certificates should be installed under /usr/share/ca-certificates +# and files with extension '.crt' is recognized as available certs. +# +# line begins with # is comment. +# line begins with ! is certificate filename to be deselected. +# +EOF + (echo $CERTS_ENABLED | tr ',' '\n'; \ + echo $CERTS_AVAILABLE | tr ',' '\n') | \ + sed -e 's/^[[:space:]]*//' | \ + sort | uniq -c | \ + sed -e 's/^[[:space:]]*2[[:space:]]*//' \ + -e 's/^[[:space:]]*1[[:space:]]*/!/' \ + >> /etc/ca-certificates.conf + fi + # update /etc/ssl/certs without running the hooks + # fix bogus symlink to ca-certificates.crt on upgrades; see + # Debian #643667; drop after wheezy + if dpkg --compare-versions "$2" lt-nl 20111025; then + update-ca-certificates --hooksdir "" --fresh + else + update-ca-certificates --hooksdir "" + fi + # deferred update of /etc/ssl/certs including running the hooks + dpkg-trigger --no-await update-ca-certificates + ;; + + triggered) + for trigger in $2; do + case "$trigger" in + update-ca-certificates) + update-ca-certificates + ;; + update-ca-certificates-fresh) + update-ca-certificates --fresh + ;; + *) + echo "postinst called with unknown trigger \`$2'">&2 + exit 1 + ;; + esac; + done; + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + |