summaryrefslogtreecommitdiffstats
path: root/debian/config
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:10:41 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:10:41 +0000
commitf1aa84046b0e2f317e5278b0e7ca934480bcdfba (patch)
tree3e3be4f231d328d1f30a1dc96ac819ddec96005f /debian/config
parentAdding upstream version 20240203. (diff)
downloadca-certificates-debian.tar.xz
ca-certificates-debian.zip
Adding debian version 20240203.debian/20240203debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/config163
1 files changed, 163 insertions, 0 deletions
diff --git a/debian/config b/debian/config
new file mode 100644
index 0000000..8885f30
--- /dev/null
+++ b/debian/config
@@ -0,0 +1,163 @@
+#!/bin/sh
+# $1 = action ('configure' or 'reconfigure')
+# $2 = current-installed-version
+set -e
+
+action="$1"
+
+if test -f /etc/ca-certificates.conf; then
+ CERTSCONF=/etc/ca-certificates.conf
+else
+ CERTSCONF=/dev/null
+fi
+
+# CERTS_DISABLED: certs that user dont trust
+CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
+
+# CERTS_TRUST: certs that user already trust
+CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
+
+
+# CERTS_AVAILABLE: certs that user can choices
+CERTS_AVAILABLE=""
+
+# CERTS_ENABLED: certs that user already trusted
+CERTS_ENABLED=""
+
+# CERTS_LIST: certs that will be installed
+CERTS_LIST="#INITIAL_CERTS#"
+
+# CERTS_NEW: new certificates that will be installed
+CERTS_NEW=""
+
+members()
+{
+ echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
+ do
+ if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
+ echo match
+ fi
+ done | grep -q match
+}
+
+. /usr/share/debconf/confmodule || exit
+db_version 2.0
+db_capb multiselect
+
+db_settitle ca-certificates/title
+db_input medium ca-certificates/trust_new_crts || true
+db_go
+
+trust_new="yes"
+if db_get ca-certificates/trust_new_crts; then
+ trust_new="$RET"
+fi
+
+seen=false
+if db_fget ca-certificates/enable_crts seen; then
+ seen="$RET"
+fi
+# XXX: in case reconfigure, force to select all available certificates
+if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
+ seen=false
+ trust_new=no
+fi
+
+if test -d /usr/share/ca-certificates; then
+ cd /usr/share/ca-certificates
+ crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
+ echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
+ sort | uniq)
+ for crt in $crts
+ do
+ if test "$CERTS_AVAILABLE" = ""; then
+ CERTS_AVAILABLE="$crt"
+ else
+ CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
+ fi
+ if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then
+ : # echo "I: ignore $crt"
+ elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then
+ # already trusted
+ if test "$CERTS_ENABLED" = ""; then
+ CERTS_ENABLED="$crt"
+ else
+ CERTS_ENABLED="$CERTS_ENABLED, $crt"
+ fi
+ else
+ # new certs?
+ if test "$trust_new" = "yes"; then
+ if test "$CERTS_ENABLED" = ""; then
+ CERTS_ENABLED="$crt"
+ else
+ CERTS_ENABLED="$CERTS_ENABLED, $crt"
+ fi
+ elif test "$trust_new" = "ask"; then
+ if test "$CERTS_NEW" = ""; then
+ CERTS_NEW="$crt"
+ else
+ CERTS_NEW="$CERTS_NEW, $crt"
+ fi
+ else
+ : # trust_new=no, default disabled
+ fi
+ fi
+ done
+else
+ # initial installation
+ CERTS_AVAILABLE="$CERTS_LIST"
+ CERTS_ENABLED="$CERTS_AVAILABLE"
+ # XXX: ca-certificates/enable_crts should be used, so no need to ask new
+ # in this session
+ trust_new="yes"
+ CERTS_NEW=""
+fi
+
+enable_crts=""
+if db_get ca-certificates/enable_crts; then
+ enable_crts="$RET"
+fi
+
+new_seen=false
+if db_fget ca-certificates/new_crts seen; then
+ new_seen="$RET"
+fi
+if members "$CERTS_NEW" "$enable_crts"; then
+ # already selected new_crts?
+ new_seen=true
+fi
+db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
+
+if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
+ # XXX: run this again in postinst
+ CERTS_ENABLED="$enable_crts"
+fi
+
+if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
+ # New certificates added
+ db_fset ca-certificates/new_crts seen false
+ db_input critical ca-certificates/new_crts || true
+ db_go
+
+ if db_get ca-certificates/new_crts; then
+ if test "$CERTS_ENABLED" = ""; then
+ CERTS_ENABLED="$RET"
+ else
+ CERTS_ENABLED="$CERTS_ENABLED, $RET"
+ fi
+ fi
+ # XXX: old certificates keep current state?
+ seen=true
+fi
+# mark seen true, so that dont ask again while postinst
+db_fset ca-certificates/new_crts seen true
+
+db_set ca-certificates/enable_crts "$CERTS_ENABLED"
+db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
+if test "$seen" != true; then
+ db_fset ca-certificates/enable_crts seen false
+fi
+db_input low ca-certificates/enable_crts || true
+db_go
+
+exit 0