diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:10:41 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:10:41 +0000 |
commit | f1aa84046b0e2f317e5278b0e7ca934480bcdfba (patch) | |
tree | 3e3be4f231d328d1f30a1dc96ac819ddec96005f /debian/config | |
parent | Adding upstream version 20240203. (diff) | |
download | ca-certificates-f1aa84046b0e2f317e5278b0e7ca934480bcdfba.tar.xz ca-certificates-f1aa84046b0e2f317e5278b0e7ca934480bcdfba.zip |
Adding debian version 20240203.debian/20240203debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | debian/config | 163 |
1 files changed, 163 insertions, 0 deletions
diff --git a/debian/config b/debian/config new file mode 100644 index 0000000..8885f30 --- /dev/null +++ b/debian/config @@ -0,0 +1,163 @@ +#!/bin/sh +# $1 = action ('configure' or 'reconfigure') +# $2 = current-installed-version +set -e + +action="$1" + +if test -f /etc/ca-certificates.conf; then + CERTSCONF=/etc/ca-certificates.conf +else + CERTSCONF=/dev/null +fi + +# CERTS_DISABLED: certs that user dont trust +CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF) + +# CERTS_TRUST: certs that user already trust +CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF) + + +# CERTS_AVAILABLE: certs that user can choices +CERTS_AVAILABLE="" + +# CERTS_ENABLED: certs that user already trusted +CERTS_ENABLED="" + +# CERTS_LIST: certs that will be installed +CERTS_LIST="#INITIAL_CERTS#" + +# CERTS_NEW: new certificates that will be installed +CERTS_NEW="" + +members() +{ + echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca + do + if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then + echo match + fi + done | grep -q match +} + +. /usr/share/debconf/confmodule || exit +db_version 2.0 +db_capb multiselect + +db_settitle ca-certificates/title +db_input medium ca-certificates/trust_new_crts || true +db_go + +trust_new="yes" +if db_get ca-certificates/trust_new_crts; then + trust_new="$RET" +fi + +seen=false +if db_fget ca-certificates/enable_crts seen; then + seen="$RET" +fi +# XXX: in case reconfigure, force to select all available certificates +if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then + seen=false + trust_new=no +fi + +if test -d /usr/share/ca-certificates; then + cd /usr/share/ca-certificates + crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \ + echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \ + sort | uniq) + for crt in $crts + do + if test "$CERTS_AVAILABLE" = ""; then + CERTS_AVAILABLE="$crt" + else + CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt" + fi + if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then + : # echo "I: ignore $crt" + elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then + # already trusted + if test "$CERTS_ENABLED" = ""; then + CERTS_ENABLED="$crt" + else + CERTS_ENABLED="$CERTS_ENABLED, $crt" + fi + else + # new certs? + if test "$trust_new" = "yes"; then + if test "$CERTS_ENABLED" = ""; then + CERTS_ENABLED="$crt" + else + CERTS_ENABLED="$CERTS_ENABLED, $crt" + fi + elif test "$trust_new" = "ask"; then + if test "$CERTS_NEW" = ""; then + CERTS_NEW="$crt" + else + CERTS_NEW="$CERTS_NEW, $crt" + fi + else + : # trust_new=no, default disabled + fi + fi + done +else + # initial installation + CERTS_AVAILABLE="$CERTS_LIST" + CERTS_ENABLED="$CERTS_AVAILABLE" + # XXX: ca-certificates/enable_crts should be used, so no need to ask new + # in this session + trust_new="yes" + CERTS_NEW="" +fi + +enable_crts="" +if db_get ca-certificates/enable_crts; then + enable_crts="$RET" +fi + +new_seen=false +if db_fget ca-certificates/new_crts seen; then + new_seen="$RET" +fi +if members "$CERTS_NEW" "$enable_crts"; then + # already selected new_crts? + new_seen=true +fi +db_subst ca-certificates/new_crts new_crts "$CERTS_NEW" + +if test "$trust_new" = "ask" && test "$new_seen" = "true"; then + # XXX: run this again in postinst + CERTS_ENABLED="$enable_crts" +fi + +if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then + # New certificates added + db_fset ca-certificates/new_crts seen false + db_input critical ca-certificates/new_crts || true + db_go + + if db_get ca-certificates/new_crts; then + if test "$CERTS_ENABLED" = ""; then + CERTS_ENABLED="$RET" + else + CERTS_ENABLED="$CERTS_ENABLED, $RET" + fi + fi + # XXX: old certificates keep current state? + seen=true +fi +# mark seen true, so that dont ask again while postinst +db_fset ca-certificates/new_crts seen true + +db_set ca-certificates/enable_crts "$CERTS_ENABLED" +db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE" +if test "$seen" != true; then + db_fset ca-certificates/enable_crts seen false +fi +db_input low ca-certificates/enable_crts || true +db_go + +exit 0 |