summaryrefslogtreecommitdiffstats
path: root/debian/ca-certificates.postinst
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/ca-certificates.postinst187
1 files changed, 187 insertions, 0 deletions
diff --git a/debian/ca-certificates.postinst b/debian/ca-certificates.postinst
new file mode 100644
index 0000000..68501cf
--- /dev/null
+++ b/debian/ca-certificates.postinst
@@ -0,0 +1,187 @@
+#! /bin/sh
+# postinst script for ca-certificates
+#
+# see: dh_installdeb(1)
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see /usr/share/doc/packaging-manual/
+#
+# quoting from the policy:
+# Any necessary prompting should almost always be confined to the
+# post-installation script, and should be protected with a conditional
+# so that unnecessary prompting doesn't happen if a package's
+# installation fails and the `postinst' is called with `abort-upgrade',
+# `abort-remove' or `abort-deconfigure'.
+
+set -e
+
+each_value() {
+ echo "$1" |tr ',' '\n' | sed -e 's/^[[:space:]]*//'
+}
+
+memberp() {
+ m="$1"
+ l="$2"
+ each_value "$l" | grep -q "^$m\$"
+}
+
+delca() {
+ m="$1"
+ l="$2"
+ echo "$l" |sed -e 's|'"$m"', ||' -e 's|'"$m"'$||' -e 's/,[[:space:]]*,/, /' -e 's/^[[:space:]]*//' -e 's/,[[:space:]]*$//'
+}
+
+case "$1" in
+ configure)
+ if [ ! -e /usr/local/share/ca-certificates ]; then
+ if mkdir -m $(stat -L -c %a /usr/local) /usr/local/share/ca-certificates 2>/dev/null; then
+ chgrp $(stat -L -c %g /usr/local) /usr/local/share/ca-certificates
+ fi
+ # Handle upgrades and allow local admin to override:
+ # e.g. dpkg-statoverride --add root staff 2775 /usr/local/share/ca-certificates
+ elif ! dpkg-statoverride --list /usr/local/share/ca-certificates >/dev/null; then
+ chmod $(stat -L -c %a /usr/local) /usr/local/share/ca-certificates || true
+ chown $(stat -L -c %u /usr/local):$(stat -L -c %g /usr/local) /usr/local/share/ca-certificates || true
+ fi
+
+ . /usr/share/debconf/confmodule
+ db_version 2.0
+ db_capb multiselect
+ db_metaget ca-certificates/enable_crts choices
+ CERTS_AVAILABLE="$RET"
+ db_get ca-certificates/enable_crts
+ CERTS_ENABLED="$RET"
+ # XXX unmark seen for next configuration
+ db_fset ca-certificates/new_crts seen false
+ db_stop || true
+ if test -f /etc/ca-certificates.conf; then
+ # XXX: while in subshell?
+ while read line
+ do
+ if echo "$line" | grep -q '^#'; then
+ echo "$line"
+ else
+ case "$line" in
+ !*) ca=$(echo "$line" | sed -e 's/^!//');;
+ *) ca="$line";;
+ esac
+ if memberp "$ca" "$CERTS_ENABLED"; then
+ echo "$ca"
+ # CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED")
+ elif memberp "$ca" "$CERTS_AVAILABLE" ||
+ echo "$line" | grep -q '^!'; then
+ echo "!$ca"
+ elif [ -f /usr/share/ca-certificates/"$ca" ] || \
+ [ -f /usr/local/share/ca-certificates/"$ca" ]; then
+ echo "$ca"
+ else
+ echo "!$ca"
+ fi
+ # CERTS_AVAILABLE=$(delca "$ca" "$CERTS_AVAILABLE")
+ fi
+ done < /etc/ca-certificates.conf > /etc/ca-certificates.conf.dpkg-new
+ if echo "$CERTS_ENABLED" | egrep -q "^([[:space:]]*,)*[[:space:]]*$"; then
+ :
+ else
+ each_value "$CERTS_ENABLED" | while read ca
+ do
+ if grep -q "^$ca" /etc/ca-certificates.conf.dpkg-new; then
+ :
+ else
+ echo "$ca" >> /etc/ca-certificates.conf.dpkg-new
+ fi
+ done
+ fi
+ each_value "$CERTS_AVAILABLE" | while read ca
+ do
+ if memberp "$ca" "$CERTS_ENABLED"; then
+ :
+ elif grep -q "^!$ca" /etc/ca-certificates.conf.dpkg-new; then
+ :
+ else
+ echo "!$ca" >> /etc/ca-certificates.conf.dpkg-new
+ fi
+ done
+ if cmp -s /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-new; then
+ rm -f /etc/ca-certificates.conf.dpkg-new
+ else
+ mv -f /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-old
+ mv /etc/ca-certificates.conf.dpkg-new /etc/ca-certificates.conf
+ fi
+ else
+ # new file
+ cat > /etc/ca-certificates.conf <<EOF
+# This file lists certificates that you wish to use or to ignore to be
+# installed in /etc/ssl/certs.
+# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
+#
+# This is autogenerated by dpkg-reconfigure ca-certificates.
+# Certificates should be installed under /usr/share/ca-certificates
+# and files with extension '.crt' is recognized as available certs.
+#
+# line begins with # is comment.
+# line begins with ! is certificate filename to be deselected.
+#
+EOF
+ (echo $CERTS_ENABLED | tr ',' '\n'; \
+ echo $CERTS_AVAILABLE | tr ',' '\n') | \
+ sed -e 's/^[[:space:]]*//' | \
+ sort | uniq -c | \
+ sed -e 's/^[[:space:]]*2[[:space:]]*//' \
+ -e 's/^[[:space:]]*1[[:space:]]*/!/' \
+ >> /etc/ca-certificates.conf
+ fi
+ # update /etc/ssl/certs without running the hooks
+ # fix bogus symlink to ca-certificates.crt on upgrades; see
+ # Debian #643667; drop after wheezy
+ if dpkg --compare-versions "$2" lt-nl 20111025; then
+ update-ca-certificates --hooksdir "" --fresh
+ else
+ update-ca-certificates --hooksdir ""
+ fi
+ # deferred update of /etc/ssl/certs including running the hooks
+ dpkg-trigger --no-await update-ca-certificates
+ ;;
+
+ triggered)
+ for trigger in $2; do
+ case "$trigger" in
+ update-ca-certificates)
+ update-ca-certificates
+ ;;
+ update-ca-certificates-fresh)
+ update-ca-certificates --fresh
+ ;;
+ *)
+ echo "postinst called with unknown trigger \`$2'">&2
+ exit 1
+ ;;
+ esac;
+ done;
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+