1 files changed, 163 insertions, 0 deletions

diff --git a/debian/config b/debian/config
new file mode 100644
index 0000000..8885f30
--- /dev/null
+++ b/debian/config
@@ -0,0 +1,163 @@
+#!/bin/sh
+# $1 = action ('configure' or 'reconfigure')
+# $2 = current-installed-version
+set -e
+
+action="$1"
+
+if test -f /etc/ca-certificates.conf; then
+  CERTSCONF=/etc/ca-certificates.conf
+else
+  CERTSCONF=/dev/null
+fi
+
+# CERTS_DISABLED: certs that user dont trust
+CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
+
+# CERTS_TRUST: certs that user already trust
+CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
+
+
+# CERTS_AVAILABLE: certs that user can choices
+CERTS_AVAILABLE=""
+
+# CERTS_ENABLED: certs that user already trusted
+CERTS_ENABLED=""
+
+# CERTS_LIST: certs that will be installed
+CERTS_LIST="#INITIAL_CERTS#"
+
+# CERTS_NEW: new certificates that will be installed
+CERTS_NEW=""
+
+members()
+{
+  echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
+  do
+    if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
+      echo match
+    fi
+  done | grep -q match
+}
+
+. /usr/share/debconf/confmodule || exit
+db_version 2.0
+db_capb multiselect
+
+db_settitle ca-certificates/title
+db_input medium ca-certificates/trust_new_crts || true
+db_go
+
+trust_new="yes"
+if db_get ca-certificates/trust_new_crts; then
+  trust_new="$RET"
+fi
+
+seen=false
+if db_fget ca-certificates/enable_crts seen; then
+  seen="$RET"
+fi
+# XXX: in case reconfigure, force to select all available certificates
+if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
+  seen=false
+  trust_new=no
+fi
+
+if test -d /usr/share/ca-certificates; then
+  cd /usr/share/ca-certificates
+  crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
+           echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
+           sort | uniq)
+  for crt in $crts
+  do
+   if test "$CERTS_AVAILABLE" = ""; then
+     CERTS_AVAILABLE="$crt"
+   else
+     CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
+   fi
+   if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then
+     : # echo "I: ignore $crt"
+   elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then
+     # already trusted
+     if test "$CERTS_ENABLED" = ""; then
+       CERTS_ENABLED="$crt"
+     else
+       CERTS_ENABLED="$CERTS_ENABLED, $crt"
+     fi
+   else
+     # new certs?
+     if test "$trust_new" = "yes"; then
+       if test "$CERTS_ENABLED" = ""; then
+          CERTS_ENABLED="$crt"
+       else
+          CERTS_ENABLED="$CERTS_ENABLED, $crt"
+       fi
+     elif test "$trust_new" = "ask"; then
+       if test "$CERTS_NEW" = ""; then
+          CERTS_NEW="$crt"
+       else
+          CERTS_NEW="$CERTS_NEW, $crt"
+       fi
+     else
+	 : # trust_new=no, default disabled
+     fi
+   fi
+  done
+else
+  # initial installation
+  CERTS_AVAILABLE="$CERTS_LIST"
+  CERTS_ENABLED="$CERTS_AVAILABLE"
+  # XXX: ca-certificates/enable_crts should be used, so no need to ask new
+  #     in this session
+  trust_new="yes"
+  CERTS_NEW=""
+fi
+
+enable_crts=""
+if db_get ca-certificates/enable_crts; then
+ enable_crts="$RET"
+fi
+
+new_seen=false
+if db_fget ca-certificates/new_crts seen; then
+  new_seen="$RET"
+fi
+if members "$CERTS_NEW" "$enable_crts"; then
+    # already selected new_crts?
+    new_seen=true
+fi
+db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
+
+if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
+ # XXX: run this again in postinst
+ CERTS_ENABLED="$enable_crts"
+fi
+
+if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
+  # New certificates added
+  db_fset ca-certificates/new_crts seen false
+  db_input critical ca-certificates/new_crts || true
+  db_go
+  
+  if db_get ca-certificates/new_crts; then
+     if test "$CERTS_ENABLED" = ""; then
+        CERTS_ENABLED="$RET"
+     else
+        CERTS_ENABLED="$CERTS_ENABLED, $RET"
+     fi
+  fi
+  # XXX: old certificates keep current state?
+  seen=true
+fi
+# mark seen true, so that dont ask again while postinst 
+db_fset ca-certificates/new_crts seen true
+
+db_set ca-certificates/enable_crts "$CERTS_ENABLED"
+db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
+if test "$seen" != true; then
+  db_fset ca-certificates/enable_crts seen false
+fi
+db_input low ca-certificates/enable_crts || true
+db_go
+
+exit 0