2 # $1 = action ('configure' or 'reconfigure')
3 # $2 = current-installed-version
8 this_version='#VERSION#'
9 pt_BR_fixed_version="20080616"
11 if test -f /etc/ca-certificates.conf; then
12 CERTSCONF=/etc/ca-certificates.conf
17 # CERTS_DISABLED: certs that user dont trust
18 CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
20 # CERTS_TRUST: certs that user already trust
21 CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
24 # CERTS_AVAILABLE: certs that user can choices
27 # CERTS_ENABLED: certs that user already trusted
30 # CERTS_LIST: certs that will be installed
31 CERTS_LIST="#INITIAL_CERTS#"
33 # CERTS_NEW: new certificates that will be installed
38 echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
40 if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
46 . /usr/share/debconf/confmodule || exit
50 db_title "ca-certificates configuration"
51 db_input medium ca-certificates/trust_new_crts || true
55 if db_get ca-certificates/trust_new_crts; then
60 if db_fget ca-certificates/enable_crts seen; then
63 # XXX: in case reconfigure, force to select all available certificates
64 if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
69 if test -d /usr/share/ca-certificates; then
70 cd /usr/share/ca-certificates
71 crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
72 echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
76 if test "$CERTS_AVAILABLE" = ""; then
77 CERTS_AVAILABLE="$crt"
79 CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
81 if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then
82 : # echo "I: ignore $crt"
83 elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then
85 if test "$CERTS_ENABLED" = ""; then
88 CERTS_ENABLED="$CERTS_ENABLED, $crt"
92 if test "$trust_new" = "yes"; then
93 if test "$CERTS_ENABLED" = ""; then
96 CERTS_ENABLED="$CERTS_ENABLED, $crt"
98 elif test "$trust_new" = "ask"; then
99 if test "$CERTS_NEW" = ""; then
102 CERTS_NEW="$CERTS_NEW, $crt"
105 : # trust_new=no, default disabled
110 # initial installation
111 CERTS_AVAILABLE="$CERTS_LIST"
112 CERTS_ENABLED="$CERTS_AVAILABLE"
113 # XXX: ca-certificates/enable_crts should be used, so no need to ask new
120 if db_get ca-certificates/enable_crts; then
125 if dpkg --compare-versions "$cur_version" lt 20040808; then
126 db_fset ca-certificates/new_crts seen false
128 if db_fget ca-certificates/new_crts seen; then
131 if members "$CERTS_NEW" "$enable_crts"; then
132 # already selected new_crts?
135 db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
137 if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
138 # XXX: run this again in postinst
139 CERTS_ENABLED="$enable_crts"
142 if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
143 # New certificates added
144 db_fset ca-certificates/new_crts seen false
145 db_title "ca-certificates configuration"
146 db_input critical ca-certificates/new_crts || true
149 if db_get ca-certificates/new_crts; then
150 if test "$CERTS_ENABLED" = ""; then
153 CERTS_ENABLED="$CERTS_ENABLED, $RET"
156 # XXX: old certificates keep current state?
159 # mark seen true, so that dont ask again while postinst
160 db_fset ca-certificates/new_crts seen true
162 # Ideally, we would be able to ask debconf for the language it's using, or
163 # at least have a shell binding for setlocale(). Since we don't, we have to
166 current_lc_messages="$(eval `locale`; echo "$LC_MESSAGES")"
172 case "$current_lc_messages" in
184 if dpkg --compare-versions "$cur_version" lt-nl "$pt_BR_fixed_version"; then
186 if db_fget ca-certificates/enable_crts asked_pt_br_question; then
189 if [ "$asked" != "true" ]; then
190 if [ -e "/etc/ssl/certs/ca-certificates.crt" ] && [ ! -s "/etc/ssl/certs/ca-certificates.crt" ]; then
192 if db_fget ca-certificates/enable_crts seen; then
195 if [ "$pt_seen" = "false" ]; then
196 CERTS_ENABLED="$CERTS_AVAILABLE"
199 CERTS_ENABLED="$CERTS_AVAILABLE"
210 if [ "$set_values" = "true" ]; then
211 db_set ca-certificates/enable_crts "$CERTS_ENABLED"
212 db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
213 if test "$seen" != true; then
214 db_fset ca-certificates/enable_crts seen false
216 db_title "ca-certificates configuration"
217 db_input $PRIO ca-certificates/enable_crts || true
220 if [ "$PRIO" = "critical" ]; then
221 db_fset ca-certificates/enable_crts asked_pt_br_question true