2 # postinst script for ca-certificates
4 # see: dh_installdeb(1)
6 # summary of how this script can be called:
7 # * <postinst> `configure' <most-recently-configured-version>
8 # * <old-postinst> `abort-upgrade' <new version>
9 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
11 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
12 # <failed-install-package> <version> `removing'
13 # <conflicting-package> <version>
14 # for details, see /usr/share/doc/packaging-manual/
16 # quoting from the policy:
17 # Any necessary prompting should almost always be confined to the
18 # post-installation script, and should be protected with a conditional
19 # so that unnecessary prompting doesn't happen if a package's
20 # installation fails and the `postinst' is called with `abort-upgrade',
21 # `abort-remove' or `abort-deconfigure'.
26 echo "$1" |tr ',' '\n' | sed -e 's/^[[:space:]]*//'
32 each_value "$l" | grep -q "^$m\$"
38 echo "$l" |sed -e 's|'"$m"', ||' -e 's|'"$m"'$||' -e 's/,[[:space:]]*,/, /' -e 's/^[[:space:]]*//' -e 's/,[[:space:]]*$//'
43 if [ ! -e /usr/local/share/ca-certificates ]
45 if mkdir /usr/local/share/ca-certificates 2>/dev/null
47 chown root:staff /usr/local/share/ca-certificates
48 chmod 2775 /usr/local/share/ca-certificates
52 . /usr/share/debconf/confmodule
55 db_metaget ca-certificates/enable_crts choices
56 CERTS_AVAILABLE="$RET"
57 db_get ca-certificates/enable_crts
59 # XXX unmark seen for next configuration
60 db_fset ca-certificates/new_crts seen false
61 # We should clean up this value now, as everyone will have
62 # upgraded to a fixed version.
63 db_fset ca-certificates/enable_crts asked_pt_br_question false
65 if test -f /etc/ca-certificates.conf; then
66 # XXX: while in subshell?
69 if echo "$line" | grep -q '^#'; then
73 !*) ca=$(echo "$line" | sed -e 's/^!//');;
76 if memberp "$ca" "$CERTS_ENABLED"; then
78 # CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED")
79 elif memberp "$ca" "$CERTS_AVAILABLE" ||
80 echo "$line" | grep -q '^!'; then
82 elif [ -f /usr/share/ca-certificates/"$ca" ] || \
83 [ -f /usr/local/share/ca-certificates/"$ca" ]; then
88 # CERTS_AVAILABLE=$(delca "$ca" "$CERTS_AVAILABLE")
90 done < /etc/ca-certificates.conf > /etc/ca-certificates.conf.dpkg-new
91 if echo "$CERTS_ENABLED" | egrep -q "^([[:space:]]*,)*[[:space:]]*$"; then
94 each_value "$CERTS_ENABLED" | while read ca
96 if grep -q "^$ca" /etc/ca-certificates.conf.dpkg-new; then
99 echo "$ca" >> /etc/ca-certificates.conf.dpkg-new
103 each_value "$CERTS_AVAILABLE" | while read ca
105 if memberp "$ca" "$CERTS_ENABLED"; then
107 elif grep -q "^!$ca" /etc/ca-certificates.conf.dpkg-new; then
110 echo "!$ca" >> /etc/ca-certificates.conf.dpkg-new
113 if cmp -s /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-new; then
114 rm -f /etc/ca-certificates.conf.dpkg-new
116 mv -f /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-old
117 mv /etc/ca-certificates.conf.dpkg-new /etc/ca-certificates.conf
121 cat > /etc/ca-certificates.conf <<EOF
122 # This file lists certificates that you wish to use or to ignore to be
123 # installed in /etc/ssl/certs.
124 # update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
126 # This is autogenerated by dpkg-reconfigure ca-certificates.
127 # Certificates should be installed under /usr/share/ca-certificates
128 # and files with extension '.crt' is recognized as available certs.
130 # line begins with # is comment.
131 # line begins with ! is certificate filename to be deselected.
134 (echo $CERTS_ENABLED | tr ',' '\n'; \
135 echo $CERTS_AVAILABLE | tr ',' '\n') | \
136 sed -e 's/^[[:space:]]*//' | \
138 sed -e 's/^[[:space:]]*2[[:space:]]*//' \
139 -e 's/^[[:space:]]*1[[:space:]]*/!/' \
140 >> /etc/ca-certificates.conf
142 # fix bogus symlink to ca-certificates.crt on upgrades; see
143 # Debian #643667; drop after wheezy
144 if dpkg --compare-versions "$2" lt-nl 20111025; then
145 update-ca-certificates --fresh
147 update-ca-certificates
151 abort-upgrade|abort-remove|abort-deconfigure)
156 echo "postinst called with unknown argument \`$1'" >&2
161 # dh_installdeb will replace this with shell code automatically
162 # generated by other debhelper scripts.