2 # postinst script for ca-certificates
4 # see: dh_installdeb(1)
6 # summary of how this script can be called:
7 # * <postinst> `configure' <most-recently-configured-version>
8 # * <old-postinst> `abort-upgrade' <new version>
9 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
11 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
12 # <failed-install-package> <version> `removing'
13 # <conflicting-package> <version>
14 # for details, see /usr/share/doc/packaging-manual/
16 # quoting from the policy:
17 # Any necessary prompting should almost always be confined to the
18 # post-installation script, and should be protected with a conditional
19 # so that unnecessary prompting doesn't happen if a package's
20 # installation fails and the `postinst' is called with `abort-upgrade',
21 # `abort-remove' or `abort-deconfigure'.
24 echo "$1" |tr ',' '\n' | sed -e 's/^[[:space:]]*//'
30 each_value "$l" | grep -q "^$m\$"
36 echo "$l" |sed -e 's|'"$m"', ||' -e 's|'"$m"'$||' -e 's/,[[:space:]]*,/, /' -e 's/^[[:space:]]*//' -e 's/,[[:space:]]*$//'
41 if [ ! -e /usr/local/share/ca-certificates ]
43 if mkdir /usr/local/share/ca-certificates 2>/dev/null
45 chown root:staff /usr/local/share/ca-certificates
46 chmod 2775 /usr/local/share/ca-certificates
50 . /usr/share/debconf/confmodule
53 db_metaget ca-certificates/enable_crts choices
54 CERTS_AVAILABLE="$RET"
55 db_get ca-certificates/enable_crts
57 # XXX unmark seen for next configuration
58 db_fset ca-certificates/new_crts seen false
59 # We should clean up this value now, as everyone will have
60 # upgraded to a fixed version.
61 db_fset ca-certificates/enable_crts asked_pt_br_question false
63 if test -f /etc/ca-certificates.conf; then
64 # XXX: while in subshell?
67 if echo "$line" | grep -q '^#'; then
71 !*) ca=$(echo "$line" | sed -e 's/^!//');;
74 if memberp "$ca" "$CERTS_ENABLED"; then
76 # CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED")
77 elif memberp "$ca" "$CERTS_AVAILABLE" ||
78 echo "$line" | grep -q '^!'; then
80 elif [ -f /usr/share/ca-certificates/"$ca" ] || \
81 [ -f /usr/local/share/ca-certificates/"$ca" ]; then
86 # CERTS_AVAILABLE=$(delca "$ca" "$CERTS_AVAILABLE")
88 done < /etc/ca-certificates.conf > /etc/ca-certificates.conf.dpkg-new
89 if echo "$CERTS_ENABLED" | egrep -q "^([[:space:]]*,)*[[:space:]]*$"; then
92 each_value "$CERTS_ENABLED" | while read ca
94 if grep -q "^$ca" /etc/ca-certificates.conf.dpkg-new; then
97 echo "$ca" >> /etc/ca-certificates.conf.dpkg-new
101 each_value "$CERTS_AVAILABLE" | while read ca
103 if memberp "$ca" "$CERTS_ENABLED"; then
105 elif grep -q "^!$ca" /etc/ca-certificates.conf.dpkg-new; then
108 echo "!$ca" >> /etc/ca-certificates.conf.dpkg-new
111 if cmp -s /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-new; then
112 rm -f /etc/ca-certificates.conf.dpkg-new
114 mv -f /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-old
115 mv /etc/ca-certificates.conf.dpkg-new /etc/ca-certificates.conf
119 cat > /etc/ca-certificates.conf <<EOF
120 # This file lists certificates that you wish to use or to ignore to be
121 # installed in /etc/ssl/certs.
122 # update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
124 # This is autogenerated by dpkg-reconfigure ca-certificates.
125 # Certificates should be installed under /usr/share/ca-certificates
126 # and files with extension '.crt' is recognized as available certs.
128 # line begins with # is comment.
129 # line begins with ! is certificate filename to be deselected.
132 (echo $CERTS_ENABLED | tr ',' '\n'; \
133 echo $CERTS_AVAILABLE | tr ',' '\n') | \
134 sed -e 's/^[[:space:]]*//' | \
136 sed -e 's/^[[:space:]]*2[[:space:]]*//' \
137 -e 's/^[[:space:]]*1[[:space:]]*/!/' \
138 >> /etc/ca-certificates.conf
140 update-ca-certificates
143 abort-upgrade|abort-remove|abort-deconfigure)
148 echo "postinst called with unknown argument \`$1'" >&2
153 # dh_installdeb will replace this with shell code automatically
154 # generated by other debhelper scripts.