2 # postinst script for ca-certificates
4 # see: dh_installdeb(1)
6 # summary of how this script can be called:
7 # * <postinst> `configure' <most-recently-configured-version>
8 # * <old-postinst> `abort-upgrade' <new version>
9 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
11 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
12 # <failed-install-package> <version> `removing'
13 # <conflicting-package> <version>
14 # for details, see /usr/share/doc/packaging-manual/
16 # quoting from the policy:
17 # Any necessary prompting should almost always be confined to the
18 # post-installation script, and should be protected with a conditional
19 # so that unnecessary prompting doesn't happen if a package's
20 # installation fails and the `postinst' is called with `abort-upgrade',
21 # `abort-remove' or `abort-deconfigure'.
24 echo "$l" |tr ',' '\n' | sed -e 's/^[[:space:]]*//'
30 each_value "$1" | grep -q "^$m\$"
36 echo "$l" |sed -e 's|'"$m"', ||' -e 's|'"$m"'$||' -e 's/,[[:space:]]*,/, /' -e 's/^[[:space:]]*//' -e 's/,[[:space:]]*$//'
41 if dpkg --compare-versions "$2" lt 20030414; then
42 # remove old *.pem files that ca-certificates installed
43 (cd /etc/ssl/certs; rm -f $(cat /usr/share/doc/ca-certificates/oldpemfiles))
45 . /usr/share/debconf/confmodule
48 db_metaget ca-certificates/enable_crts choices
49 CERTS_AVAILABLE="$RET"
50 db_get ca-certificates/enable_crts
52 # XXX unmark seen for next configuration
53 db_fset ca-certificates/new_crts seen false
54 # We should clean up this value now, as everyone will have
55 # upgraded to a fixed version.
56 db_fset ca-certificates/enable_crts asked_pt_br_question false
58 if test -f /etc/ca-certificates.conf; then
59 # XXX: while in subshell?
62 if echo "$line" | grep -q '^#'; then
66 !*) ca=$(echo "$line" | sed -e 's/^!//');;
69 if memberp "$ca" "$CERTS_ENABLED"; then
71 # CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED")
75 # CERTS_AVAILABLE=$(delca "$ca" "$CERTS_AVAILABLE")
77 done < /etc/ca-certificates.conf > /etc/ca-certificates.conf.dpkg-new
78 if echo "$CERTS_ENABLED" | egrep -q "^([[:space:]]*,)*[[:space:]]*$"; then
81 each_value "$CERTS_ENABLED" | while read ca
83 if grep -q "^$ca" /etc/ca-certificates.conf.dpkg-new; then
86 echo "$ca" >> /etc/ca-certificates.conf.dpkg-new
90 each_value "$CERTS_AVAILABLE" | while read ca
92 if memberp "$ca" "$CERTS_ENABLED"; then
94 elif grep -q "^!$ca" /etc/ca-certificates.conf.dpkg-new; then
97 echo "!$ca" >> /etc/ca-certificates.conf.dpkg-new
100 if cmp -s /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-new; then
101 rm -f /etc/ca-certificates.conf.dpkg-new
103 mv -f /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-old
104 mv /etc/ca-certificates.conf.dpkg-new /etc/ca-certificates.conf
108 cat > /etc/ca-certificates.conf <<EOF
109 # This file lists certificates that you wish to use or to ignore to be
110 # installed in /etc/ssl/certs.
111 # update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
113 # This is autogenerated by dpkg-reconfigure ca-certificates.
114 # Certificates should be installed under /usr/share/ca-certificates
115 # and files with extension '.crt' is recognized as available certs.
117 # line begins with # is comment.
118 # line begins with ! is certificate filename to be deselected.
121 (echo $CERTS_ENABLED | tr ',' '\n'; \
122 echo $CERTS_AVAILABLE | tr ',' '\n') | \
123 sed -e 's/^[[:space:]]*//' | \
125 sed -e 's/^[[:space:]]*2[[:space:]]*//' \
126 -e 's/^[[:space:]]*1[[:space:]]*/!/' \
127 >> /etc/ca-certificates.conf
129 update-ca-certificates
132 abort-upgrade|abort-remove|abort-deconfigure)
137 echo "postinst called with unknown argument \`$1'" >&2
142 # dh_installdeb will replace this with shell code automatically
143 # generated by other debhelper scripts.