2 # postinst script for ca-certificates
4 # see: dh_installdeb(1)
6 # summary of how this script can be called:
7 # * <postinst> `configure' <most-recently-configured-version>
8 # * <old-postinst> `abort-upgrade' <new version>
9 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
11 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
12 # <failed-install-package> <version> `removing'
13 # <conflicting-package> <version>
14 # for details, see /usr/share/doc/packaging-manual/
16 # quoting from the policy:
17 # Any necessary prompting should almost always be confined to the
18 # post-installation script, and should be protected with a conditional
19 # so that unnecessary prompting doesn't happen if a package's
20 # installation fails and the `postinst' is called with `abort-upgrade',
21 # `abort-remove' or `abort-deconfigure'.
24 echo "$l" |tr ',' '\n' | sed -e 's/^[[:space:]]*//'
30 each_value "$1" | grep -q "^$m\$"
36 echo "$l" |sed -e 's|'"$m"', ||' -e 's|'"$m"'$||' -e 's/,[[:space:]]*,/, /' -e 's/^[[:space:]]*//' -e 's/,[[:space:]]*$//'
41 if dpkg --compare-versions "$2" lt 20030414; then
42 # remove old *.pem files that ca-certificates installed
43 (cd /etc/ssl/certs; rm -f $(cat /usr/share/doc/ca-certificates/oldpemfiles))
45 . /usr/share/debconf/confmodule
48 db_metaget ca-certificates/enable_crts choices
49 CERTS_AVAILABLE="$RET"
50 db_get ca-certificates/enable_crts
52 # XXX unmark seen for next configuration
53 db_fset ca-certificates/new_crts seen false
55 if test -f /etc/ca-certificates.conf; then
56 # XXX: while in subshell?
59 if echo "$line" | grep -q '^#'; then
63 !*) ca=$(echo "$line" | sed -e 's/^!//');;
66 if memberp "$ca" "$CERTS_ENABLED"; then
68 # CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED")
72 # CERTS_AVAILABLE=$(delca "$ca" "$CERTS_AVAILABLE")
74 done < /etc/ca-certificates.conf > /etc/ca-certificates.conf.dpkg-new
75 if echo "$CERTS_ENABLED" | egrep -q "^([[:space:]]*,)*[[:space:]]*$"; then
78 each_value "$CERTS_ENABLED" | while read ca
80 if grep -q "^$ca" /etc/ca-certificates.conf.dpkg-new; then
83 echo "$ca" >> /etc/ca-certificates.conf.dpkg-new
87 each_value "$CERTS_AVAILABLE" | while read ca
89 if memberp "$ca" "$CERTS_ENABLED"; then
91 elif grep -q "^!$ca" /etc/ca-certificates.conf.dpkg-new; then
94 echo "!$ca" >> /etc/ca-certificates.conf.dpkg-new
97 if cmp -s /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-new; then
98 rm -f /etc/ca-certificates.conf.dpkg-new
100 mv -f /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-old
101 mv /etc/ca-certificates.conf.dpkg-new /etc/ca-certificates.conf
105 cat > /etc/ca-certificates.conf <<EOF
106 # This file lists certificates that you wish to use or to ignore to be
107 # installed in /etc/ssl/certs.
108 # update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
110 # This is autogenerated by dpkg-reconfigure ca-certificates.
111 # Certificates should be installed under /usr/share/ca-certificates
112 # and files with extension '.crt' is recognized as available certs.
114 # line begins with # is comment.
115 # line begins with ! is certificate filename to be deselected.
118 (echo $CERTS_ENABLED | tr ',' '\n'; \
119 echo $CERTS_AVAILABLE | tr ',' '\n') | \
120 sed -e 's/^[[:space:]]*//' | \
122 sed -e 's/^[[:space:]]*2[[:space:]]*//' \
123 -e 's/^[[:space:]]*1[[:space:]]*/!/' \
124 >> /etc/ca-certificates.conf
126 update-ca-certificates
129 abort-upgrade|abort-remove|abort-deconfigure)
134 echo "postinst called with unknown argument \`$1'" >&2
139 # dh_installdeb will replace this with shell code automatically
140 # generated by other debhelper scripts.