]> git.donarmstrong.com Git - ca-certificates.git/blob - debian/config
Imported Debian version 20050804
[ca-certificates.git] / debian / config
1 #!/bin/sh
2 # $1 = action ('configure' or 'reconfigure')
3 # $2 = current-installed-version
4 set -e
5
6 action="$1"
7 cur_version="$2"
8 this_version='20050518'
9
10 if test -f /etc/ca-certificates.conf; then
11   CERTSCONF=/etc/ca-certificates.conf
12 else
13   CERTSCONF=/dev/null
14 fi
15
16 # CERTS_DISABLED: certs that user dont trust
17 CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
18
19 # CERTS_TRUST: certs that user already trust
20 CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
21
22
23 # CERTS_AVAILABLE: certs that user can choices
24 CERTS_AVAILABLE=""
25
26 # CERTS_ENABLED: certs that user already trusted
27 CERTS_ENABLED=""
28
29 # CERTS_LIST: certs that will be installed
30 CERTS_LIST="spi-inc.org/spi-ca.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Certum_Root_CA.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/Entrust.net_Global_Secure_Personal_CA.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/IPS_CLASE1_root.crt, mozilla/IPS_CLASE3_root.crt, mozilla/IPS_CLASEA1_root.crt, mozilla/IPS_CLASEA3_root.crt, mozilla/IPS_Chained_CAs_root.crt, mozilla/IPS_Servidores_root.crt, mozilla/IPS_Timestamping_root.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/UTN_USERFirst_Object_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_1_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_2_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/Verisign_Secure_Server_OCSP_Responder.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/beTRUSTed_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt, cacert.org/cacert.org.crt, brasil.gov.br/brasil.gov.br.crt, signet.pl/signet_ca1_pem.crt, signet.pl/signet_ca2_pem.crt, signet.pl/signet_ca3_pem.crt, signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_ocspklasa3_pem.crt, signet.pl/signet_pca2_pem.crt, signet.pl/signet_pca3_pem.crt, signet.pl/signet_rootca_pem.crt, signet.pl/signet_tsa1_pem.crt, quovadis.bm/QuoVadis_Root_Certification_Authority.crt"
31
32 # CERTS_NEW: new certificates that will be installed
33 CERTS_NEW=""
34
35 members()
36 {
37   echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
38   do
39     if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
40       echo match
41     fi
42   done | grep -q match
43 }
44
45 . /usr/share/debconf/confmodule || exit
46 db_version 2.0
47 db_capb multiselect
48
49 db_title "ca-certificates configuration"
50 db_input medium ca-certificates/trust_new_crts || true
51 db_go
52
53 trust_new="yes"
54 if db_get ca-certificates/trust_new_crts; then
55   trust_new="$RET"
56 fi
57
58 seen=false
59 if db_fget ca-certificates/enable_crts seen; then
60   seen="$RET"
61 fi
62 # XXX: in case reconfigure, force to select all available certificates
63 if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
64   seen=false
65   trust_new=no
66 fi
67
68 if test -d /usr/share/ca-certificates; then
69   cd /usr/share/ca-certificates
70   crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
71            echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
72            sort | uniq)
73   for crt in $crts
74   do
75    if test "$CERTS_AVAILABLE" = ""; then
76      CERTS_AVAILABLE="$crt"
77    else
78      CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
79    fi
80    if echo "$CERTS_DISABLED" | grep -F -q -x "$crt" > /dev/null 2>&1; then
81      : # echo "I: ignore $crt"
82    elif echo "$CERTS_TRUST" | grep -F -q -x "$crt" > /dev/null 2>&1; then
83      # already trusted
84      if test "$CERTS_ENABLED" = ""; then
85        CERTS_ENABLED="$crt"
86      else
87        CERTS_ENABLED="$CERTS_ENABLED, $crt"
88      fi
89    else
90      # new certs?
91      if test "$trust_new" = "yes"; then
92        if test "$CERTS_ENABLED" = ""; then
93           CERTS_ENABLED="$crt"
94        else
95           CERTS_ENABLED="$CERTS_ENABLED, $crt"
96        fi
97      elif test "$trust_new" = "ask"; then
98        if test "$CERTS_NEW" = ""; then
99           CERTS_NEW="$crt"
100        else
101           CERTS_NEW="$CERTS_NEW, $crt"
102        fi
103      else
104          : # trust_new=no, default disabled
105      fi
106    fi
107   done
108 else
109   # initial installation
110   CERTS_AVAILABLE="$CERTS_LIST"
111   CERTS_ENABLED="$CERTS_AVAILABLE"
112   # XXX: ca-certificates/enable_crts should be used, so no need to ask new
113   #     in this session
114   trust_new="yes"
115   CERTS_NEW=""
116 fi
117
118 enable_crts=""
119 if db_get ca-certificates/enable_crts; then
120  enable_crts="$RET"
121 fi
122
123 new_seen=false
124 if dpkg --compare-versions "$cur_version" lt 20040808; then
125   db_fset ca-certificates/new_crts seen false
126 fi
127 if db_fget ca-certificates/new_crts seen; then
128   new_seen="$RET"
129 fi
130 if members "$CERTS_NEW" "$enable_crts"; then
131     # already selected new_crts?
132     new_seen=true
133 fi
134 db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
135
136 if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
137  # XXX: run this again in postinst
138  CERTS_ENABLED="$enable_crts"
139 fi
140
141 if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
142   # New certificates added
143   db_fset ca-certificates/new_crts seen false
144   db_title "ca-certificates configuration"
145   db_input critical ca-certificates/new_crts || true
146   db_go
147   
148   if db_get ca-certificates/new_crts; then
149      if test "$CERTS_ENABLED" = ""; then
150         CERTS_ENABLED="$RET"
151      else
152         CERTS_ENABLED="$CERTS_ENABLED, $RET"
153      fi
154   fi
155   # XXX: old certificates keep current state?
156   seen=true
157 fi
158 # mark seen true, so that dont ask again while postinst 
159 db_fset ca-certificates/new_crts seen true
160
161 db_set ca-certificates/enable_crts "$CERTS_ENABLED"
162 db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
163 if test "$seen" != true; then
164  db_fset ca-certificates/enable_crts seen false
165 fi
166 db_title "ca-certificates configuration"
167 db_input low ca-certificates/enable_crts || true
168 db_go
169 exit 0