Update release to 20121105

[ca-certificates.git] / debian / postinst

#! /bin/sh
# postinst script for ca-certificates
#
# see: dh_installdeb(1)

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see /usr/share/doc/packaging-manual/
#
# quoting from the policy:
#     Any necessary prompting should almost always be confined to the
#     post-installation script, and should be protected with a conditional
#     so that unnecessary prompting doesn't happen if a package's
#     installation fails and the `postinst' is called with `abort-upgrade',
#     `abort-remove' or `abort-deconfigure'.

set -e

each_value() {
 echo "$1" |tr ',' '\n' | sed -e 's/^[[:space:]]*//' 
}

memberp() {
 m="$1"
 l="$2"
 each_value "$l" | grep -q "^$m\$"
}

delca() {
 m="$1"
 l="$2"
 echo "$l" |sed -e 's|'"$m"', ||' -e 's|'"$m"'$||' -e 's/,[[:space:]]*,/, /' -e 's/^[[:space:]]*//' -e 's/,[[:space:]]*$//'
}

case "$1" in
    configure)
        if [ ! -e /usr/local/share/ca-certificates ]
        then
            if mkdir /usr/local/share/ca-certificates 2>/dev/null
            then
                chown root:staff /usr/local/share/ca-certificates
                chmod 2775 /usr/local/share/ca-certificates
            fi
        fi

        . /usr/share/debconf/confmodule
        db_version 2.0
        db_capb multiselect
        db_metaget ca-certificates/enable_crts choices
        CERTS_AVAILABLE="$RET"
        db_get ca-certificates/enable_crts
        CERTS_ENABLED="$RET"
        # XXX unmark seen for next configuration
        db_fset ca-certificates/new_crts seen false
        # We should clean up this value now, as everyone will have
        # upgraded to a fixed version.
        db_fset ca-certificates/enable_crts asked_pt_br_question false
        db_stop || true
        if test -f /etc/ca-certificates.conf; then
          # XXX: while in subshell?
          while read line
          do
            if echo "$line" | grep -q '^#'; then
             echo "$line"
            else
             case "$line" in
             !*) ca=$(echo "$line" | sed -e 's/^!//');;
             *)   ca="$line";;
             esac
             if memberp "$ca" "$CERTS_ENABLED"; then
               echo "$ca"
               # CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED")
         elif memberp "$ca" "$CERTS_AVAILABLE" ||
              echo "$line" | grep -q '^!'; then
           echo "!$ca"
         elif [ -f /usr/share/ca-certificates/"$ca" ] || \
              [ -f /usr/local/share/ca-certificates/"$ca" ]; then
           echo "$ca"
             else
               echo "!$ca"
             fi
             # CERTS_AVAILABLE=$(delca "$ca" "$CERTS_AVAILABLE")
            fi
          done < /etc/ca-certificates.conf > /etc/ca-certificates.conf.dpkg-new
          if echo "$CERTS_ENABLED" | egrep -q "^([[:space:]]*,)*[[:space:]]*$"; then
              :
          else
            each_value "$CERTS_ENABLED" | while read ca
            do
              if grep -q "^$ca" /etc/ca-certificates.conf.dpkg-new; then
                  :
              else
                  echo "$ca" >> /etc/ca-certificates.conf.dpkg-new
              fi
            done
          fi
          each_value "$CERTS_AVAILABLE" | while read ca
          do
            if memberp "$ca" "$CERTS_ENABLED"; then
                :
            elif grep -q "^!$ca" /etc/ca-certificates.conf.dpkg-new; then
                :
            else
                echo "!$ca" >> /etc/ca-certificates.conf.dpkg-new
            fi
          done
          if cmp -s /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-new; then
            rm -f /etc/ca-certificates.conf.dpkg-new
          else
            mv -f /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-old
            mv /etc/ca-certificates.conf.dpkg-new /etc/ca-certificates.conf
          fi
        else
          # new file
          cat > /etc/ca-certificates.conf <<EOF
# This file lists certificates that you wish to use or to ignore to be
# installed in /etc/ssl/certs.
# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
#
# This is autogenerated by dpkg-reconfigure ca-certificates.
# Certificates should be installed under /usr/share/ca-certificates
# and files with extension '.crt' is recognized as available certs.
#
# line begins with # is comment.
# line begins with ! is certificate filename to be deselected.
#
EOF
          (echo $CERTS_ENABLED | tr ',' '\n'; \
           echo $CERTS_AVAILABLE | tr ',' '\n') | \
            sed -e 's/^[[:space:]]*//' | \
            sort | uniq -c | \
            sed -e 's/^[[:space:]]*2[[:space:]]*//' \
                -e 's/^[[:space:]]*1[[:space:]]*/!/' \
            >> /etc/ca-certificates.conf
        fi
        # fix bogus symlink to ca-certificates.crt on upgrades; see
        # Debian #643667; drop after wheezy
        if dpkg --compare-versions "$2" lt-nl 20111025; then
            update-ca-certificates --fresh
        else
            update-ca-certificates
        fi
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)

    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0