]> git.donarmstrong.com Git - ca-certificates.git/blob - debian/postinst
projects / ca-certificates.git / blob
? search:


ca6aab06b1c7de96b7f0212efcb2babe46bf5741
[ca-certificates.git] / debian / postinst
1 #! /bin/sh -e
2 # postinst script for ca-certificates
3 #
4 # see: dh_installdeb(1)
5
6 # summary of how this script can be called:
7 #        * <postinst> `configure' <most-recently-configured-version>
8 #        * <old-postinst> `abort-upgrade' <new version>
9 #        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
10 #          <new-version>
11 #        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
12 #          <failed-install-package> <version> `removing'
13 #          <conflicting-package> <version>
14 # for details, see /usr/share/doc/packaging-manual/
15 #
16 # quoting from the policy:
17 #     Any necessary prompting should almost always be confined to the
18 #     post-installation script, and should be protected with a conditional
19 #     so that unnecessary prompting doesn't happen if a package's
20 #     installation fails and the `postinst' is called with `abort-upgrade',
21 #     `abort-remove' or `abort-deconfigure'.
22
23 each_value() {
24  echo "$l" |tr ',' '\n' | sed -e 's/^[[:space:]]*//' 
25 }
26
27 memberp() {
28  m="$1"
29  l="$2"
30  each_value "$1" | grep -q "^$m\$"
31 }
32
33 delca() {
34  m="$1"
35  l="$2"
36  echo "$l" |sed -e 's|'"$m"', ||' -e 's|'"$m"'$||' -e 's/,[[:space:]]*,/, /' -e 's/^[[:space:]]*//' -e 's/,[[:space:]]*$//'
37 }
38
39 case "$1" in
40     configure)
41         if [ ! -e /usr/local/share/ca-certificates ]
42         then
43             if mkdir /usr/local/share/ca-certificates 2>/dev/null
44             then
45                 chown root:staff /usr/local/share/ca-certificates
46                 chmod 2775 /usr/local/share/ca-certificates
47             fi
48         fi
49
50         . /usr/share/debconf/confmodule
51         db_version 2.0
52         db_capb multiselect
53         db_metaget ca-certificates/enable_crts choices
54         CERTS_AVAILABLE="$RET"
55         db_get ca-certificates/enable_crts
56         CERTS_ENABLED="$RET"
57         # XXX unmark seen for next configuration
58         db_fset ca-certificates/new_crts seen false
59         # We should clean up this value now, as everyone will have
60         # upgraded to a fixed version.
61         db_fset ca-certificates/enable_crts asked_pt_br_question false
62         db_stop || true
63         if test -f /etc/ca-certificates.conf; then
64           # XXX: while in subshell?
65           while read line
66           do
67             if echo "$line" | grep -q '^#'; then
68              echo "$line"
69             else
70              case "$line" in
71              !*) ca=$(echo "$line" | sed -e 's/^!//');;
72              *)   ca="$line";;
73              esac
74              if memberp "$ca" "$CERTS_ENABLED"; then
75                echo "$ca"
76                # CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED")
77              else
78                echo "!$ca"
79              fi
80              # CERTS_AVAILABLE=$(delca "$ca" "$CERTS_AVAILABLE")
81             fi
82           done < /etc/ca-certificates.conf > /etc/ca-certificates.conf.dpkg-new
83           if echo "$CERTS_ENABLED" | egrep -q "^([[:space:]]*,)*[[:space:]]*$"; then
84               :
85           else
86             each_value "$CERTS_ENABLED" | while read ca
87             do
88               if grep -q "^$ca" /etc/ca-certificates.conf.dpkg-new; then
89                   :
90               else
91                   echo "$ca" >> /etc/ca-certificates.conf.dpkg-new
92               fi
93             done
94           fi
95           each_value "$CERTS_AVAILABLE" | while read ca
96           do
97             if memberp "$ca" "$CERTS_ENABLED"; then
98                 :
99             elif grep -q "^!$ca" /etc/ca-certificates.conf.dpkg-new; then
100                 :
101             else
102                 echo "!$ca" >> /etc/ca-certificates.conf.dpkg-new
103             fi
104           done
105           if cmp -s /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-new; then
106             rm -f /etc/ca-certificates.conf.dpkg-new
107           else
108             mv -f /etc/ca-certificates.conf /etc/ca-certificates.conf.dpkg-old
109             mv /etc/ca-certificates.conf.dpkg-new /etc/ca-certificates.conf
110           fi
111         else
112           # new file
113           cat > /etc/ca-certificates.conf <<EOF
114 # This file lists certificates that you wish to use or to ignore to be
115 # installed in /etc/ssl/certs.
116 # update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
117 #
118 # This is autogenerated by dpkg-reconfigure ca-certificates.
119 # Certificates should be installed under /usr/share/ca-certificates
120 # and files with extension '.crt' is recognized as available certs.
121 #
122 # line begins with # is comment.
123 # line begins with ! is certificate filename to be deselected.
124 #
125 EOF
126           (echo $CERTS_ENABLED | tr ',' '\n'; \
127            echo $CERTS_AVAILABLE | tr ',' '\n') | \
128             sed -e 's/^[[:space:]]*//' | \
129             sort | uniq -c | \
130             sed -e 's/^[[:space:]]*2[[:space:]]*//' \
131                 -e 's/^[[:space:]]*1[[:space:]]*/!/' \
132             >> /etc/ca-certificates.conf
133         fi
134         update-ca-certificates
135     ;;
136
137     abort-upgrade|abort-remove|abort-deconfigure)
138
139     ;;
140
141     *)
142         echo "postinst called with unknown argument \`$1'" >&2
143         exit 1
144     ;;
145 esac
146
147 # dh_installdeb will replace this with shell code automatically
148 # generated by other debhelper scripts.
149
150 #DEBHELPER#
151
152 exit 0
153
154
ca-certificates package in Debian