Broken symlinks on upgrade due to plain c_rehash call #643667

[ca-certificates.git] / debian / postinst

diff --git a/debian/postinst b/debian/postinst
index 4d6804bd24414edc5b9f438160912694b7e7d219..21d1b94aceb2ebc15ca34aa78e50a2d9b5cdeba9 100644 (file)
--- a/debian/postinst
+++ b/debian/postinst
@@ -21,13 +21,13 @@
 #     `abort-remove' or `abort-deconfigure'.
 
 each_value() {
- echo "$l" |tr ',' '\n' | sed -e 's/^[[:space:]]*//' 
+ echo "$1" |tr ',' '\n' | sed -e 's/^[[:space:]]*//' 
 }
 
 memberp() {
  m="$1"
  l="$2"
- each_value "$1" | grep -q "^$m\$"
+ each_value "$l" | grep -q "^$m\$"
 }
 
 delca() {
@@ -38,10 +38,15 @@ delca() {
 
 case "$1" in
     configure)
-        if dpkg --compare-versions "$2" lt 20030414; then
-           # remove old *.pem files that ca-certificates installed 
-           (cd /etc/ssl/certs; rm -f $(cat /usr/share/doc/ca-certificates/oldpemfiles))
-       fi
+        if [ ! -e /usr/local/share/ca-certificates ]
+        then
+            if mkdir /usr/local/share/ca-certificates 2>/dev/null
+            then
+                chown root:staff /usr/local/share/ca-certificates
+                chmod 2775 /usr/local/share/ca-certificates
+            fi
+        fi
+
         . /usr/share/debconf/confmodule
        db_version 2.0
        db_capb multiselect
@@ -51,6 +56,9 @@ case "$1" in
        CERTS_ENABLED="$RET"
        # XXX unmark seen for next configuration
        db_fset ca-certificates/new_crts seen false
+       # We should clean up this value now, as everyone will have
+       # upgraded to a fixed version.
+       db_fset ca-certificates/enable_crts asked_pt_br_question false
        db_stop || true
        if test -f /etc/ca-certificates.conf; then
          # XXX: while in subshell?
@@ -66,6 +74,12 @@ case "$1" in
             if memberp "$ca" "$CERTS_ENABLED"; then
               echo "$ca"
               # CERTS_ENABLED=$(delca "$ca" "$CERTS_ENABLED")
+         elif memberp "$ca" "$CERTS_AVAILABLE" ||
+              echo "$line" | grep -q '^!'; then
+           echo "!$ca"
+         elif [ -f /usr/share/ca-certificates/"$ca" ] || \
+              [ -f /usr/local/share/ca-certificates/"$ca" ]; then
+           echo "$ca"
             else
               echo "!$ca"
             fi
@@ -104,13 +118,13 @@ case "$1" in
          # new file
          cat > /etc/ca-certificates.conf <<EOF
 # This file lists certificates that you wish to use or to ignore to be
-# installed in /etc/ssl/certs. 
+# installed in /etc/ssl/certs.
 # update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
-# 
+#
 # This is autogenerated by dpkg-reconfigure ca-certificates.
-# certificates shoule be installed under /usr/share/ca-certificates
+# Certificates should be installed under /usr/share/ca-certificates
 # and files with extension '.crt' is recognized as available certs.
-# 
+#
 # line begins with # is comment.
 # line begins with ! is certificate filename to be deselected.
 #
@@ -123,7 +137,13 @@ EOF
                -e 's/^[[:space:]]*1[[:space:]]*/!/' \
            >> /etc/ca-certificates.conf
        fi
-       update-ca-certificates
+       # fix bogus symlink to ca-certificates.crt on upgrades; see
+       # Debian #643667; drop after wheezy
+       if dpkg --compare-versions "$2" lt-nl 20110502+nmu2+643667; then
+           update-ca-certificates --fresh
+       else
+           update-ca-certificates
+       fi
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)