+++ /dev/null
-#!/bin/sh
-# $1 = action ('configure' or 'reconfigure')
-# $2 = current-installed-version
-set -e
-
-action="$1"
-cur_version="$2"
-this_version='20080411'
-
-if test -f /etc/ca-certificates.conf; then
- CERTSCONF=/etc/ca-certificates.conf
-else
- CERTSCONF=/dev/null
-fi
-
-# CERTS_DISABLED: certs that user dont trust
-CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
-
-# CERTS_TRUST: certs that user already trust
-CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
-
-
-# CERTS_AVAILABLE: certs that user can choices
-CERTS_AVAILABLE=""
-
-# CERTS_ENABLED: certs that user already trusted
-CERTS_ENABLED=""
-
-# CERTS_LIST: certs that will be installed
-CERTS_LIST="cacert.org/root.crt, cacert.org/class3.crt, telesec.de/deutsche-telekom-root-ca-2.crt, quovadis.bm/QuoVadis_Root_Certification_Authority.crt, brasil.gov.br/brasil.gov.br.crt, signet.pl/signet_pca2_pem.crt, signet.pl/signet_ca1_pem.crt, signet.pl/signet_ca3_pem.crt, signet.pl/signet_ca2_pem.crt, signet.pl/signet_rootca_pem.crt, signet.pl/signet_ocspklasa3_pem.crt, signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_pca3_pem.crt, signet.pl/signet_tsa1_pem.crt, debconf.org/ca.crt, spi-inc.org/SPI_CA_2006-cacert.crt, spi-inc.org/spi-ca.crt, spi-inc.org/SPI2007-ca.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/IPS_CLASE1_root.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/AddTrust_External_Root.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/Entrust.net_Global_Secure_Personal_CA.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Secure_Global_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/beTRUSTed_Root_CA.crt, mozilla/UTN_USERFirst_Object_Root_CA.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/SecureTrust_CA.crt, mozilla/Certum_Root_CA.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/IPS_CLASEA3_root.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt, mozilla/Equifax_Secure_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/StartCom_Ltd..crt, mozilla/IPS_CLASEA1_root.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/IPS_Timestamping_root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/Thawte_Server_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/IPS_Chained_CAs_root.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/IPS_CLASE3_root.crt, mozilla/IPS_Servidores_root.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/Taiwan_GRCA.crt"
-
-# CERTS_NEW: new certificates that will be installed
-CERTS_NEW=""
-
-members()
-{
- echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
- do
- if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
- echo match
- fi
- done | grep -q match
-}
-
-. /usr/share/debconf/confmodule || exit
-db_version 2.0
-db_capb multiselect
-
-db_title "ca-certificates configuration"
-db_input medium ca-certificates/trust_new_crts || true
-db_go
-
-trust_new="yes"
-if db_get ca-certificates/trust_new_crts; then
- trust_new="$RET"
-fi
-
-seen=false
-if db_fget ca-certificates/enable_crts seen; then
- seen="$RET"
-fi
-# XXX: in case reconfigure, force to select all available certificates
-if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
- seen=false
- trust_new=no
-fi
-
-if test -d /usr/share/ca-certificates; then
- cd /usr/share/ca-certificates
- crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
- echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
- sort | uniq)
- for crt in $crts
- do
- if test "$CERTS_AVAILABLE" = ""; then
- CERTS_AVAILABLE="$crt"
- else
- CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
- fi
- if echo "$CERTS_DISABLED" | grep -F -q -x "$crt" > /dev/null 2>&1; then
- : # echo "I: ignore $crt"
- elif echo "$CERTS_TRUST" | grep -F -q -x "$crt" > /dev/null 2>&1; then
- # already trusted
- if test "$CERTS_ENABLED" = ""; then
- CERTS_ENABLED="$crt"
- else
- CERTS_ENABLED="$CERTS_ENABLED, $crt"
- fi
- else
- # new certs?
- if test "$trust_new" = "yes"; then
- if test "$CERTS_ENABLED" = ""; then
- CERTS_ENABLED="$crt"
- else
- CERTS_ENABLED="$CERTS_ENABLED, $crt"
- fi
- elif test "$trust_new" = "ask"; then
- if test "$CERTS_NEW" = ""; then
- CERTS_NEW="$crt"
- else
- CERTS_NEW="$CERTS_NEW, $crt"
- fi
- else
- : # trust_new=no, default disabled
- fi
- fi
- done
-else
- # initial installation
- CERTS_AVAILABLE="$CERTS_LIST"
- CERTS_ENABLED="$CERTS_AVAILABLE"
- # XXX: ca-certificates/enable_crts should be used, so no need to ask new
- # in this session
- trust_new="yes"
- CERTS_NEW=""
-fi
-
-enable_crts=""
-if db_get ca-certificates/enable_crts; then
- enable_crts="$RET"
-fi
-
-new_seen=false
-if dpkg --compare-versions "$cur_version" lt 20040808; then
- db_fset ca-certificates/new_crts seen false
-fi
-if db_fget ca-certificates/new_crts seen; then
- new_seen="$RET"
-fi
-if members "$CERTS_NEW" "$enable_crts"; then
- # already selected new_crts?
- new_seen=true
-fi
-db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
-
-if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
- # XXX: run this again in postinst
- CERTS_ENABLED="$enable_crts"
-fi
-
-if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
- # New certificates added
- db_fset ca-certificates/new_crts seen false
- db_title "ca-certificates configuration"
- db_input critical ca-certificates/new_crts || true
- db_go
-
- if db_get ca-certificates/new_crts; then
- if test "$CERTS_ENABLED" = ""; then
- CERTS_ENABLED="$RET"
- else
- CERTS_ENABLED="$CERTS_ENABLED, $RET"
- fi
- fi
- # XXX: old certificates keep current state?
- seen=true
-fi
-# mark seen true, so that dont ask again while postinst
-db_fset ca-certificates/new_crts seen true
-
-db_set ca-certificates/enable_crts "$CERTS_ENABLED"
-db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
-if test "$seen" != true; then
- db_fset ca-certificates/enable_crts seen false
-fi
-db_title "ca-certificates configuration"
-db_input low ca-certificates/enable_crts || true
-db_go
-exit 0
projects / ca-certificates.git / commitdiff