← Back to branch summary

~ubuntu-branches/ubuntu/trusty/ca-certificates/trusty-proposed

« back to all changes in this revision

Viewing changes to debian/config

  • Committer: Bazaar Package Importer
  • Author(s): Fumitoshi UKAI
  • Date: 2004-08-09 03:23:20 UTC
  • mfrom: (1.1.1 warty)
  • Revision ID: james.westby@ubuntu.com-20040809032320-29vpp5g9f4xroy2g
Tags: 20040809
http://bugs.debian.org/255933
previous version was not fixed Bug#255933 correctly.
update-ca-certificates now remove symlinks of deselected entries 
in ca-certificates.conf
closes: Bug#255933

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/config
 
1
#!/bin/sh
 
2
# $1 = action ('configure' or 'reconfigure')
 
3
# $2 = current-installed-version
 
4
set -e
 
5
 
 
6
action="$1"
 
7
cur_version="$2"
 
8
this_version='20040809'
 
9
 
 
10
if test -f /etc/ca-certificates.conf; then
 
11
  CERTSCONF=/etc/ca-certificates.conf
 
12
else
 
13
  CERTSCONF=/dev/null
 
14
fi
 
15
 
 
16
# CERTS_DISABLED: certs that user dont trust
 
17
CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
 
18
 
 
19
# CERTS_TRUST: certs that user already trust
 
20
CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
 
21
 
 
22
 
 
23
# CERTS_AVAILABLE: certs that user can choices
 
24
CERTS_AVAILABLE=""
 
25
 
 
26
# CERTS_ENABLED: certs that user already trusted
 
27
CERTS_ENABLED=""
 
28
 
 
29
# CERTS_LIST: certs that will be installed
 
30
CERTS_LIST="spi-inc.org/spi-ca.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/Entrust.net_Global_Secure_Personal_CA.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_1_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_2_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/Verisign_Secure_Server_OCSP_Responder.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/beTRUSTed_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt, brasil.gov.br/brasil.gov.br.crt, signet.pl/signet_ca1_pem.crt, signet.pl/signet_ca2_pem.crt, signet.pl/signet_ca3_pem.crt, signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_ocspklasa3_pem.crt, signet.pl/signet_pca2_pem.crt, signet.pl/signet_pca3_pem.crt, signet.pl/signet_rootca_pem.crt, signet.pl/signet_tsa1_pem.crt, quovadis.bm/QuoVadis_Root_Certification_Authority.crt"
 
31
 
 
32
# CERTS_NEW: new certificates that will be installed
 
33
CERTS_NEW=""
 
34
 
 
35
members()
 
36
{
 
37
  echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
 
38
  do
 
39
    if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
 
40
      echo match
 
41
    fi
 
42
  done | grep -q match
 
43
}
 
44
 
 
45
. /usr/share/debconf/confmodule || exit
 
46
db_version 2.0
 
47
db_capb multiselect
 
48
 
 
49
db_title "ca-certificates configuration"
 
50
db_input medium ca-certificates/trust_new_crts || true
 
51
db_go
 
52
 
 
53
trust_new="yes"
 
54
if db_get ca-certificates/trust_new_crts; then
 
55
  trust_new="$RET"
 
56
fi
 
57
 
 
58
seen=false
 
59
if db_fget ca-certificates/enable_crts seen; then
 
60
  seen="$RET"
 
61
fi
 
62
# XXX: in case reconfigure, force to select all available certificates
 
63
if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
 
64
  seen=false
 
65
  trust_new=no
 
66
fi
 
67
 
 
68
if test -d /usr/share/ca-certificates; then
 
69
  cd /usr/share/ca-certificates
 
70
  crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
 
71
           echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
 
72
           sort | uniq)
 
73
  for crt in $crts
 
74
  do
 
75
   if test "$CERTS_AVAILABLE" = ""; then
 
76
     CERTS_AVAILABLE="$crt"
 
77
   else
 
78
     CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
 
79
   fi
 
80
   if echo "$CERTS_DISABLED" | grep -F -q -x "$crt" > /dev/null 2>&1; then
 
81
     : # echo "I: ignore $crt"
 
82
   elif echo "$CERTS_TRUST" | grep -F -q -x "$crt" > /dev/null 2>&1; then
 
83
     # already trusted
 
84
     if test "$CERTS_ENABLED" = ""; then
 
85
       CERTS_ENABLED="$crt"
 
86
     else
 
87
       CERTS_ENABLED="$CERTS_ENABLED, $crt"
 
88
     fi
 
89
   else
 
90
     # new certs?
 
91
     if test "$trust_new" = "yes"; then
 
92
       if test "$CERTS_ENABLED" = ""; then
 
93
          CERTS_ENABLED="$crt"
 
94
       else
 
95
          CERTS_ENABLED="$CERTS_ENABLED, $crt"
 
96
       fi
 
97
     elif test "$trust_new" = "ask"; then
 
98
       if test "$CERTS_NEW" = ""; then
 
99
          CERTS_NEW="$crt"
 
100
       else
 
101
          CERTS_NEW="$CERTS_NEW, $crt"
 
102
       fi
 
103
     else
 
104
         : # trust_new=no, default disabled
 
105
     fi
 
106
   fi
 
107
  done
 
108
else
 
109
  # initial installation
 
110
  CERTS_AVAILABLE="$CERTS_LIST"
 
111
  CERTS_ENABLED="$CERTS_AVAILABLE"
 
112
  # XXX: ca-certificates/enable_crts should be used, so no need to ask new
 
113
  #     in this session
 
114
  trust_new="yes"
 
115
  CERTS_NEW=""
 
116
fi
 
117
 
 
118
enable_crts=""
 
119
if db_get ca-certificates/enable_crts; then
 
120
 enable_crts="$RET"
 
121
fi
 
122
 
 
123
new_seen=false
 
124
if dpkg --compare-versions "$cur_version" lt 20040808; then
 
125
  db_fset ca-certificates/new_crts seen false
 
126
fi
 
127
if db_fget ca-certificates/new_crts seen; then
 
128
  new_seen="$RET"
 
129
fi
 
130
if members "$CERTS_NEW" "$enable_crts"; then
 
131
    # already selected new_crts?
 
132
    new_seen=true
 
133
fi
 
134
db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
 
135
 
 
136
if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
 
137
 # XXX: run this again in postinst
 
138
 CERTS_ENABLED="$enable_crts"
 
139
fi
 
140
 
 
141
if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
 
142
  # New certificates added
 
143
  db_fset ca-certificates/new_crts seen false
 
144
  db_title "ca-certificates configuration"
 
145
  db_input critical ca-certificates/new_crts || true
 
146
  db_go
 
147
  
 
148
  if db_get ca-certificates/new_crts; then
 
149
     if test "$CERTS_ENABLED" = ""; then
 
150
        CERTS_ENABLED="$RET"
 
151
     else
 
152
        CERTS_ENABLED="$CERTS_ENABLED, $RET"
 
153
     fi
 
154
  fi
 
155
  # XXX: old certificates keep current state?
 
156
  seen=true
 
157
fi
 
158
# mark seen true, so that dont ask again while postinst 
 
159
db_fset ca-certificates/new_crts seen true
 
160
 
 
161
db_set ca-certificates/enable_crts "$CERTS_ENABLED"
 
162
db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
 
163
if test "$seen" != true; then
 
164
 db_fset ca-certificates/enable_crts seen false
 
165
fi
 
166
db_title "ca-certificates configuration"
 
167
db_input low ca-certificates/enable_crts || true
 
168
db_go
 
169
exit 0