This file is indexed.

config is in ca-certificates 20111211.

This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
#!/bin/sh
# $1 = action ('configure' or 'reconfigure')
# $2 = current-installed-version
set -e

action="$1"
cur_version="$2"
this_version='20111211'
pt_BR_fixed_version="20080616"

if test -f /etc/ca-certificates.conf; then
  CERTSCONF=/etc/ca-certificates.conf
else
  CERTSCONF=/dev/null
fi

# CERTS_DISABLED: certs that user dont trust
CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)

# CERTS_TRUST: certs that user already trust
CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)


# CERTS_AVAILABLE: certs that user can choices
CERTS_AVAILABLE=""

# CERTS_ENABLED: certs that user already trusted
CERTS_ENABLED=""

# CERTS_LIST: certs that will be installed
CERTS_LIST="cacert.org/cacert.org.crt, debconf.org/ca.crt, spi-inc.org/spi-cacert-2008.crt, spi-inc.org/spi-ca-2003.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/CNNIC_ROOT.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Equifax_Secure_CA.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/CA_Disig.crt, mozilla/Buypass_Class_2_CA_1.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Secure_Global_CA.crt, mozilla/Security_Communication_EV_RootCA1.crt, mozilla/Root_CA_Generalitat_Valenciana.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/Buypass_Class_3_CA_1.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/Certigna.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/SecureTrust_CA.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/Certinomis_-_Autorité_Racine.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/A-Trust-nQual-03.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/ApplicationCA_-_Japanese_Government.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/Izenpe.com.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/TC_TrustCenter_Universal_CA_I.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/AddTrust_External_Root.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/Certum_Root_CA.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/ACEDICOM_Root.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/Juur-SK.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt, mozilla/SecureSign_RootCA11.crt, mozilla/ComSign_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/TC_TrustCenter_Class_2_CA_II.crt, mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/IGC_A.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/ComSign_Secured_CA.crt, mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/TC_TrustCenter_Universal_CA_III.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/AC_Raíz_Certicámara_S.A..crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/TC_TrustCenter_Class_3_CA_II.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/DST_Root_CA_X3.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/Taiwan_GRCA.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/WellsSecure_Public_Root_Certificate_Authority.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/Microsec_e-Szigno_Root_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt"

# CERTS_NEW: new certificates that will be installed
CERTS_NEW=""

members()
{
  echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
  do
    if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
      echo match
    fi
  done | grep -q match
}

. /usr/share/debconf/confmodule || exit
db_version 2.0
db_capb multiselect

db_settitle ca-certificates/title
db_input medium ca-certificates/trust_new_crts || true
db_go

trust_new="yes"
if db_get ca-certificates/trust_new_crts; then
  trust_new="$RET"
fi

seen=false
if db_fget ca-certificates/enable_crts seen; then
  seen="$RET"
fi
# XXX: in case reconfigure, force to select all available certificates
if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
  seen=false
  trust_new=no
fi

if test -d /usr/share/ca-certificates; then
  cd /usr/share/ca-certificates
  crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
           echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
           sort | uniq)
  for crt in $crts
  do
   if test "$CERTS_AVAILABLE" = ""; then
     CERTS_AVAILABLE="$crt"
   else
     CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
   fi
   if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then
     : # echo "I: ignore $crt"
   elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then
     # already trusted
     if test "$CERTS_ENABLED" = ""; then
       CERTS_ENABLED="$crt"
     else
       CERTS_ENABLED="$CERTS_ENABLED, $crt"
     fi
   else
     # new certs?
     if test "$trust_new" = "yes"; then
       if test "$CERTS_ENABLED" = ""; then
          CERTS_ENABLED="$crt"
       else
          CERTS_ENABLED="$CERTS_ENABLED, $crt"
       fi
     elif test "$trust_new" = "ask"; then
       if test "$CERTS_NEW" = ""; then
          CERTS_NEW="$crt"
       else
          CERTS_NEW="$CERTS_NEW, $crt"
       fi
     else
	 : # trust_new=no, default disabled
     fi
   fi
  done
else
  # initial installation
  CERTS_AVAILABLE="$CERTS_LIST"
  CERTS_ENABLED="$CERTS_AVAILABLE"
  # XXX: ca-certificates/enable_crts should be used, so no need to ask new
  #     in this session
  trust_new="yes"
  CERTS_NEW=""
fi

enable_crts=""
if db_get ca-certificates/enable_crts; then
 enable_crts="$RET"
fi

new_seen=false
if dpkg --compare-versions "$cur_version" lt 20040808; then
  db_fset ca-certificates/new_crts seen false
fi
if db_fget ca-certificates/new_crts seen; then
  new_seen="$RET"
fi
if members "$CERTS_NEW" "$enable_crts"; then
    # already selected new_crts?
    new_seen=true
fi
db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"

if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
 # XXX: run this again in postinst
 CERTS_ENABLED="$enable_crts"
fi

if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
  # New certificates added
  db_fset ca-certificates/new_crts seen false
  db_input critical ca-certificates/new_crts || true
  db_go
  
  if db_get ca-certificates/new_crts; then
     if test "$CERTS_ENABLED" = ""; then
        CERTS_ENABLED="$RET"
     else
        CERTS_ENABLED="$CERTS_ENABLED, $RET"
     fi
  fi
  # XXX: old certificates keep current state?
  seen=true
fi
# mark seen true, so that dont ask again while postinst 
db_fset ca-certificates/new_crts seen true

# Ideally, we would be able to ask debconf for the language it's using, or
# at least have a shell binding for setlocale(). Since we don't, we have to
# do it all by hand.
is_pt_BR () {
  current_lc_messages="$(eval `locale`; echo "$LC_MESSAGES")"
  case "$LANGUAGE" in
    pt_BR*)
      return 0
      ;;
    *)
      case "$current_lc_messages" in
        pt_BR*)
          return 0
          ;;
      esac
  esac
  return 1
}

PRIO=low
set_values=true

if dpkg --compare-versions "$cur_version" lt-nl "$pt_BR_fixed_version"; then
  asked="false"
  if db_fget ca-certificates/enable_crts asked_pt_br_question; then
    asked="$RET"
  fi
  if [ "$asked" != "true" ]; then
    if [ -e "/etc/ssl/certs/ca-certificates.crt" ] && [ ! -s "/etc/ssl/certs/ca-certificates.crt" ]; then
      pt_seen="false"
      if db_fget ca-certificates/enable_crts seen; then
        pt_seen="$RET"
      fi
      if [ "$pt_seen" = "false" ]; then
        CERTS_ENABLED="$CERTS_AVAILABLE"
      elif is_pt_BR; then
        PRIO=critical
        CERTS_ENABLED="$CERTS_AVAILABLE"
        seen=false
      else
        seen=true
      fi
    fi
  else
    set_values=false
  fi
fi

if [ "$set_values" = "true" ]; then
  db_set ca-certificates/enable_crts "$CERTS_ENABLED"
  db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
  if test "$seen" != true; then
   db_fset ca-certificates/enable_crts seen false
  fi
  db_input $PRIO ca-certificates/enable_crts || true
  db_go

  if [ "$PRIO" = "critical" ]; then
    db_fset ca-certificates/enable_crts asked_pt_br_question true
  fi
fi

exit 0