config is in ca-certificates 20111211.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 | #!/bin/sh
# $1 = action ('configure' or 'reconfigure')
# $2 = current-installed-version
set -e
action="$1"
cur_version="$2"
this_version='20111211'
pt_BR_fixed_version="20080616"
if test -f /etc/ca-certificates.conf; then
CERTSCONF=/etc/ca-certificates.conf
else
CERTSCONF=/dev/null
fi
# CERTS_DISABLED: certs that user dont trust
CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
# CERTS_TRUST: certs that user already trust
CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
# CERTS_AVAILABLE: certs that user can choices
CERTS_AVAILABLE=""
# CERTS_ENABLED: certs that user already trusted
CERTS_ENABLED=""
# CERTS_LIST: certs that will be installed
CERTS_LIST="cacert.org/cacert.org.crt, debconf.org/ca.crt, spi-inc.org/spi-cacert-2008.crt, spi-inc.org/spi-ca-2003.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/CNNIC_ROOT.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Equifax_Secure_CA.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/CA_Disig.crt, mozilla/Buypass_Class_2_CA_1.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Secure_Global_CA.crt, mozilla/Security_Communication_EV_RootCA1.crt, mozilla/Root_CA_Generalitat_Valenciana.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/Buypass_Class_3_CA_1.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/Certigna.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/SecureTrust_CA.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/Certinomis_-_Autorité_Racine.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/A-Trust-nQual-03.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/ApplicationCA_-_Japanese_Government.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/Izenpe.com.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/TC_TrustCenter_Universal_CA_I.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/AddTrust_External_Root.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/Certum_Root_CA.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/ACEDICOM_Root.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/Juur-SK.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt, mozilla/SecureSign_RootCA11.crt, mozilla/ComSign_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/TC_TrustCenter_Class_2_CA_II.crt, mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/IGC_A.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/ComSign_Secured_CA.crt, mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/TC_TrustCenter_Universal_CA_III.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/AC_Raíz_Certicámara_S.A..crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/TC_TrustCenter_Class_3_CA_II.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/DST_Root_CA_X3.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/Taiwan_GRCA.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/WellsSecure_Public_Root_Certificate_Authority.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/Microsec_e-Szigno_Root_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt"
# CERTS_NEW: new certificates that will be installed
CERTS_NEW=""
members()
{
echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
do
if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
echo match
fi
done | grep -q match
}
. /usr/share/debconf/confmodule || exit
db_version 2.0
db_capb multiselect
db_settitle ca-certificates/title
db_input medium ca-certificates/trust_new_crts || true
db_go
trust_new="yes"
if db_get ca-certificates/trust_new_crts; then
trust_new="$RET"
fi
seen=false
if db_fget ca-certificates/enable_crts seen; then
seen="$RET"
fi
# XXX: in case reconfigure, force to select all available certificates
if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
seen=false
trust_new=no
fi
if test -d /usr/share/ca-certificates; then
cd /usr/share/ca-certificates
crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
sort | uniq)
for crt in $crts
do
if test "$CERTS_AVAILABLE" = ""; then
CERTS_AVAILABLE="$crt"
else
CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
fi
if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then
: # echo "I: ignore $crt"
elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then
# already trusted
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$crt"
else
CERTS_ENABLED="$CERTS_ENABLED, $crt"
fi
else
# new certs?
if test "$trust_new" = "yes"; then
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$crt"
else
CERTS_ENABLED="$CERTS_ENABLED, $crt"
fi
elif test "$trust_new" = "ask"; then
if test "$CERTS_NEW" = ""; then
CERTS_NEW="$crt"
else
CERTS_NEW="$CERTS_NEW, $crt"
fi
else
: # trust_new=no, default disabled
fi
fi
done
else
# initial installation
CERTS_AVAILABLE="$CERTS_LIST"
CERTS_ENABLED="$CERTS_AVAILABLE"
# XXX: ca-certificates/enable_crts should be used, so no need to ask new
# in this session
trust_new="yes"
CERTS_NEW=""
fi
enable_crts=""
if db_get ca-certificates/enable_crts; then
enable_crts="$RET"
fi
new_seen=false
if dpkg --compare-versions "$cur_version" lt 20040808; then
db_fset ca-certificates/new_crts seen false
fi
if db_fget ca-certificates/new_crts seen; then
new_seen="$RET"
fi
if members "$CERTS_NEW" "$enable_crts"; then
# already selected new_crts?
new_seen=true
fi
db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
# XXX: run this again in postinst
CERTS_ENABLED="$enable_crts"
fi
if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
# New certificates added
db_fset ca-certificates/new_crts seen false
db_input critical ca-certificates/new_crts || true
db_go
if db_get ca-certificates/new_crts; then
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$RET"
else
CERTS_ENABLED="$CERTS_ENABLED, $RET"
fi
fi
# XXX: old certificates keep current state?
seen=true
fi
# mark seen true, so that dont ask again while postinst
db_fset ca-certificates/new_crts seen true
# Ideally, we would be able to ask debconf for the language it's using, or
# at least have a shell binding for setlocale(). Since we don't, we have to
# do it all by hand.
is_pt_BR () {
current_lc_messages="$(eval `locale`; echo "$LC_MESSAGES")"
case "$LANGUAGE" in
pt_BR*)
return 0
;;
*)
case "$current_lc_messages" in
pt_BR*)
return 0
;;
esac
esac
return 1
}
PRIO=low
set_values=true
if dpkg --compare-versions "$cur_version" lt-nl "$pt_BR_fixed_version"; then
asked="false"
if db_fget ca-certificates/enable_crts asked_pt_br_question; then
asked="$RET"
fi
if [ "$asked" != "true" ]; then
if [ -e "/etc/ssl/certs/ca-certificates.crt" ] && [ ! -s "/etc/ssl/certs/ca-certificates.crt" ]; then
pt_seen="false"
if db_fget ca-certificates/enable_crts seen; then
pt_seen="$RET"
fi
if [ "$pt_seen" = "false" ]; then
CERTS_ENABLED="$CERTS_AVAILABLE"
elif is_pt_BR; then
PRIO=critical
CERTS_ENABLED="$CERTS_AVAILABLE"
seen=false
else
seen=true
fi
fi
else
set_values=false
fi
fi
if [ "$set_values" = "true" ]; then
db_set ca-certificates/enable_crts "$CERTS_ENABLED"
db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
if test "$seen" != true; then
db_fset ca-certificates/enable_crts seen false
fi
db_input $PRIO ca-certificates/enable_crts || true
db_go
if [ "$PRIO" = "critical" ]; then
db_fset ca-certificates/enable_crts asked_pt_br_question true
fi
fi
exit 0
|