home *** CD-ROM | disk | FTP | other *** search
/ Mac Easy 2010 May / Mac Life Ubuntu.iso / casper / filesystem.squashfs / var / lib / dpkg / info / ca-certificates.config < prev    next >
Encoding:
Text File  |  2008-11-05  |  11.4 KB  |  226 lines
  1. #!/bin/sh
  2. # $1 = action ('configure' or 'reconfigure')
  3. # $2 = current-installed-version
  4. set -e
  5.  
  6. action="$1"
  7. cur_version="$2"
  8. this_version='20080809'
  9. pt_BR_fixed_version="20080616"
  10.  
  11. if test -f /etc/ca-certificates.conf; then
  12.   CERTSCONF=/etc/ca-certificates.conf
  13. else
  14.   CERTSCONF=/dev/null
  15. fi
  16.  
  17. # CERTS_DISABLED: certs that user dont trust
  18. CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
  19.  
  20. # CERTS_TRUST: certs that user already trust
  21. CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
  22.  
  23.  
  24. # CERTS_AVAILABLE: certs that user can choices
  25. CERTS_AVAILABLE=""
  26.  
  27. # CERTS_ENABLED: certs that user already trusted
  28. CERTS_ENABLED=""
  29.  
  30. # CERTS_LIST: certs that will be installed
  31. CERTS_LIST="spi-inc.org/spi-ca-2003.crt, spi-inc.org/spi-cacert-2008.crt, debconf.org/ca.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Certum_Root_CA.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/DST_Root_CA_X3.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/Entrust.net_Global_Secure_Personal_CA.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/IPS_CLASE1_root.crt, mozilla/IPS_CLASE3_root.crt, mozilla/IPS_CLASEA1_root.crt, mozilla/IPS_CLASEA3_root.crt, mozilla/IPS_Chained_CAs_root.crt, mozilla/IPS_Servidores_root.crt, mozilla/IPS_Timestamping_root.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/SecureTrust_CA.crt, mozilla/Secure_Global_CA.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/StartCom_Ltd..crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/Taiwan_GRCA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/UTN_USERFirst_Object_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/beTRUSTed_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt, mozilla/thawte_Primary_Root_CA.crt, cacert.org/cacert.org.crt, cacert.org/class3.crt, cacert.org/root.crt, brasil.gov.br/brasil.gov.br.crt, signet.pl/signet_ca1_pem.crt, signet.pl/signet_ca2_pem.crt, signet.pl/signet_ca3_pem.crt, signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_ocspklasa3_pem.crt, signet.pl/signet_pca2_pem.crt, signet.pl/signet_pca3_pem.crt, signet.pl/signet_rootca_pem.crt, signet.pl/signet_tsa1_pem.crt, quovadis.bm/QuoVadis_Root_Certification_Authority.crt, telesec.de/deutsche-telekom-root-ca-2.crt, gouv.fr/cert_igca_dsa.crt, gouv.fr/cert_igca_rsa.crt"
  32.  
  33. # CERTS_NEW: new certificates that will be installed
  34. CERTS_NEW=""
  35.  
  36. members()
  37. {
  38.   echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
  39.   do
  40.     if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
  41.       echo match
  42.     fi
  43.   done | grep -q match
  44. }
  45.  
  46. . /usr/share/debconf/confmodule || exit
  47. db_version 2.0
  48. db_capb multiselect
  49.  
  50. db_title "ca-certificates configuration"
  51. db_input medium ca-certificates/trust_new_crts || true
  52. db_go
  53.  
  54. trust_new="yes"
  55. if db_get ca-certificates/trust_new_crts; then
  56.   trust_new="$RET"
  57. fi
  58.  
  59. seen=false
  60. if db_fget ca-certificates/enable_crts seen; then
  61.   seen="$RET"
  62. fi
  63. # XXX: in case reconfigure, force to select all available certificates
  64. if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
  65.   seen=false
  66.   trust_new=no
  67. fi
  68.  
  69. if test -d /usr/share/ca-certificates; then
  70.   cd /usr/share/ca-certificates
  71.   crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
  72.            echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
  73.            sort | uniq)
  74.   for crt in $crts
  75.   do
  76.    if test "$CERTS_AVAILABLE" = ""; then
  77.      CERTS_AVAILABLE="$crt"
  78.    else
  79.      CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
  80.    fi
  81.    if echo "$CERTS_DISABLED" | grep -F -q -x "$crt" > /dev/null 2>&1; then
  82.      : # echo "I: ignore $crt"
  83.    elif echo "$CERTS_TRUST" | grep -F -q -x "$crt" > /dev/null 2>&1; then
  84.      # already trusted
  85.      if test "$CERTS_ENABLED" = ""; then
  86.        CERTS_ENABLED="$crt"
  87.      else
  88.        CERTS_ENABLED="$CERTS_ENABLED, $crt"
  89.      fi
  90.    else
  91.      # new certs?
  92.      if test "$trust_new" = "yes"; then
  93.        if test "$CERTS_ENABLED" = ""; then
  94.           CERTS_ENABLED="$crt"
  95.        else
  96.           CERTS_ENABLED="$CERTS_ENABLED, $crt"
  97.        fi
  98.      elif test "$trust_new" = "ask"; then
  99.        if test "$CERTS_NEW" = ""; then
  100.           CERTS_NEW="$crt"
  101.        else
  102.           CERTS_NEW="$CERTS_NEW, $crt"
  103.        fi
  104.      else
  105.      : # trust_new=no, default disabled
  106.      fi
  107.    fi
  108.   done
  109. else
  110.   # initial installation
  111.   CERTS_AVAILABLE="$CERTS_LIST"
  112.   CERTS_ENABLED="$CERTS_AVAILABLE"
  113.   # XXX: ca-certificates/enable_crts should be used, so no need to ask new
  114.   #     in this session
  115.   trust_new="yes"
  116.   CERTS_NEW=""
  117. fi
  118.  
  119. enable_crts=""
  120. if db_get ca-certificates/enable_crts; then
  121.  enable_crts="$RET"
  122. fi
  123.  
  124. new_seen=false
  125. if dpkg --compare-versions "$cur_version" lt 20040808; then
  126.   db_fset ca-certificates/new_crts seen false
  127. fi
  128. if db_fget ca-certificates/new_crts seen; then
  129.   new_seen="$RET"
  130. fi
  131. if members "$CERTS_NEW" "$enable_crts"; then
  132.     # already selected new_crts?
  133.     new_seen=true
  134. fi
  135. db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
  136.  
  137. if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
  138.  # XXX: run this again in postinst
  139.  CERTS_ENABLED="$enable_crts"
  140. fi
  141.  
  142. if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
  143.   # New certificates added
  144.   db_fset ca-certificates/new_crts seen false
  145.   db_title "ca-certificates configuration"
  146.   db_input critical ca-certificates/new_crts || true
  147.   db_go
  148.   
  149.   if db_get ca-certificates/new_crts; then
  150.      if test "$CERTS_ENABLED" = ""; then
  151.         CERTS_ENABLED="$RET"
  152.      else
  153.         CERTS_ENABLED="$CERTS_ENABLED, $RET"
  154.      fi
  155.   fi
  156.   # XXX: old certificates keep current state?
  157.   seen=true
  158. fi
  159. # mark seen true, so that dont ask again while postinst 
  160. db_fset ca-certificates/new_crts seen true
  161.  
  162. # Ideally, we would be able to ask debconf for the language it's using, or
  163. # at least have a shell binding for setlocale(). Since we don't, we have to
  164. # do it all by hand.
  165. is_pt_BR () {
  166.   current_lc_messages="$(eval `locale`; echo "$LC_MESSAGES")"
  167.   case "$LANGUAGE" in
  168.     pt_BR*)
  169.       return 0
  170.       ;;
  171.     *)
  172.       case "$current_lc_messages" in
  173.         pt_BR*)
  174.           return 0
  175.           ;;
  176.       esac
  177.   esac
  178.   return 1
  179. }
  180.  
  181. PRIO=low
  182. set_values=true
  183.  
  184. if dpkg --compare-versions "$cur_version" lt-nl "$pt_BR_fixed_version"; then
  185.   asked="false"
  186.   if db_fget ca-certificates/enable_crts asked_pt_br_question; then
  187.     asked="$RET"
  188.   fi
  189.   if [ "$asked" != "true" ]; then
  190.     if [ -e "/etc/ssl/certs/ca-certificates.crt" ] && [ ! -s "/etc/ssl/certs/ca-certificates.crt" ]; then
  191.       pt_seen="false"
  192.       if db_fget ca-certificates/enable_crts seen; then
  193.         pt_seen="$RET"
  194.       fi
  195.       if [ "$pt_seen" = "false" ]; then
  196.         CERTS_ENABLED="$CERTS_AVAILABLE"
  197.       elif is_pt_BR; then
  198.         PRIO=critical
  199.         CERTS_ENABLED="$CERTS_AVAILABLE"
  200.         seen=false
  201.       else
  202.         seen=true
  203.       fi
  204.     fi
  205.   else
  206.     set_values=false
  207.   fi
  208. fi
  209.  
  210. if [ "$set_values" = "true" ]; then
  211.   db_set ca-certificates/enable_crts "$CERTS_ENABLED"
  212.   db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
  213.   if test "$seen" != true; then
  214.    db_fset ca-certificates/enable_crts seen false
  215.   fi
  216.   db_title "ca-certificates configuration"
  217.   db_input $PRIO ca-certificates/enable_crts || true
  218.   db_go
  219.  
  220.   if [ "$PRIO" = "critical" ]; then
  221.     db_fset ca-certificates/enable_crts asked_pt_br_question true
  222.   fi
  223. fi
  224.  
  225. exit 0
  226.