| Apache/2.4.7 (Ubuntu) Linux sman1baleendah 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 uid=33(www-data) gid=33(www-data) groups=33(www-data) safemode : OFF MySQL: ON | Perl: ON | cURL: OFF | WGet: ON > / var / lib / dpkg / info / | server ip : 104.21.89.46 your ip : 172.69.7.45 H O M E |
| Filename | /var/lib/dpkg/info/ca-certificates.config |
| Size | 10.99 kb |
| Permission | rwxr-xr-x |
| Owner | root : root |
| Create time | 27-Apr-2025 09:55 |
| Last modified | 20-Feb-2014 05:09 |
| Last accessed | 06-Jul-2025 22:44 |
| Actions | edit | rename | delete | download (gzip) |
| View | text | code | image |
#!/bin/sh
# $1 = action ('configure' or 'reconfigure')
# $2 = current-installed-version
set -e
action="$1"
if test -f /etc/ca-certificates.conf; then
CERTSCONF=/etc/ca-certificates.conf
else
CERTSCONF=/dev/null
fi
# CERTS_DISABLED: certs that user dont trust
CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
# CERTS_TRUST: certs that user already trust
CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
# CERTS_AVAILABLE: certs that user can choices
CERTS_AVAILABLE=""
# CERTS_ENABLED: certs that user already trusted
CERTS_ENABLED=""
# CERTS_LIST: certs that will be installed
CERTS_LIST="spi-inc.org/spi-cacert-2008.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt, mozilla/Certigna.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/Buypass_Class_3_Root_CA.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/CA_Disig_Root_R2.crt, mozilla/Thawte_Server_CA.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/A-Trust-nQual-03.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/Security_Communication_EV_RootCA1.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/StartCom_Certification_Authority_G2.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/Buypass_Class_2_Root_CA.crt, mozilla/ACEDICOM_Root.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/PSCProcert.crt, mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt, mozilla/Juur-SK.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/EE_Certification_Centre_Root_CA.crt, mozilla/WellsSecure_Public_Root_Certificate_Authority.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/TC_TrustCenter_Universal_CA_I.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/T-TeleSec_GlobalRoot_Class_3.crt, mozilla/IGC_A.crt, mozilla/Certinomis_-_Autorité_Racine.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/Trustis_FPS_Root_CA.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/Certum_Root_CA.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Taiwan_GRCA.crt, mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt, mozilla/AddTrust_External_Root.crt, mozilla/Swisscom_Root_EV_CA_2.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/CA_Disig_Root_R1.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/ComSign_Secured_CA.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/Buypass_Class_3_CA_1.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2007.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/CNNIC_ROOT.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/Root_CA_Generalitat_Valenciana.crt, mozilla/AC_Raíz_Certicámara_S.A..crt, mozilla/ComSign_CA.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/Security_Communication_RootCA2.crt, mozilla/Swisscom_Root_CA_2.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/SecureSign_RootCA11.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/ApplicationCA_-_Japanese_Government.crt, mozilla/Microsec_e-Szigno_Root_CA.crt, mozilla/Buypass_Class_2_CA_1.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/China_Internet_Network_Information_Center_EV_Certificates_Root.crt, mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt, mozilla/AffirmTrust_Premium.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/StartCom_Certification_Authority_2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/CA_Disig.crt, mozilla/AffirmTrust_Networking.crt, mozilla/TC_TrustCenter_Class_2_CA_II.crt, mozilla/SecureTrust_CA.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/Izenpe.com.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/Secure_Global_CA.crt, mozilla/EC-ACC.crt, mozilla/TC_TrustCenter_Class_3_CA_II.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt"
# CERTS_NEW: new certificates that will be installed
CERTS_NEW=""
members()
{
echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
do
if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
echo match
fi
done | grep -q match
}
. /usr/share/debconf/confmodule || exit
db_version 2.0
db_capb multiselect
db_settitle ca-certificates/title
db_input medium ca-certificates/trust_new_crts || true
db_go
trust_new="yes"
if db_get ca-certificates/trust_new_crts; then
trust_new="$RET"
fi
seen=false
if db_fget ca-certificates/enable_crts seen; then
seen="$RET"
fi
# XXX: in case reconfigure, force to select all available certificates
if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
seen=false
trust_new=no
fi
if test -d /usr/share/ca-certificates; then
cd /usr/share/ca-certificates
crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
sort | uniq)
for crt in $crts
do
if test "$CERTS_AVAILABLE" = ""; then
CERTS_AVAILABLE="$crt"
else
CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
fi
if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then
: # echo "I: ignore $crt"
elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then
# already trusted
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$crt"
else
CERTS_ENABLED="$CERTS_ENABLED, $crt"
fi
else
# new certs?
if test "$trust_new" = "yes"; then
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$crt"
else
CERTS_ENABLED="$CERTS_ENABLED, $crt"
fi
elif test "$trust_new" = "ask"; then
if test "$CERTS_NEW" = ""; then
CERTS_NEW="$crt"
else
CERTS_NEW="$CERTS_NEW, $crt"
fi
else
: # trust_new=no, default disabled
fi
fi
done
else
# initial installation
CERTS_AVAILABLE="$CERTS_LIST"
CERTS_ENABLED="$CERTS_AVAILABLE"
# XXX: ca-certificates/enable_crts should be used, so no need to ask new
# in this session
trust_new="yes"
CERTS_NEW=""
fi
enable_crts=""
if db_get ca-certificates/enable_crts; then
enable_crts="$RET"
fi
new_seen=false
if db_fget ca-certificates/new_crts seen; then
new_seen="$RET"
fi
if members "$CERTS_NEW" "$enable_crts"; then
# already selected new_crts?
new_seen=true
fi
db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
# XXX: run this again in postinst
CERTS_ENABLED="$enable_crts"
fi
if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
# New certificates added
db_fset ca-certificates/new_crts seen false
db_input critical ca-certificates/new_crts || true
db_go
if db_get ca-certificates/new_crts; then
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$RET"
else
CERTS_ENABLED="$CERTS_ENABLED, $RET"
fi
fi
# XXX: old certificates keep current state?
seen=true
fi
# mark seen true, so that dont ask again while postinst
db_fset ca-certificates/new_crts seen true
db_set ca-certificates/enable_crts "$CERTS_ENABLED"
db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
if test "$seen" != true; then
db_fset ca-certificates/enable_crts seen false
fi
db_input low ca-certificates/enable_crts || true
db_go
exit 0
# $1 = action ('configure' or 'reconfigure')
# $2 = current-installed-version
set -e
action="$1"
if test -f /etc/ca-certificates.conf; then
CERTSCONF=/etc/ca-certificates.conf
else
CERTSCONF=/dev/null
fi
# CERTS_DISABLED: certs that user dont trust
CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
# CERTS_TRUST: certs that user already trust
CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
# CERTS_AVAILABLE: certs that user can choices
CERTS_AVAILABLE=""
# CERTS_ENABLED: certs that user already trusted
CERTS_ENABLED=""
# CERTS_LIST: certs that will be installed
CERTS_LIST="spi-inc.org/spi-cacert-2008.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt, mozilla/Certigna.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/Buypass_Class_3_Root_CA.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/CA_Disig_Root_R2.crt, mozilla/Thawte_Server_CA.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/A-Trust-nQual-03.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/Security_Communication_EV_RootCA1.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/StartCom_Certification_Authority_G2.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/Buypass_Class_2_Root_CA.crt, mozilla/ACEDICOM_Root.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/PSCProcert.crt, mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt, mozilla/Juur-SK.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/EE_Certification_Centre_Root_CA.crt, mozilla/WellsSecure_Public_Root_Certificate_Authority.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/TC_TrustCenter_Universal_CA_I.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/T-TeleSec_GlobalRoot_Class_3.crt, mozilla/IGC_A.crt, mozilla/Certinomis_-_Autorité_Racine.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/Trustis_FPS_Root_CA.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/Certum_Root_CA.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Taiwan_GRCA.crt, mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt, mozilla/AddTrust_External_Root.crt, mozilla/Swisscom_Root_EV_CA_2.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/CA_Disig_Root_R1.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/ComSign_Secured_CA.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/Buypass_Class_3_CA_1.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2007.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/CNNIC_ROOT.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/Root_CA_Generalitat_Valenciana.crt, mozilla/AC_Raíz_Certicámara_S.A..crt, mozilla/ComSign_CA.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/Security_Communication_RootCA2.crt, mozilla/Swisscom_Root_CA_2.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/SecureSign_RootCA11.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/ApplicationCA_-_Japanese_Government.crt, mozilla/Microsec_e-Szigno_Root_CA.crt, mozilla/Buypass_Class_2_CA_1.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/China_Internet_Network_Information_Center_EV_Certificates_Root.crt, mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt, mozilla/AffirmTrust_Premium.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/StartCom_Certification_Authority_2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/CA_Disig.crt, mozilla/AffirmTrust_Networking.crt, mozilla/TC_TrustCenter_Class_2_CA_II.crt, mozilla/SecureTrust_CA.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/Izenpe.com.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/Secure_Global_CA.crt, mozilla/EC-ACC.crt, mozilla/TC_TrustCenter_Class_3_CA_II.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt"
# CERTS_NEW: new certificates that will be installed
CERTS_NEW=""
members()
{
echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
do
if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
echo match
fi
done | grep -q match
}
. /usr/share/debconf/confmodule || exit
db_version 2.0
db_capb multiselect
db_settitle ca-certificates/title
db_input medium ca-certificates/trust_new_crts || true
db_go
trust_new="yes"
if db_get ca-certificates/trust_new_crts; then
trust_new="$RET"
fi
seen=false
if db_fget ca-certificates/enable_crts seen; then
seen="$RET"
fi
# XXX: in case reconfigure, force to select all available certificates
if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
seen=false
trust_new=no
fi
if test -d /usr/share/ca-certificates; then
cd /usr/share/ca-certificates
crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
sort | uniq)
for crt in $crts
do
if test "$CERTS_AVAILABLE" = ""; then
CERTS_AVAILABLE="$crt"
else
CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
fi
if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then
: # echo "I: ignore $crt"
elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then
# already trusted
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$crt"
else
CERTS_ENABLED="$CERTS_ENABLED, $crt"
fi
else
# new certs?
if test "$trust_new" = "yes"; then
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$crt"
else
CERTS_ENABLED="$CERTS_ENABLED, $crt"
fi
elif test "$trust_new" = "ask"; then
if test "$CERTS_NEW" = ""; then
CERTS_NEW="$crt"
else
CERTS_NEW="$CERTS_NEW, $crt"
fi
else
: # trust_new=no, default disabled
fi
fi
done
else
# initial installation
CERTS_AVAILABLE="$CERTS_LIST"
CERTS_ENABLED="$CERTS_AVAILABLE"
# XXX: ca-certificates/enable_crts should be used, so no need to ask new
# in this session
trust_new="yes"
CERTS_NEW=""
fi
enable_crts=""
if db_get ca-certificates/enable_crts; then
enable_crts="$RET"
fi
new_seen=false
if db_fget ca-certificates/new_crts seen; then
new_seen="$RET"
fi
if members "$CERTS_NEW" "$enable_crts"; then
# already selected new_crts?
new_seen=true
fi
db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
# XXX: run this again in postinst
CERTS_ENABLED="$enable_crts"
fi
if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
# New certificates added
db_fset ca-certificates/new_crts seen false
db_input critical ca-certificates/new_crts || true
db_go
if db_get ca-certificates/new_crts; then
if test "$CERTS_ENABLED" = ""; then
CERTS_ENABLED="$RET"
else
CERTS_ENABLED="$CERTS_ENABLED, $RET"
fi
fi
# XXX: old certificates keep current state?
seen=true
fi
# mark seen true, so that dont ask again while postinst
db_fset ca-certificates/new_crts seen true
db_set ca-certificates/enable_crts "$CERTS_ENABLED"
db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
if test "$seen" != true; then
db_fset ca-certificates/enable_crts seen false
fi
db_input low ca-certificates/enable_crts || true
db_go
exit 0