芝麻web文件管理V1.00

编辑当前文件:/var/lib/dpkg/info/ca-certificates.config

#!/bin/sh
# $1 = action ('configure' or 'reconfigure')
# $2 = current-installed-version
set -e

action="$1"

if test -f /etc/ca-certificates.conf; then
  CERTSCONF=/etc/ca-certificates.conf
else
  CERTSCONF=/dev/null
fi

# CERTS_DISABLED: certs that user dont trust
CERTS_DISABLED=$(sed -ne 's/^!$.*$/\1/p' $CERTSCONF)

# CERTS_TRUST: certs that user already trust
CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)

# CERTS_AVAILABLE: certs that user can choices
CERTS_AVAILABLE=""

# CERTS_ENABLED: certs that user already trusted
CERTS_ENABLED=""

# CERTS_LIST: certs that will be installed
CERTS_LIST="mozilla/ACCVRAIZ1.crt, mozilla/AC_RAIZ_FNMT-RCM.crt, mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt, mozilla/ANF_Secure_Server_Root_CA.crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/Amazon_Root_CA_1.crt, mozilla/Amazon_Root_CA_2.crt, mozilla/Amazon_Root_CA_3.crt, mozilla/Amazon_Root_CA_4.crt, mozilla/Atos_TrustedRoot_2011.crt, mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt, mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/BJCA_Global_Root_CA1.crt, mozilla/BJCA_Global_Root_CA2.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_Root_CA.crt, mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig_Root_R2.crt, mozilla/CFCA_EV_ROOT.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/COMODO_RSA_Certification_Authority.crt, mozilla/Certainly_Root_E1.crt, mozilla/Certainly_Root_R1.crt, mozilla/Certigna.crt, mozilla/Certigna_Root_CA.crt, mozilla/Certum_EC-384_CA.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Certum_Trusted_Network_CA_2.crt, mozilla/Certum_Trusted_Root_CA.crt, mozilla/CommScope_Public_Trust_ECC_Root-01.crt, mozilla/CommScope_Public_Trust_ECC_Root-02.crt, mozilla/CommScope_Public_Trust_RSA_Root-01.crt, mozilla/CommScope_Public_Trust_RSA_Root-02.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/D-TRUST_BR_Root_CA_1_2020.crt, mozilla/D-TRUST_EV_Root_CA_1_2020.crt, mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt, mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Assured_ID_Root_G2.crt, mozilla/DigiCert_Assured_ID_Root_G3.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_Global_Root_G2.crt, mozilla/DigiCert_Global_Root_G3.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt, mozilla/DigiCert_TLS_RSA4096_Root_G5.crt, mozilla/DigiCert_Trusted_Root_G4.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Entrust_Root_Certification_Authority_-_EC1.crt, mozilla/Entrust_Root_Certification_Authority_-_G2.crt, mozilla/Entrust_Root_Certification_Authority_-_G4.crt, mozilla/GDCA_TrustAUTH_R5_ROOT.crt, mozilla/GLOBALTRUST_2020.crt, mozilla/GTS_Root_R1.crt, mozilla/GTS_Root_R2.crt, mozilla/GTS_Root_R3.crt, mozilla/GTS_Root_R4.crt, mozilla/GlobalSign_ECC_Root_CA_-_R4.crt, mozilla/GlobalSign_ECC_Root_CA_-_R5.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/GlobalSign_Root_CA_-_R6.crt, mozilla/GlobalSign_Root_E46.crt, mozilla/GlobalSign_Root_R46.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/HARICA_TLS_ECC_Root_CA_2021.crt, mozilla/HARICA_TLS_RSA_Root_CA_2021.crt, mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt, mozilla/HiPKI_Root_CA_-_G1.crt, mozilla/Hongkong_Post_Root_CA_3.crt, mozilla/ISRG_Root_X1.crt, mozilla/ISRG_Root_X2.crt, mozilla/IdenTrust_Commercial_Root_CA_1.crt, mozilla/IdenTrust_Public_Sector_Root_CA_1.crt, mozilla/Izenpe.com.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt, mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt, mozilla/NAVER_Global_Root_Certification_Authority.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt, mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt, mozilla/QuoVadis_Root_CA_1_G3.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_2_G3.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA_3_G3.crt, mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt, mozilla/SSL.com_Root_Certification_Authority_ECC.crt, mozilla/SSL.com_Root_Certification_Authority_RSA.crt, mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt, mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt, mozilla/SZAFIR_ROOT_CA2.crt, mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt, mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt, mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt, mozilla/Secure_Global_CA.crt, mozilla/Security_Communication_ECC_RootCA1.crt, mozilla/Security_Communication_RootCA2.crt, mozilla/Security_Communication_RootCA3.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/T-TeleSec_GlobalRoot_Class_2.crt, mozilla/T-TeleSec_GlobalRoot_Class_3.crt, mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt, mozilla/TWCA_Global_Root_CA.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/TeliaSonera_Root_CA_v1.crt, mozilla/Telia_Root_CA_v2.crt, mozilla/TrustAsia_Global_Root_CA_G3.crt, mozilla/TrustAsia_Global_Root_CA_G4.crt, mozilla/Trustwave_Global_Certification_Authority.crt, mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt, mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt, mozilla/TunTrust_Root_CA.crt, mozilla/UCA_Extended_Validation_Root.crt, mozilla/UCA_Global_G2_Root.crt, mozilla/USERTrust_ECC_Certification_Authority.crt, mozilla/USERTrust_RSA_Certification_Authority.crt, mozilla/XRamp_Global_CA_Root.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/certSIGN_Root_CA_G2.crt, mozilla/e-Szigno_Root_CA_2017.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/emSign_ECC_Root_CA_-_C3.crt, mozilla/emSign_ECC_Root_CA_-_G3.crt, mozilla/emSign_Root_CA_-_C1.crt, mozilla/emSign_Root_CA_-_G1.crt, mozilla/vTrus_ECC_Root_CA.crt, mozilla/vTrus_Root_CA.crt"

# CERTS_NEW: new certificates that will be installed
CERTS_NEW=""

members()
{
  echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
  do
    if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
      echo match
    fi
  done | grep -q match
}

. /usr/share/debconf/confmodule || exit
db_version 2.0
db_capb multiselect

db_settitle ca-certificates/title
db_input medium ca-certificates/trust_new_crts || true
db_go

trust_new="yes"
if db_get ca-certificates/trust_new_crts; then
  trust_new="$RET"
fi

seen=false
if db_fget ca-certificates/enable_crts seen; then
  seen="$RET"
fi
# XXX: in case reconfigure, force to select all available certificates
if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
  seen=false
  trust_new=no
fi

if test -d /usr/share/ca-certificates; then
  cd /usr/share/ca-certificates
  crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
           echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
           sort | uniq)
  for crt in $crts
  do
   if test "$CERTS_AVAILABLE" = ""; then
     CERTS_AVAILABLE="$crt"
   else
     CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
   fi
   if (echo "$CERTS_DISABLED" | grep -F -q -x "$crt") > /dev/null 2>&1; then
     : # echo "I: ignore $crt"
   elif (echo "$CERTS_TRUST" | grep -F -q -x "$crt") > /dev/null 2>&1; then
     # already trusted
     if test "$CERTS_ENABLED" = ""; then
       CERTS_ENABLED="$crt"
     else
       CERTS_ENABLED="$CERTS_ENABLED, $crt"
     fi
   else
     # new certs?
     if test "$trust_new" = "yes"; then
       if test "$CERTS_ENABLED" = ""; then
          CERTS_ENABLED="$crt"
       else
          CERTS_ENABLED="$CERTS_ENABLED, $crt"
       fi
     elif test "$trust_new" = "ask"; then
       if test "$CERTS_NEW" = ""; then
          CERTS_NEW="$crt"
       else
          CERTS_NEW="$CERTS_NEW, $crt"
       fi
     else
	 : # trust_new=no, default disabled
     fi
   fi
  done
else
  # initial installation
  CERTS_AVAILABLE="$CERTS_LIST"
  CERTS_ENABLED="$CERTS_AVAILABLE"
  # XXX: ca-certificates/enable_crts should be used, so no need to ask new
  #     in this session
  trust_new="yes"
  CERTS_NEW=""
fi

enable_crts=""
if db_get ca-certificates/enable_crts; then
 enable_crts="$RET"
fi

new_seen=false
if db_fget ca-certificates/new_crts seen; then
  new_seen="$RET"
fi
if members "$CERTS_NEW" "$enable_crts"; then
    # already selected new_crts?
    new_seen=true
fi
db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"

if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
 # XXX: run this again in postinst
 CERTS_ENABLED="$enable_crts"
fi

if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
  # New certificates added
  db_fset ca-certificates/new_crts seen false
  db_input critical ca-certificates/new_crts || true
  db_go
  
  if db_get ca-certificates/new_crts; then
     if test "$CERTS_ENABLED" = ""; then
        CERTS_ENABLED="$RET"
     else
        CERTS_ENABLED="$CERTS_ENABLED, $RET"
     fi
  fi
  # XXX: old certificates keep current state?
  seen=true
fi
# mark seen true, so that dont ask again while postinst 
db_fset ca-certificates/new_crts seen true

db_set ca-certificates/enable_crts "$CERTS_ENABLED"
db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
if test "$seen" != true; then
  db_fset ca-certificates/enable_crts seen false
fi
db_input low ca-certificates/enable_crts || true
db_go

exit 0