Your IP : 216.73.216.165

Current Path : /var/lib/dpkg/info/
Upload File :
Current File : //var/lib/dpkg/info/ca-certificates-java.postinst

#!/bin/sh
set -e

# use the locale C.UTF-8
unset LC_ALL
LC_CTYPE=C.UTF-8
export LC_CTYPE

storepass='changeit'
if [ -f /etc/default/cacerts ]; then
    . /etc/default/cacerts
fi

arch=`dpkg --print-architecture`
JAR=/usr/share/ca-certificates-java/ca-certificates-java.jar
CERTSDIR=/usr/share/ca-certificates
LOCALCERTSDIR=/usr/local/share/ca-certificates
ETCCERTSDIR=/etc/ssl/certs
CACERTS=$ETCCERTSDIR/java/cacerts

check_proc()
{
    if ! mountpoint -q /proc; then
        echo >&2 "the keytool command requires a mounted proc fs (/proc)."
        exit 1
    fi
}

convert_pkcs12_keystore_to_jks()
{
    check_proc
    if ! keytool -importkeystore \
                 -srckeystore /etc/ssl/certs/java/cacerts \
                 -destkeystore /etc/ssl/certs/java/cacerts.dpkg-new \
                 -srcstoretype PKCS12 \
                 -deststoretype JKS \
                 -srcstorepass "$storepass" \
                 -deststorepass "$storepass" \
                 -noprompt; then
        echo "failed to convert PKCS12 keystore to JKS" >&2
        exit 1
    fi

    # only update if /etc/default/cacerts allows
    if [ "$cacerts_updates" = "yes" ]; then
        mv -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
        mv -f /etc/ssl/certs/java/cacerts.dpkg-new /etc/ssl/certs/java/cacerts
    fi
}

find_pem_files()
{
	find $ETCCERTSDIR -type l -name \*.pem | sort | while read symlink ; do
		case $(readlink "$symlink") in
			$CERTSDIR*|$LOCALCERTSDIR*)
				echo "$symlink"
				;;
		esac
	done
}

update_cacerts()
{
	if [ "$cacerts_updates" != "yes" ] || [ "$CACERT_UPDATES" = "disabled" ]; then
		echo "Updates of cacerts keystore are disabled."
		exit 0
	fi

	if ! which java >/dev/null; then
		echo "No JRE found. Skipping Java certificates setup."
		exit 0
	fi

	if ! java -version 2> /dev/null; then
		echo "Unable to execute Java. Skipping Java certificates setup."
		exit 0
	fi

	if [ -f /var/lib/ca-certificates-java/convert_pkcs12_keystore_to_jks ]; then
		convert_pkcs12_keystore_to_jks
		rm /var/lib/ca-certificates-java/convert_pkcs12_keystore_to_jks
	fi

	if [ -f /var/lib/ca-certificates-java/fresh ]; then
		>/var/lib/ca-certificates-java/fresh
		pem_files=$(find_pem_files)

		if [ -f "$CACERTS" ]; then
			check_proc

			# Java 8 does not have -cacerts option
			if java -version 2>&1 | grep "1.8" > /dev/null ;
			then
				castore="-keystore ${CACERTS}"
			else
				castore="-cacerts"
			fi

			cacerts_aliases=$(keytool ${castore} -storepass "$storepass" -list -rfc | sed -n 's/^Alias name: *debian://ip' | tr '\n' ' ')

			etc_ssl_certs_aliases=$(for pem in $pem_files ; do echo -n "$(basename "$pem" | tr A-Z a-z) "; done)
			for alias in $cacerts_aliases ; do
				case " $etc_ssl_certs_aliases " in
					*" ${alias} "*)
						: # keep
						;;
					*)
						echo "-${alias}" >> /var/lib/ca-certificates-java/fresh
						;;
				esac
			done
		fi

		for pem in $pem_files ; do
			echo "+${pem}" >> /var/lib/ca-certificates-java/fresh
		done
	fi

	if [ -s /var/lib/ca-certificates-java/fresh ]; then
		java -Xmx64m -jar $JAR -storepass "$storepass" < /var/lib/ca-certificates-java/fresh
	elif [ -s /var/lib/ca-certificates-java/pending ]; then
		java -Xmx64m -jar $JAR -storepass "$storepass" < /var/lib/ca-certificates-java/pending
	fi
	echo "done."

	rm -f /var/lib/ca-certificates-java/fresh
	rm -f /var/lib/ca-certificates-java/pending
}



if [ "$1" = "configure" ]; then
	if dpkg --compare-versions "$2" lt-nl "20210218" ; then
		# clean up misplaced symlinks from ancient versions (#688415)
		if [ -L /libnss3.so ]; then
			rm -v /libnss3.so
		fi
		if [ -L /libsoftokn3.so ]; then
			rm -v /libsoftokn3.so
		fi

		if [ -f /etc/default/cacerts ]; then
			chmod 0600 /etc/default/cacerts
		fi
	fi

	if dpkg --compare-versions "$2" lt-nl "20180516"; then
		if [ -e /etc/ssl/certs/java/cacerts ] && \
			[ "$(head -c4 /etc/ssl/certs/java/cacerts)" != "$(echo -en '\xfe\xed\xfe\xed')" ]; then
			touch /var/lib/ca-certificates-java/convert_pkcs12_keystore_to_jks
		fi
	fi

	# older versions may not have received all updates from ca-certificates
	if dpkg --compare-versions "$2" lt-nl "20210218" ; then
		touch /var/lib/ca-certificates-java/fresh
	fi

	# initial install
	if [ -z "$2" ]; then
		touch /var/lib/ca-certificates-java/fresh
	fi

	update_cacerts
fi

if [ "$1" = "triggered" ]; then
	case " $2 " in
		*" update-ca-certificates-java-fresh "*)
			touch /var/lib/ca-certificates-java/fresh
			;;
	esac

	if [ ! -f $CACERTS ]; then
		touch /var/lib/ca-certificates-java/fresh
	fi

	update_cacerts
fi