#!/bin/sh
# postinst script for ca-certificates-schlittermann
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

CONF=/etc/ca-certificates.conf
DIR=/usr/share/ca-certificates
CRTS=$DIR/schlittermann/*.crt

hash() { openssl x509 -noout -in "$1" -hash; }

case "$1" in
    configure)
	# aus der ca-certificates.conf entfernen
	tmp=`mktemp`
	grep -v '^schlittermann-ca\.crt$' $CONF > $tmp
	cp $tmp $CONF
	rm -f $tmp

	# zuerst mal gucken, ob's nicht zufällig schon in /etc/ssl/certs
	# mit rumliegt von früher

	for CRT in $CRTS; do
	    CRT=$(basename $CRT)
	    HASH=`hash $DIR/$CRT 2>/dev/null || echo 0`
	    echo "$DIR/$CRT: $HASH"

	    for p in /etc/ssl/certs/*.crt; do
		test -e "$p" || { rm -f "$p"; continue; }   # dangling symlinks
		test "$HASH" = `hash "$p"` || continue
		test -L "$p" || { rm -v "$p"; continue; }
		test `readlink "$p"` = "$DIR/$CRT" || { rm "$p"; continue; }
	    done
	    grep -F -q "schlittermann/$CRT" "$CONF" || echo "schlittermann/$CRT" >> "$CONF"
	done

	update-ca-certificates
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0


