diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2010-07-01 08:34:04 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2010-07-01 08:34:04 +0000 |
commit | c90d42990d2db190884cec32ca3f58dcd680af3f (patch) | |
tree | 57a1eec8fbc843aa1bbf7913990468d50975932e /main/dovecot/dovecot.post-install | |
parent | 2da022a8f0642c8990ba999256fc8b9ccada29f2 (diff) | |
download | aports-c90d42990d2db190884cec32ca3f58dcd680af3f.tar.bz2 aports-c90d42990d2db190884cec32ca3f58dcd680af3f.tar.xz |
main/dovecot: parse dovecot.conf to find the cert/key in post-install
also check that we have /dev/urandom or /dev/random. Those might not
exist if dovecot is installed with --root
Diffstat (limited to 'main/dovecot/dovecot.post-install')
-rw-r--r-- | main/dovecot/dovecot.post-install | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/main/dovecot/dovecot.post-install b/main/dovecot/dovecot.post-install index a7cccddfd8..e57deb48b5 100644 --- a/main/dovecot/dovecot.post-install +++ b/main/dovecot/dovecot.post-install @@ -3,7 +3,6 @@ # based on doc/mkcert.sh # Generates a self-signed certificate. -# Edit dovecot-openssl.cnf before running this. OPENSSL=${OPENSSL-openssl} SSLDIR=${SSLDIR-/etc/ssl/dovecot} @@ -12,8 +11,17 @@ OPENSSLCONFIG=${OPENSSLCONFIG-/etc/dovecot/dovecot-openssl.cnf} CERTDIR=$SSLDIR KEYDIR=$SSLDIR -CERTFILE=$CERTDIR/server.pem -KEYFILE=$KEYDIR/server.key +# parse cert and key file from dovecot.conf +dovecot_conf=/etc/dovecot/dovecot.conf +ssl_cert_file= +ssl_key_file= +if [ -r "$dovecot_conf" ]; then + ssl_cert_file=$(awk -F'[[:space:]*=[[:space:]]*' '/^ssl_cert_file/ { print $2}' $dovecot_conf) + ssl_cert_file=$(awk -F'[[:space:]*=[[:space:]]*' '/^ssl_key_file/ { print $2}' $dovecot_conf) +fi + +CERTFILE=${ssl_cert_file:-$CERTDIR/server.pem} +KEYFILE=${ssl_key_file:-KEYDIR/server.key} if [ -e "$CERTFILE" ]; then echo "Keeiping existing $CERTFILE" @@ -25,6 +33,11 @@ if [ -e "$KEYFILE" ]; then exit 0 fi +if [ ! -c /dev/urandom ] && [ ! -c /dev/random ]; then + echo "No /dev/urandom or /dev/random so ssl cert not created" + exit 1 +fi + $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 chmod 0600 $KEYFILE echo |