horok-backports/open-infrastructure-service-tools
1
0
Fork 0
Code Activity
open-infrastructure-service.../debian/open-infrastructure-dehydrated-tools.postinst
Daniel Baumann 8a44f1192f
Adding debian version 20250625-1. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-25 21:14:44 +02:00

370 lines
8.3 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/sh
set -e
. /usr/share/debconf/confmodule
CONFFILE="/etc/dehydrated/conf.d/config.sh"
Install ()
{
DEFAULT="${1}"
TARGET="${2}"
mkdir -p "${DEFAULT}" > /dev/null 2>&1 || true
mkdir -p "${TARGET}" > /dev/null 2>&1 || true
if [ "${TARGET}" != "${DEFAULT}" ]
then
if [ -h "${DEFAULT}" ]
then
rm -f "${DEFAULT}"
ln -s "${TARGET}" "${DEFAULT}"
else
if [ -e "${DEFAULT}" ] && [ -z "$(ls -A ${DEFAULT})" ]
then
rmdir "${DEFAULT}"
ln -s "${TARGET}" "${DEFAULT}"
elif [ -n "$(ls -A ${DEFAULT})" ] && [ -z "$(ls -A ${TARGET})" ]
then
rmdir "${TARGET}"
mv "${DEFAULT}" "${TARGET}"
ln -s "${TARGET}" "${DEFAULT}"
fi
fi
fi
if ! dpkg-statoverride --list "${DEFAULT}" > /dev/null 2>&1 &&
! dpkg-statoverride --list "${TARGET}" > /dev/null 2>&1
then
if getent group ssl-cert > /dev/null 2>&1
then
GROUP="ssl-cert"
else
GROUP="root"
fi
chmod 0770 "${TARGET}"
chown root:"${GROUP}" "${TARGET}"
chmod 0770 "${DEFAULT}"
chown root:"${GROUP}" "${DEFAULT}"
fi
}
case "${1}" in
configure)
db_get open-infrastructure-dehydrated-tools/ca
CA="${RET}" # select
db_get open-infrastructure-dehydrated-tools/auto-cleanup
AUTO_CLEANUP="${RET}" # boolean
db_get open-infrastructure-dehydrated-tools/challengetype
CHALLENGETYPE="${RET}" # select
db_get open-infrastructure-dehydrated-tools/contact-email
CONTACT_EMAIL="${RET}" # string (w/ empty)
db_get open-infrastructure-dehydrated-tools/key-algo
KEY_ALGO="${RET}" # select
db_get open-infrastructure-dehydrated-tools/ocsp-fetch
OCSP_FETCH="${RET}" # boolean
db_get open-infrastructure-dehydrated-tools/ocsp-must-staple
OCSP_MUST_STAPLE="${RET}" # boolean
db_get open-infrastructure-dehydrated-tools/preferred-chain
PREFERRED_CHAIN="${RET}" # string w/ empty
db_get open-infrastructure-dehydrated-tools/hooks
HOOKS="${RET}" # multi-select (w/ empty)
db_get open-infrastructure-dehydrated-tools/basedir
NEW_BASEDIR="${RET}" # string (w/o empty)
db_get open-infrastructure-dehydrated-tools/domains
DOMAINS="${RET}" # string (w/ empty)
db_get open-infrastructure-dehydrated-tools/tsig
TSIG="${RET}" # string (w/ empty)
db_get open-infrastructure-dehydrated-tools/register
REGISTER="${RET}" # boolean
db_get open-infrastructure-dehydrated-tools/run
RUN="${RET}" # boolean
db_stop
case "${AUTO_CLEANUP}" in
true)
AUTO_CLEANUP="yes"
;;
false)
AUTO_CLEANUP="no"
;;
esac
case "${OCSP_FETCH}" in
true)
OCSP_FETCH="yes"
;;
false)
OCSP_FETCH="no"
;;
esac
case "${OCSP_MUST_STAPLE}" in
true)
OCSP_MUST_STAPLE="yes"
;;
false)
OCSP_MUST_STAPLE="no"
;;
esac
HOOK="/usr/bin/dehydrated-hook"
if [ ! -e "${CONFFILE}" ]
then
cat > "${CONFFILE}" << EOF
# /etc/dehydrated/conf.d/config.sh
AUTO_CLEANUP="${AUTO_CLEANUP}"
CA="${CA}"
CHALLENGETYPE="${CHALLENGETYPE}"
CONTACT_EMAIL="${CONTACT_EMAIL}"
HOOK="${HOOK}"
KEY_ALGO="${KEY_ALGO}"
OCSP_FETCH="${OCSP_FETCH}"
OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}"
PREFERRED_CHAIN="${PREFERRED_CHAIN}"
EOF
fi
cp -a -f "${CONFFILE}" "${CONFFILE}.tmp"
# If the admin deleted or commented some variables but then set
# them via debconf, (re-)add them to the config file.
test -z "${AUTO_CLEANUP}" || \
grep -Eq '^ *AUTO_CLEANUP=' "${CONFFILE}" || \
echo "AUTO_CLEANUP=" >> "${CONFFILE}"
test -z "${CA}" || \
grep -Eq '^ *CA=' "${CONFFILE}" || \
echo "CA=" >> "${CONFFILE}"
test -z "${CHALLENGETYPE}" || \
grep -Eq '^ *CHALLENGETYPE=' "${CONFFILE}" || \
echo "CHALLENGETYPE=" >> "${CONFFILE}"
test -z "${CONTACT_EMAIL}" || \
grep -Eq '^ *CONTACT_EMAIL=' "${CONFFILE}" || \
echo "CONTACT_EMAIL=" >> "${CONFFILE}"
test -z "${HOOK}" || \
grep -Eq '^ *HOOK=' "${CONFFILE}" || \
echo "HOOK=" >> "${CONFFILE}"
test -z "${KEY_ALGO}" || \
grep -Eq '^ *KEY_ALGO=' "${CONFFILE}" || \
echo "KEY_ALGO=" >> "${CONFFILE}"
test -z "${OCSP_FETCH}" || \
grep -Eq '^ *OCSP_FETCH=' "${CONFFILE}" || \
echo "OCSP_FETCH=" >> "${CONFFILE}"
test -z "${OCSP_MUST_STAPLE}" || \
grep -Eq '^ *OCSP_MUST_STAPLE=' "${CONFFILE}" || \
echo "OCSP_MUST_STAPLE=" >> "${CONFFILE}"
test -z "${PREFERRED_CHAIN}" || \
grep -Eq '^ *PREFERRED_CHAIN=' "${CONFFILE}" || \
echo "PREFERRED_CHAIN=" >> "${CONFFILE}"
sed -e "s|^ *AUTO_CLEANUP=.*|AUTO_CLEANUP=\"${AUTO_CLEANUP}\"|" \
-e "s|^ *CA=.*|CA=\"${CA}\"|" \
-e "s|^ *CHALLENGETYPE=.*|CHALLENGETYPE=\"${CHALLENGETYPE}\"|" \
-e "s|^ *CONTACT_EMAIL=.*|CONTACT_EMAIL=\"${CONTACT_EMAIL}\"|" \
-e "s|^ *HOOK=.*|HOOK=\"${HOOK}\"|" \
-e "s|^ *KEY_ALGO=.*|KEY_ALGO=\"${KEY_ALGO}\"|" \
-e "s|^ *OCSP_FETCH=.*|OCSP_FETCH=\"${OCSP_FETCH}\"|" \
-e "s|^ *OCSP_MUST_STAPLE=.*|OCSP_MUST_STAPLE=\"${OCSP_MUST_STAPLE}\"|" \
-e "s|^ *PREFERRED_CHAIN=.*|PREFERRED_CHAIN=\"${PREFERRED_CHAIN}\"|" \
< "${CONFFILE}" > "${CONFFILE}.tmp"
mv -f "${CONFFILE}.tmp" "${CONFFILE}"
for HOOK in $(cd /usr/share/dehydrated/hooks && find -maxdepth 1 -not -type d -printf '%P\n' | sort)
do
if [ -L "/etc/dehydrated/hook.d/${HOOK}" ]
then
rm -f "/etc/dehydrated/hook.d/${HOOK}"
fi
done
if [ -n "${HOOKS}" ]
then
HOOKS="$(echo ${HOOKS} | sed -e 's|,| |g')"
if echo "${HOOKS}" | grep -qs "ALL"
then
HOOKS="$(cd /usr/share/dehydrated/hooks && find -maxdepth 1 -not -type d -printf '%P\n' | sort)"
fi
for HOOK in ${HOOKS}
do
if [ ! -e "/etc/dehydrated/hook.d/${HOOK}" ] && [ -e "/usr/share/dehydrated/hooks/${HOOK}" ]
then
ln -sf "/usr/share/dehydrated/hooks/${HOOK}" "/etc/dehydrated/hook.d/${HOOK}"
fi
done
fi
for FILE in /etc/dehydrated/config /etc/dehydrated/conf.d/*.sh
do
if [ -e "${FILE}" ]
then
. ${FILE} || true
fi
done
if [ -n "${NEW_BASEDIR}" ] && [ "${BASEDIR}" != "${NEW_BASEDIR}" ]
then
rmdir "${BASEDIR}/acme-challenges" > /dev/null 2>&1 || true
Install "${BASEDIR}" "${NEW_BASEDIR}"
mkdir -p "${BASEDIR}/acme-challenges"
fi
if [ -n "${DOMAINS}" ] && [ "${DOMAINS}" != "none" ]
then
rm -f /etc/dehydrated/domains.txt
GROUPS="$(echo ${DOMAINS} | sed -e 's/ /#/g' -e 's/|/ /g')"
for GROUP in ${GROUPS}
do
DOMAINS="$(echo ${GROUP} | sed -e 's/#/ /g' -e 's/^ //g')"
echo "${DOMAINS}" >> /etc/dehydrated/domains.txt
done
fi
if [ -n "${TSIG}" ]
then
case "${TSIG}" in
http*)
# tsig is a URL
echo -n "Downloading tsig.key from '${TSIG}'..."
if command -v wget -q "${TSIG}" -O /dev/null > /dev/null 2>&1
then
rm -f /etc/dehydrated/tsig.key
wget -q "${TSIG}" -O /etc/dehydrated/tsig.key
chmod 0600 /etc/dehydrated/tsig.key
TSIG_FILE="/etc/dehydrated/tsig.key"
elif command -v curl -s "${TSIG}" -o /dev/null > /dev/null 2>&1
then
rm -f /etc/dehydrated/tsig.key
curl -s "${TSIG}" -o /etc/dehydrated/tsig.key
chmod 0600 /etc/dehydrated/tsig.key
TSIG_FILE="/etc/dehydrated/tsig.key"
else
echo
echo "W: need wget or curl" >&2
fi
if [ -n "${TSIG_FILE}" ]
then
echo " done."
fi
;;
*:*)
# tsig is a string
echo "${TSIG}" > /etc/dehydrated/tsig.key
chmod 0600 /etc/dehydrated/tsig.key
TSIG_FILE="/etc/dehydrated/tsig.key"
;;
*/*)
# tsig is a path
TSIG_FILE="${TSIG}"
;;
*)
echo "'${TSIG}' is neither a valid tsig nor a path to an existing file - ignoring"
;;
esac
fi
if [ -n "${TSIG_FILE}" ]
then
DEFAULT_FILE="/etc/default/dehydrated-nsupdate"
if [ ! -e "${DEFAULT_FILE}" ]
then
cat > "${DEFAULT_FILE}" << EOF
# ${DEFAULT_FILE}
TSIG_KEYFILE="${TSIG_FILE}"
EOF
fi
cp -a -f "${DEFAULT_FILE}" "${DEFAULT_FILE}.tmp"
# If the admin deleted or commented some variables but then set
# them via debconf, (re-)add them to the config file.
test -z "${TSIG_FILE}" || \
grep -Eq '^ *TSIG_KEYFILE=' "${DEFAULT_FILE}" || \
echo "TSIG_KEYFILE=" >> "${DEFAULT_FILE}"
sed -e "s|^ *TSIG_KEYFILE=.*|TSIG_KEYFILE=\"${TSIG_FILE}\"|" \
< "${DEFAULT_FILE}" > "${DEFAULT_FILE}.tmp"
mv -f "${DEFAULT_FILE}.tmp" "${DEFAULT_FILE}"
fi
case "${REGISTER}" in
true)
dehydrated --register --accept-terms
;;
esac
case "${RUN}" in
true)
dehydrated --cron --keep-going
;;
esac
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`${1}'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0
View git blame Copy permalink