summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2021-12-31 08:38:33 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2021-12-31 09:20:47 +0000
commit5c01edec270b55ab6ff113727b87eaf4e1203e3a (patch)
treec57d6688f3428cfb7e9ffb26a4a9d370f42d7e96
parentMerging upstream version 20211231. (diff)
downloadopen-infrastructure-service-tools-5c01edec270b55ab6ff113727b87eaf4e1203e3a.tar.xz
open-infrastructure-service-tools-5c01edec270b55ab6ff113727b87eaf4e1203e3a.zip
Adding KEY_ALGO debconf handling in dehydrated-tools.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/open-infrastructure-dehydrated-tools.config5
-rwxr-xr-xdebian/open-infrastructure-dehydrated-tools.postinst9
-rw-r--r--debian/open-infrastructure-dehydrated-tools.templates9
3 files changed, 23 insertions, 0 deletions
diff --git a/debian/open-infrastructure-dehydrated-tools.config b/debian/open-infrastructure-dehydrated-tools.config
index 8ff3177..c031c65 100644
--- a/debian/open-infrastructure-dehydrated-tools.config
+++ b/debian/open-infrastructure-dehydrated-tools.config
@@ -14,6 +14,7 @@ then
db_set open-infrastructure-dehydrated-tools/ca "${CA}"
db_set open-infrastructure-dehydrated-tools/challengetype "${CHALLENGETYPE}"
db_set open-infrastructure-dehydrated-tools/contact-email "${CONTACT_EMAIL}"
+ db_set open-infrastructure-dehydrated-tools/key-algo "${KEY_ALGO}"
db_set open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}"
db_set open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}"
fi
@@ -35,6 +36,10 @@ db_input low open-infrastructure-dehydrated-tools/contact-email "${CONTACT_EMAIL
db_go
db_settitle open-infrastructure-dehydrated-tools/title
+db_input low open-infrastructure-dehydrated-tools/key-algo "${KEY_ALGO}" || true
+db_go
+
+db_settitle open-infrastructure-dehydrated-tools/title
db_input low open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}" || true
db_go
diff --git a/debian/open-infrastructure-dehydrated-tools.postinst b/debian/open-infrastructure-dehydrated-tools.postinst
index 698016b..bd3ca57 100755
--- a/debian/open-infrastructure-dehydrated-tools.postinst
+++ b/debian/open-infrastructure-dehydrated-tools.postinst
@@ -66,6 +66,9 @@ case "${1}" in
db_get open-infrastructure-dehydrated-tools/contact-email
CONTACT_EMAIL="${RET}" # string (w/ empty)
+ db_get open-infrastructure-dehydrated-tools/key-algo
+ KEY_ALGO="${RET}" # select
+
db_get open-infrastructure-dehydrated-tools/ocsp-fetch
OCSP_FETCH="${RET}" # boolean
@@ -135,6 +138,7 @@ CA="${CA}"
CHALLENGETYPE="${CHALLENGETYPE}"
CONTACT_EMAIL="${CONTACT_EMAIL}"
HOOK="${HOOK}"
+KEY_ALGO="${KEY_ALGO}"
OCSP_FETCH="${OCSP_FETCH}"
OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}"
EOF
@@ -166,6 +170,10 @@ EOF
grep -Eq '^ *HOOK=' "${CONFFILE}" || \
echo "HOOK=" >> "${CONFFILE}"
+ test -z "${KEY_ALGO}" || \
+ grep -Eq '^ *KEY_ALGO=' "${CONFFILE}" || \
+ echo "KEY_ALGO=" >> "${CONFFILE}"
+
test -z "${OCSP_FETCH}" || \
grep -Eq '^ *OCSP_FETCH=' "${CONFFILE}" || \
echo "OCSP_FETCH=" >> "${CONFFILE}"
@@ -179,6 +187,7 @@ EOF
-e "s|^ *CHALLENGETYPE=.*|CHALLENGETYPE=\"${CHALLENGETYPE}\"|" \
-e "s|^ *CONTACT_EMAIL=.*|CONTACT_EMAIL=\"${CONTACT_EMAIL}\"|" \
-e "s|^ *HOOK=.*|HOOK=\"${HOOK}\"|" \
+ -e "s|^ *KEY_ALGO=.*|KEY_ALGO=\"${KEY_ALGO}\"|" \
-e "s|^ *OCSP_FETCH=.*|OCSP_FETCH=\"${OCSP_FETCH}\"|" \
-e "s|^ *OCSP_MUST_STAPLE=.*|OCSP_MUST_STAPLE=\"${OCSP_MUST_STAPLE}\"|" \
< "${CONFFILE}" > "${CONFFILE}.tmp"
diff --git a/debian/open-infrastructure-dehydrated-tools.templates b/debian/open-infrastructure-dehydrated-tools.templates
index 08c525e..e9b7295 100644
--- a/debian/open-infrastructure-dehydrated-tools.templates
+++ b/debian/open-infrastructure-dehydrated-tools.templates
@@ -36,6 +36,15 @@ Description: dehydrated Contact Email:
.
If unsure, leave empty (default).
+Template: open-infrastructure-dehydrated-tools/key-algo
+Type: select
+Choices: prime256v1, rsa, secp384r1
+Default: secp384r1
+Description: dehydrated key algorithm:
+ Please select the key algorithm to use.
+ .
+ If unsure, use 'secp384r1' (default).
+
Template: open-infrastructure-dehydrated-tools/ocsp-fetch
Type: boolean
Default: false