diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-09-04 16:48:38 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-09-04 17:01:37 +0000 |
| commit | 2ca157f04bcf867ea945eaaefcb11cbe071f58ed (patch) | |
| tree | e909eda9ea0b9d45486f1a9fffd20e67c8a9ac66 | |
| parent | Correcting typo in debconf templates for dehydrated/auto-cleanup field. (diff) | |
| download | open-infrastructure-service-tools-2ca157f04bcf867ea945eaaefcb11cbe071f58ed.tar.xz open-infrastructure-service-tools-2ca157f04bcf867ea945eaaefcb11cbe071f58ed.zip | |
Reworking dehydrated debconf handling completely.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
| -rw-r--r-- | debian/open-infrastructure-dehydrated-tools.config | 78 | ||||
| -rwxr-xr-x | debian/open-infrastructure-dehydrated-tools.postinst | 116 | ||||
| -rw-r--r-- | debian/open-infrastructure-dehydrated-tools.templates | 60 |
3 files changed, 126 insertions, 128 deletions
diff --git a/debian/open-infrastructure-dehydrated-tools.config b/debian/open-infrastructure-dehydrated-tools.config index 28c38ed..8d636fd 100644 --- a/debian/open-infrastructure-dehydrated-tools.config +++ b/debian/open-infrastructure-dehydrated-tools.config @@ -2,50 +2,51 @@ set -e -for FILE in /etc/dehydrated/config /etc/dehydrated/conf.d/*.sh -do - if [ -e "${FILE}" ] - then - . ${FILE} || true - fi -done - . /usr/share/debconf/confmodule -if [ -n "${CA}" ] +CONFFILE="/etc/dehydrated/conf.d/config.sh" + +if [ -e "${CONFFILE}" ] then + . ${CONFFILE} || true + + db_set open-infrastructure-dehydrated-tools/auto-cleanup "${AUTO_CLEANUP}" db_set open-infrastructure-dehydrated-tools/ca "${CA}" + db_set open-infrastructure-dehydrated-tools/challengetype "${CHALLENGETYPE}" + db_set open-infrastructure-dehydrated-tools/contact-email "${CONTACT_EMAIL}" + db_set open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}" + db_set open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}" + db_set open-infrastructure-dehydrated-tools/basedir "${BASEDIR}" + db_set open-infrastructure-dehydrated-tools/hooks "${HOOKS}" + db_set open-infrastructure-dehydrated-tools/register "${REGISTER}" fi db_settitle open-infrastructure-dehydrated-tools/title -db_input low open-infrastructure-dehydrated-tools/ca || true +db_input low open-infrastructure-dehydrated-tools/auto-cleanup "${AUTO_CLEANUP}" || true db_go -if [ -n "${AUTO_CLEANUP}" ] -then - db_set open-infrastructure-dehydrated-tools/auto-cleanup "${AUTO_CLEANUP}" -fi +db_settitle open-infrastructure-dehydrated-tools/title +db_input low open-infrastructure-dehydrated-tools/ca "${CA}" || true +db_go db_settitle open-infrastructure-dehydrated-tools/title -db_input low open-infrastructure-dehydrated-tools/auto-cleanup || true +db_input low open-infrastructure-dehydrated-tools/challengetype "${CHALLENGETYPE}" || true db_go -if [ -n "${CHALLENGETYPE}" ] -then - db_set open-infrastructure-dehydrated-tools/challengetype "${CHALLENGETYPE}" -fi +db_settitle open-infrastructure-dehydrated-tools/title +db_input low open-infrastructure-dehydrated-tools/contact-email "${CONTACT_EMAIL}" || true +db_go db_settitle open-infrastructure-dehydrated-tools/title -db_input low open-infrastructure-dehydrated-tools/challengetype || true +db_input low open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}" || true db_go -if [ -n "${CONTACT_EMAIL}" ] -then - db_set open-infrastructure-dehydrated-tools/contact-email "${CONTACT_EMAIL}" -fi +db_settitle open-infrastructure-dehydrated-tools/title +db_input low open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}" || true +db_go db_settitle open-infrastructure-dehydrated-tools/title -db_input low open-infrastructure-dehydrated-tools/contact-email || true +db_input low open-infrastructure-dehydrated-tools/basedir "${BASEDIR}" || true db_go if [ -e /usr/share/dehydrated/hooks ] @@ -59,32 +60,7 @@ then fi db_settitle open-infrastructure-dehydrated-tools/title -db_input low open-infrastructure-dehydrated-tools/basedir || true -db_go - -if ! ls /var/lib/dehydrated/accounts/*/account_key.pem > /dev/null 2>&1 -then - db_settitle open-infrastructure-dehydrated-tools/title - db_input low open-infrastructure-dehydrated-tools/register || true - db_go -fi - -if [ -n "${OCSP_FETCH}" ] -then - db_set open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}" -fi - -db_settitle open-infrastructure-dehydrated-tools/title -db_input low open-infrastructure-dehydrated-tools/ocsp-fetch || true -db_go - -if [ -n "${OCSP_MUST_STAPLE}" ] -then - db_set open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}" -fi - -db_settitle open-infrastructure-dehydrated-tools/title -db_input low open-infrastructure-dehydrated-tools/ocsp-must-staple || true +db_input low open-infrastructure-dehydrated-tools/register "${REGISTER}" || true db_go db_stop diff --git a/debian/open-infrastructure-dehydrated-tools.postinst b/debian/open-infrastructure-dehydrated-tools.postinst index 5734044..2ddde24 100755 --- a/debian/open-infrastructure-dehydrated-tools.postinst +++ b/debian/open-infrastructure-dehydrated-tools.postinst @@ -2,36 +2,9 @@ set -e -Config () -{ - FILE="${1}" - KEY="${2}" - VALUE="${3}" - - TMPFILE="$(mktemp --dry-run ${FILE}.XXXX)" - - if [ ! -e "${FILE}" ] - then - -cat > "${FILE}" << EOF -# ${FILE} - -${KEY}="${VALUE}" -EOF - - fi - - cp -a -f "${FILE}" "${TMPFILE}" +. /usr/share/debconf/confmodule - test -z "${VALUE}" || \ - grep -Eq "^ *$(echo ${KEY})=" "${FILE}" || \ - echo "${KEY}=" >> "$FILE}" - - sed -e "s|^ *\($(echo ${KEY})\)=.*|\1=\"${VALUE}\"|" \ - < "${FILE}" > "${TMPFILE}" - - mv -f "${TMPFILE}" "${FILE}" -} +CONFFILE="/etc/dehydrated/conf.d/config.sh" Install () { @@ -81,8 +54,6 @@ Install () case "${1}" in configure) - . /usr/share/debconf/confmodule - db_get open-infrastructure-dehydrated-tools/ca CA="${RET}" # select @@ -152,12 +123,68 @@ case "${1}" in ;; esac - Config /etc/dehydrated/conf.d/ca.sh CA ${CA} - Config /etc/dehydrated/conf.d/cleanup.sh AUTO_CLEANUP ${AUTO_CLEANUP} - Config /etc/dehydrated/conf.d/challenge.sh CHALLENGETYPE ${CHALLENGETYPE} - Config /etc/dehydrated/conf.d/contact.sh CONTACT_EMAIL ${CONTACT_EMAIL} - Config /etc/dehydrated/conf.d/ocsp.sh OCSP_FETCH ${OCSP_FETCH} - Config /etc/dehydrated/conf.d/ocsp.sh OCSP_MUST_STAPLE ${OCSP_MUST_STAPLE} + HOOK="/usr/bin/dehydrated-hook.d" + + if [ ! -e "${CONFFILE}" ] + then + +cat > "${CONFFILE}" << EOF +# /etc/dehydrated/conf.d/config.sh + +AUTO_CLEANUP="${AUTO_CLEANUP}" +CA="${CA}" +CHALLENGETYPE="${CHALLENGETYPE}" +CONTACT_EMAIL="${CONTACT_EMAIL}" +HOOK="${HOOK}" +OCSP_FETCH="${OCSP_FETCH}" +OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}" +EOF + + fi + + cp -a -f "${CONFFILE}" "${CONFFILE}.tmp" + + # If the admin deleted or commented some variables but then set + # them via debconf, (re-)add them to the config file. + + test -z "${AUTO_CLEANUP}" || \ + grep -Eq '^ *AUTO_CLEANUP=' "${CONFFILE}" || \ + echo "AUTO_CLEANUP=" >> "${CONFFILE}" + + test -z "${CA}" || \ + grep -Eq '^ *CA=' "${CONFFILE}" || \ + echo "CA=" >> "${CONFFILE}" + + test -z "${CHALLENGETYPE}" || \ + grep -Eq '^ *CHALLENGETYPE=' "${CONFFILE}" || \ + echo "CHALLENGETYPE=" >> "${CONFFILE}" + + test -z "${CONTACT_EMAIL}" || \ + grep -Eq '^ *CONTACT_EMAIL=' "${CONFFILE}" || \ + echo "CONTACT_EMAIL=" >> "${CONFFILE}" + + test -z "${HOOK}" || \ + grep -Eq '^ *HOOK=' "${CONFFILE}" || \ + echo "HOOK=" >> "${CONFFILE}" + + test -z "${OCSP_FETCH}" || \ + grep -Eq '^ *OCSP_FETCH=' "${CONFFILE}" || \ + echo "OCSP_FETCH=" >> "${CONFFILE}" + + test -z "${OCSP_MUST_STAPLE}" || \ + grep -Eq '^ *OCSP_MUST_STAPLE=' "${CONFFILE}" || \ + echo "OCSP_MUST_STAPLE=" >> "${CONFFILE}" + + sed -e "s|^ *AUTO_CLEANUP=.*|AUTO_CLEANUP=\"${AUTO_CLEANUP}\"|" \ + -e "s|^ *CA=.*|CA=\"${CA}\"|" \ + -e "s|^ *CHALLENGETYPE=.*|CHALLENGETYPE=\"${CHALLENGETYPE}\"|" \ + -e "s|^ *CONTACT_EMAIL=.*|CONTACT_EMAIL=\"${CONTACT_EMAIL}\"|" \ + -e "s|^ *HOOK=.*|HOOK=\"${HOOK}\"|" \ + -e "s|^ *OCSP_FETCH=.*|OCSP_FETCH=\"${OCSP_FETCH}\"|" \ + -e "s|^ *OCSP_MUST_STAPLE=.*|OCSP_MUST_STAPLE=\"${OCSP_MUST_STAPLE}\"|" \ + < "${CONFFILE}" > "${CONFFILE}.tmp" + + mv -f "${CONFFILE}.tmp" "${CONFFILE}" for HOOK in $(cd /usr/share/dehydrated/hooks && find -maxdepth 1 -not -type d -printf '%P\n' | sort) do @@ -169,8 +196,6 @@ case "${1}" in if [ -n "${HOOKS}" ] then - Config /etc/dehydrated/conf.d/hook.sh HOOK /usr/bin/dehydrated-hook.d - HOOKS="$(echo ${HOOKS} | sed -e 's|,| |g')" if echo "${HOOKS}" | grep -qs "ALL" @@ -200,14 +225,11 @@ case "${1}" in Install "${BASEDIR}" "${NEW_BASEDIR}" fi - if ! ls /var/lib/dehydrated/accounts/*/account_key.pem > /dev/null 2>&1 - then - case "${REGISTER}" in - true) - dehydrated --register --accept-terms - ;; - esac - fi + case "${REGISTER}" in + true) + dehydrated --register --accept-terms + ;; + esac ;; abort-upgrade|abort-remove|abort-deconfigure) diff --git a/debian/open-infrastructure-dehydrated-tools.templates b/debian/open-infrastructure-dehydrated-tools.templates index 0f093ab..bf7fec4 100644 --- a/debian/open-infrastructure-dehydrated-tools.templates +++ b/debian/open-infrastructure-dehydrated-tools.templates @@ -2,6 +2,14 @@ Template: open-infrastructure-dehydrated-tools/title Type: title Description: dehydrated-tools: Setup +Template: open-infrastructure-dehydrated-tools/auto-cleanup +Type: boolean +Default: no +Description: dehydrated auto clean: + Please select the Certificate Authority to use with dehydrated. + . + If unsure, use letsencrypt (default). + Template: open-infrastructure-dehydrated-tools/ca Type: select Choices: letsencrypt, letsencrypt-test, zerossl, buypass, buypass-test @@ -11,14 +19,6 @@ Description: dehydrated Certificate Authority (CA): . If unsure, use letsencrypt (default). -Template: open-infrastructure-dehydrated-tools/auto-cleanup -Type: boolean -Default: no -Description: dehydrated auto clean: - Please select the Certificate Authority to use with dehydrated. - . - If unsure, use letsencrypt (default). - Template: open-infrastructure-dehydrated-tools/challengetype Type: select Choices: dns-01, http-01 @@ -36,28 +36,6 @@ Description: dehydrated Contact Email: . If unsure, leave empty (default). -Template: open-infrastructure-dehydrated-tools/hooks -Type: multiselect -Choices: ${HOOKS_CHOICES} -Default: -Description: dehydrated hooks: - Please select any hooks that should be enabled for dehydrated. - -Template: open-infrastructure-dehydrated-tools/basedir -Type: string -Default: -Description: dehydrated base directory: - Please enter the base directory where all the certificates are stored. - . - If unsure, use /var/lib/dehydrated (default). - -Template: open-infrastructure-dehydrated-tools/register -Type: boolean -Default: false -Description: dehydrated register: - Should a 'dehydrated --register --accept-terms' be executed now to create - an account for this system with your CA. - Template: open-infrastructure-dehydrated-tools/ocsp-fetch Type: boolean Default: false @@ -73,3 +51,25 @@ Description: dehydrated OCSP must staple: Should dehydrated request certificates that must use OCSP stapling? . If unsure, use 'no' (default). + +Template: open-infrastructure-dehydrated-tools/basedir +Type: string +Default: +Description: dehydrated base directory: + Please enter the base directory where all the certificates are stored. + . + If unsure, use /var/lib/dehydrated (default). + +Template: open-infrastructure-dehydrated-tools/hooks +Type: multiselect +Choices: ${HOOKS_CHOICES} +Default: +Description: dehydrated hooks: + Please select any hooks that should be enabled for dehydrated. + +Template: open-infrastructure-dehydrated-tools/register +Type: boolean +Default: false +Description: dehydrated register: + Should a 'dehydrated --register --accept-terms' be executed now to create + an account for this system with your CA. |