diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-09-05 06:10:00 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-09-05 07:15:17 +0000 |
| commit | 4041050498d2eb2da476eb043bba37f00a80a140 (patch) | |
| tree | 2c8fa225e5d8cd3dbccfafd2f005fefbf1840cbe | |
| parent | Updating hook debconf handling for dehydrated-hook rename. (diff) | |
| download | open-infrastructure-service-tools-4041050498d2eb2da476eb043bba37f00a80a140.tar.xz open-infrastructure-service-tools-4041050498d2eb2da476eb043bba37f00a80a140.zip | |
Adding tsig debconf handling for dehydrated-nsupdate.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
| -rw-r--r-- | debian/open-infrastructure-dehydrated-tools.config | 4 | ||||
| -rwxr-xr-x | debian/open-infrastructure-dehydrated-tools.postinst | 55 | ||||
| -rw-r--r-- | debian/open-infrastructure-dehydrated-tools.templates | 10 |
3 files changed, 69 insertions, 0 deletions
diff --git a/debian/open-infrastructure-dehydrated-tools.config b/debian/open-infrastructure-dehydrated-tools.config index 8d636fd..6c7a683 100644 --- a/debian/open-infrastructure-dehydrated-tools.config +++ b/debian/open-infrastructure-dehydrated-tools.config @@ -63,4 +63,8 @@ db_settitle open-infrastructure-dehydrated-tools/title db_input low open-infrastructure-dehydrated-tools/register "${REGISTER}" || true db_go +db_settitle open-infrastructure-dehydrated-tools/title +db_input low open-infrastructure-dehydrated-tools/tsig "${TSIG}" || true +db_go + db_stop diff --git a/debian/open-infrastructure-dehydrated-tools.postinst b/debian/open-infrastructure-dehydrated-tools.postinst index f6c71c7..083c2ac 100755 --- a/debian/open-infrastructure-dehydrated-tools.postinst +++ b/debian/open-infrastructure-dehydrated-tools.postinst @@ -81,6 +81,9 @@ case "${1}" in db_get open-infrastructure-dehydrated-tools/ocsp-must-staple OCSP_MUST_STAPLE="${RET}" # boolean + db_get open-infrastructure-dehydrated-tools/tsig + TSIG="${RET}" # string (w/ empty) + db_stop case "${AUTO_CLEANUP}" in @@ -230,6 +233,58 @@ EOF dehydrated --register --accept-terms ;; esac + + if [ -n "${TSIG}" ] + then + case "${TSIG}" in + *:*) + # tsig is a string + echo "${TSIG}" > /etc/dehydrated/tsig.key + chmod 0600 /etc/dehydrated/tsig.key + + TSIG_FILE="/etc/dehydrated/tsig.key" + ;; + + */*) + # tsig is a path + TSIG_FILE="${TSIG}" + ;; + + *) + echo "'${TSIG}' is neither a valid tsig nor a path to an existing file - ignoring" + ;; + esac + fi + + if [ -n "${TSIG_FILE}" ] + then + DEFAULT_FILE="/etc/default/dehydrated-nsupdate" + + if [ ! -e "${DEFAULT_FILE}" ] + then + +cat > "${DEFAULT_FILE}" << EOF +# ${DEFAULT_FILE} + +TSIG_KEYFILE="${TSIG_FILE}" +EOF + + fi + + cp -a -f "${DEFAULT_FILE}" "${DEFAULT_FILE}.tmp" + + # If the admin deleted or commented some variables but then set + # them via debconf, (re-)add them to the config file. + + test -z "${TSIG_FILE}" || \ + grep -Eq '^ *TSIG_KEYFILE=' "${DEFAULT_FILE}" || \ + echo "TSIG_KEYFILE=" >> "${DEFAULT_FILE}" + + sed -e "s|^ *TSIG_KEYFILE=.*|TSIG_KEYFILE=\"${TSIG_FILE}\"|" \ + < "${DEFAULT_FILE}" > "${DEFAULT_FILE}.tmp" + + mv -f "${DEFAULT_FILE}.tmp" "${DEFAULT_FILE}" + fi ;; abort-upgrade|abort-remove|abort-deconfigure) diff --git a/debian/open-infrastructure-dehydrated-tools.templates b/debian/open-infrastructure-dehydrated-tools.templates index bf7fec4..947e5eb 100644 --- a/debian/open-infrastructure-dehydrated-tools.templates +++ b/debian/open-infrastructure-dehydrated-tools.templates @@ -73,3 +73,13 @@ Default: false Description: dehydrated register: Should a 'dehydrated --register --accept-terms' be executed now to create an account for this system with your CA. + +Template: open-infrastructure-dehydrated-tools/tsig +Type: string +Default: +Description: dehydrated TSIG: + When using the dehydrated-nsupdate hook, a TSIG can be used. If you like + to do so, please enter either the path to the TSIG file or the TSIG string + itself (format as used by nsupdate -y in algorithm:name:base64). + . + If unsure, leave empty (default). |