Adding KEY_ALGO debconf handling in dehydrated-tools.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 23 insertions, 0 deletions

diff --git a/debian/open-infrastructure-dehydrated-tools.config b/debian/open-infrastructure-dehydrated-tools.config
index 8ff3177..c031c65 100644
--- a/debian/open-infrastructure-dehydrated-tools.config
+++ b/debian/open-infrastructure-dehydrated-tools.config
@@ -14,6 +14,7 @@ then
 	db_set open-infrastructure-dehydrated-tools/ca "${CA}"
 	db_set open-infrastructure-dehydrated-tools/challengetype "${CHALLENGETYPE}"
 	db_set open-infrastructure-dehydrated-tools/contact-email "${CONTACT_EMAIL}"
+	db_set open-infrastructure-dehydrated-tools/key-algo "${KEY_ALGO}"
 	db_set open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}"
 	db_set open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}"
 fi
@@ -35,6 +36,10 @@ db_input low open-infrastructure-dehydrated-tools/contact-email "${CONTACT_EMAIL
 db_go
 
 db_settitle open-infrastructure-dehydrated-tools/title
+db_input low open-infrastructure-dehydrated-tools/key-algo "${KEY_ALGO}" || true
+db_go
+
+db_settitle open-infrastructure-dehydrated-tools/title
 db_input low open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}" || true
 db_go
 
diff --git a/debian/open-infrastructure-dehydrated-tools.postinst b/debian/open-infrastructure-dehydrated-tools.postinst
index 698016b..bd3ca57 100755
--- a/debian/open-infrastructure-dehydrated-tools.postinst
+++ b/debian/open-infrastructure-dehydrated-tools.postinst
@@ -66,6 +66,9 @@ case "${1}" in
 		db_get open-infrastructure-dehydrated-tools/contact-email
 		CONTACT_EMAIL="${RET}" # string (w/ empty)
 
+		db_get open-infrastructure-dehydrated-tools/key-algo
+		KEY_ALGO="${RET}" # select
+
 		db_get open-infrastructure-dehydrated-tools/ocsp-fetch
 		OCSP_FETCH="${RET}" # boolean
 
@@ -135,6 +138,7 @@ CA="${CA}"
 CHALLENGETYPE="${CHALLENGETYPE}"
 CONTACT_EMAIL="${CONTACT_EMAIL}"
 HOOK="${HOOK}"
+KEY_ALGO="${KEY_ALGO}"
 OCSP_FETCH="${OCSP_FETCH}"
 OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}"
 EOF
@@ -166,6 +170,10 @@ EOF
 		grep -Eq '^ *HOOK=' "${CONFFILE}" || \
 		echo "HOOK=" >> "${CONFFILE}"
 
+		test -z "${KEY_ALGO}" || \
+		grep -Eq '^ *KEY_ALGO=' "${CONFFILE}" || \
+		echo "KEY_ALGO=" >> "${CONFFILE}"
+
 		test -z "${OCSP_FETCH}" || \
 		grep -Eq '^ *OCSP_FETCH=' "${CONFFILE}" || \
 		echo "OCSP_FETCH=" >> "${CONFFILE}"
@@ -179,6 +187,7 @@ EOF
 		    -e "s|^ *CHALLENGETYPE=.*|CHALLENGETYPE=\"${CHALLENGETYPE}\"|" \
 		    -e "s|^ *CONTACT_EMAIL=.*|CONTACT_EMAIL=\"${CONTACT_EMAIL}\"|" \
 		    -e "s|^ *HOOK=.*|HOOK=\"${HOOK}\"|" \
+		    -e "s|^ *KEY_ALGO=.*|KEY_ALGO=\"${KEY_ALGO}\"|" \
 		    -e "s|^ *OCSP_FETCH=.*|OCSP_FETCH=\"${OCSP_FETCH}\"|" \
 		    -e "s|^ *OCSP_MUST_STAPLE=.*|OCSP_MUST_STAPLE=\"${OCSP_MUST_STAPLE}\"|" \
 		< "${CONFFILE}" > "${CONFFILE}.tmp"
diff --git a/debian/open-infrastructure-dehydrated-tools.templates b/debian/open-infrastructure-dehydrated-tools.templates
index 08c525e..e9b7295 100644
--- a/debian/open-infrastructure-dehydrated-tools.templates
+++ b/debian/open-infrastructure-dehydrated-tools.templates
@@ -36,6 +36,15 @@ Description: dehydrated Contact Email:
  .
  If unsure, leave empty (default).
 
+Template: open-infrastructure-dehydrated-tools/key-algo
+Type: select
+Choices: prime256v1, rsa, secp384r1
+Default: secp384r1
+Description: dehydrated key algorithm:
+ Please select the key algorithm to use.
+ .
+ If unsure, use 'secp384r1' (default).
+
 Template: open-infrastructure-dehydrated-tools/ocsp-fetch
 Type: boolean
 Default: false