Adding preseeding for preferred-chain in dehydrated.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 22 insertions, 0 deletions

diff --git a/debian/open-infrastructure-dehydrated-tools.config b/debian/open-infrastructure-dehydrated-tools.config
index c031c65..646f67f 100644
--- a/debian/open-infrastructure-dehydrated-tools.config
+++ b/debian/open-infrastructure-dehydrated-tools.config
@@ -17,6 +17,7 @@ then
 	db_set open-infrastructure-dehydrated-tools/key-algo "${KEY_ALGO}"
 	db_set open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}"
 	db_set open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}"
+	db_set open-infrastructure-dehydrated-tools/preferred-chain "${PREFERRED_CHAIN}"
 fi
 
 db_settitle open-infrastructure-dehydrated-tools/title
@@ -48,6 +49,10 @@ db_input low open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_
 db_go
 
 db_settitle open-infrastructure-dehydrated-tools/title
+db_input low open-infrastructure-dehydrated-tools/preferred-chain "${PREFERRED_CHAIN}" || true
+db_go
+
+db_settitle open-infrastructure-dehydrated-tools/title
 db_input low open-infrastructure-dehydrated-tools/basedir "${BASEDIR}" || true
 db_go
 
diff --git a/debian/open-infrastructure-dehydrated-tools.postinst b/debian/open-infrastructure-dehydrated-tools.postinst
index 1b0f776..3eb3a04 100755
--- a/debian/open-infrastructure-dehydrated-tools.postinst
+++ b/debian/open-infrastructure-dehydrated-tools.postinst
@@ -75,6 +75,9 @@ case "${1}" in
 		db_get open-infrastructure-dehydrated-tools/ocsp-must-staple
 		OCSP_MUST_STAPLE="${RET}" # boolean
 
+		db_get open-infrastructure-dehydrated-tools/preferred-chain
+		PREFERRED_CHAIN="${RET}" # string w/ empty
+
 		db_get open-infrastructure-dehydrated-tools/hooks
 		HOOKS="${RET}" # multi-select (w/ empty)
 
@@ -141,6 +144,7 @@ HOOK="${HOOK}"
 KEY_ALGO="${KEY_ALGO}"
 OCSP_FETCH="${OCSP_FETCH}"
 OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}"
+PREFERRED_CHAIN="${PREFERRED_CHAIN}"
 EOF
 
 		fi
@@ -182,6 +186,10 @@ EOF
 		grep -Eq '^ *OCSP_MUST_STAPLE=' "${CONFFILE}" || \
 		echo "OCSP_MUST_STAPLE=" >> "${CONFFILE}"
 
+		test -z "${PREFERRED_CHAIN}" || \
+		grep -Eq '^ *PREFERRED_CHAIN=' "${CONFFILE}" || \
+		echo "PREFERRED_CHAIN=" >> "${CONFFILE}"
+
 		sed -e "s|^ *AUTO_CLEANUP=.*|AUTO_CLEANUP=\"${AUTO_CLEANUP}\"|" \
 		    -e "s|^ *CA=.*|CA=\"${CA}\"|" \
 		    -e "s|^ *CHALLENGETYPE=.*|CHALLENGETYPE=\"${CHALLENGETYPE}\"|" \
@@ -190,6 +198,7 @@ EOF
 		    -e "s|^ *KEY_ALGO=.*|KEY_ALGO=\"${KEY_ALGO}\"|" \
 		    -e "s|^ *OCSP_FETCH=.*|OCSP_FETCH=\"${OCSP_FETCH}\"|" \
 		    -e "s|^ *OCSP_MUST_STAPLE=.*|OCSP_MUST_STAPLE=\"${OCSP_MUST_STAPLE}\"|" \
+		    -e "s|^ *PREFERRED_CHAIN=.*|PREFERRED_CHAIN=\"${PREFERRED_CHAIN}\"|" \
 		< "${CONFFILE}" > "${CONFFILE}.tmp"
 
 		mv -f "${CONFFILE}.tmp" "${CONFFILE}"
diff --git a/debian/open-infrastructure-dehydrated-tools.templates b/debian/open-infrastructure-dehydrated-tools.templates
index 8bef501..a29c550 100644
--- a/debian/open-infrastructure-dehydrated-tools.templates
+++ b/debian/open-infrastructure-dehydrated-tools.templates
@@ -61,6 +61,14 @@ Description: dehydrated OCSP must staple:
  .
  If unsure, use 'no' (default).
 
+Template: open-infrastructure-dehydrated-tools/preferred-chain
+Type: string
+Default: 
+Description: dehydrated preferred chain:
+ Should an alternative root certificate by used in the certificat verification chain?
+ .
+ If unsure, leave empty.
+
 Template: open-infrastructure-dehydrated-tools/basedir
 Type: string
 Default: