1 files changed, 55 insertions, 0 deletions

diff --git a/debian/open-infrastructure-dehydrated-tools.postinst b/debian/open-infrastructure-dehydrated-tools.postinst
index f6c71c7..083c2ac 100755
--- a/debian/open-infrastructure-dehydrated-tools.postinst
+++ b/debian/open-infrastructure-dehydrated-tools.postinst
@@ -81,6 +81,9 @@ case "${1}" in
 		db_get open-infrastructure-dehydrated-tools/ocsp-must-staple
 		OCSP_MUST_STAPLE="${RET}" # boolean
 
+		db_get open-infrastructure-dehydrated-tools/tsig
+		TSIG="${RET}" # string (w/ empty)
+
 		db_stop
 
 		case "${AUTO_CLEANUP}" in
@@ -230,6 +233,58 @@ EOF
 				dehydrated --register --accept-terms
 				;;
 		esac
+
+		if [ -n "${TSIG}" ]
+		then
+			case "${TSIG}" in
+				*:*)
+					# tsig is a string
+					echo "${TSIG}" > /etc/dehydrated/tsig.key
+					chmod 0600 /etc/dehydrated/tsig.key
+
+					TSIG_FILE="/etc/dehydrated/tsig.key"
+					;;
+
+				*/*)
+					# tsig is a path
+					TSIG_FILE="${TSIG}"
+					;;
+
+				*)
+					echo "'${TSIG}' is neither a valid tsig nor a path to an existing file - ignoring"
+					;;
+			esac
+		fi
+
+		if [ -n "${TSIG_FILE}" ]
+		then
+			DEFAULT_FILE="/etc/default/dehydrated-nsupdate"
+
+			if [ ! -e "${DEFAULT_FILE}" ]
+			then
+
+cat > "${DEFAULT_FILE}" << EOF
+# ${DEFAULT_FILE}
+
+TSIG_KEYFILE="${TSIG_FILE}"
+EOF
+
+			fi
+
+			cp -a -f "${DEFAULT_FILE}" "${DEFAULT_FILE}.tmp"
+
+			# If the admin deleted or commented some variables but then set
+			# them via debconf, (re-)add them to the config file.
+
+			test -z "${TSIG_FILE}" || \
+			grep -Eq '^ *TSIG_KEYFILE=' "${DEFAULT_FILE}" || \
+			echo "TSIG_KEYFILE=" >> "${DEFAULT_FILE}"
+
+			sed -e "s|^ *TSIG_KEYFILE=.*|TSIG_KEYFILE=\"${TSIG_FILE}\"|" \
+			< "${DEFAULT_FILE}" > "${DEFAULT_FILE}.tmp"
+
+			mv -f "${DEFAULT_FILE}.tmp" "${DEFAULT_FILE}"
+		fi
 		;;
 
 	abort-upgrade|abort-remove|abort-deconfigure)