From 2ca157f04bcf867ea945eaaefcb11cbe071f58ed Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 4 Sep 2021 18:48:38 +0200
Subject: Reworking dehydrated debconf handling completely.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/open-infrastructure-dehydrated-tools.config |  78 +++++---------
 .../open-infrastructure-dehydrated-tools.postinst  | 116 ++++++++++++---------
 .../open-infrastructure-dehydrated-tools.templates |  60 +++++------
 3 files changed, 126 insertions(+), 128 deletions(-)

diff --git a/debian/open-infrastructure-dehydrated-tools.config b/debian/open-infrastructure-dehydrated-tools.config
index 28c38ed..8d636fd 100644
--- a/debian/open-infrastructure-dehydrated-tools.config
+++ b/debian/open-infrastructure-dehydrated-tools.config
@@ -2,50 +2,51 @@
 
 set -e
 
-for FILE in /etc/dehydrated/config /etc/dehydrated/conf.d/*.sh
-do
-	if [ -e "${FILE}" ]
-	then
-		. ${FILE} || true
-	fi
-done
-
 . /usr/share/debconf/confmodule
 
-if [ -n "${CA}" ]
+CONFFILE="/etc/dehydrated/conf.d/config.sh"
+
+if [ -e "${CONFFILE}" ]
 then
+	. ${CONFFILE} || true
+
+	db_set open-infrastructure-dehydrated-tools/auto-cleanup "${AUTO_CLEANUP}"
 	db_set open-infrastructure-dehydrated-tools/ca "${CA}"
+	db_set open-infrastructure-dehydrated-tools/challengetype "${CHALLENGETYPE}"
+	db_set open-infrastructure-dehydrated-tools/contact-email "${CONTACT_EMAIL}"
+	db_set open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}"
+	db_set open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}"
+	db_set open-infrastructure-dehydrated-tools/basedir "${BASEDIR}"
+	db_set open-infrastructure-dehydrated-tools/hooks "${HOOKS}"
+	db_set open-infrastructure-dehydrated-tools/register "${REGISTER}"
 fi
 
 db_settitle open-infrastructure-dehydrated-tools/title
-db_input low open-infrastructure-dehydrated-tools/ca || true
+db_input low open-infrastructure-dehydrated-tools/auto-cleanup "${AUTO_CLEANUP}" || true
 db_go
 
-if [ -n "${AUTO_CLEANUP}" ]
-then
-	db_set open-infrastructure-dehydrated-tools/auto-cleanup "${AUTO_CLEANUP}"
-fi
+db_settitle open-infrastructure-dehydrated-tools/title
+db_input low open-infrastructure-dehydrated-tools/ca "${CA}" || true
+db_go
 
 db_settitle open-infrastructure-dehydrated-tools/title
-db_input low open-infrastructure-dehydrated-tools/auto-cleanup || true
+db_input low open-infrastructure-dehydrated-tools/challengetype "${CHALLENGETYPE}" || true
 db_go
 
-if [ -n "${CHALLENGETYPE}" ]
-then
-	db_set open-infrastructure-dehydrated-tools/challengetype "${CHALLENGETYPE}"
-fi
+db_settitle open-infrastructure-dehydrated-tools/title
+db_input low open-infrastructure-dehydrated-tools/contact-email "${CONTACT_EMAIL}" || true
+db_go
 
 db_settitle open-infrastructure-dehydrated-tools/title
-db_input low open-infrastructure-dehydrated-tools/challengetype || true
+db_input low open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}" || true
 db_go
 
-if [ -n "${CONTACT_EMAIL}" ]
-then
-	db_set open-infrastructure-dehydrated-tools/contact-email "${CONTACT_EMAIL}"
-fi
+db_settitle open-infrastructure-dehydrated-tools/title
+db_input low open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}" || true
+db_go
 
 db_settitle open-infrastructure-dehydrated-tools/title
-db_input low open-infrastructure-dehydrated-tools/contact-email || true
+db_input low open-infrastructure-dehydrated-tools/basedir "${BASEDIR}" || true
 db_go
 
 if [ -e /usr/share/dehydrated/hooks ]
@@ -59,32 +60,7 @@ then
 fi
 
 db_settitle open-infrastructure-dehydrated-tools/title
-db_input low open-infrastructure-dehydrated-tools/basedir || true
-db_go
-
-if ! ls /var/lib/dehydrated/accounts/*/account_key.pem > /dev/null 2>&1
-then
-	db_settitle open-infrastructure-dehydrated-tools/title
-	db_input low open-infrastructure-dehydrated-tools/register || true
-	db_go
-fi
-
-if [ -n "${OCSP_FETCH}" ]
-then
-	db_set open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}"
-fi
-
-db_settitle open-infrastructure-dehydrated-tools/title
-db_input low open-infrastructure-dehydrated-tools/ocsp-fetch || true
-db_go
-
-if [ -n "${OCSP_MUST_STAPLE}" ]
-then
-	db_set open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}"
-fi
-
-db_settitle open-infrastructure-dehydrated-tools/title
-db_input low open-infrastructure-dehydrated-tools/ocsp-must-staple || true
+db_input low open-infrastructure-dehydrated-tools/register "${REGISTER}" || true
 db_go
 
 db_stop
diff --git a/debian/open-infrastructure-dehydrated-tools.postinst b/debian/open-infrastructure-dehydrated-tools.postinst
index 5734044..2ddde24 100755
--- a/debian/open-infrastructure-dehydrated-tools.postinst
+++ b/debian/open-infrastructure-dehydrated-tools.postinst
@@ -2,36 +2,9 @@
 
 set -e
 
-Config ()
-{
-	FILE="${1}"
-	KEY="${2}"
-	VALUE="${3}"
-
-	TMPFILE="$(mktemp --dry-run ${FILE}.XXXX)"
-
-	if [ ! -e "${FILE}" ]
-	then
-
-cat > "${FILE}" << EOF
-# ${FILE}
-
-${KEY}="${VALUE}"
-EOF
-
-	fi
-
-	cp -a -f "${FILE}" "${TMPFILE}"
+. /usr/share/debconf/confmodule
 
-	test -z "${VALUE}" || \
-		grep -Eq "^ *$(echo ${KEY})=" "${FILE}" || \
-		echo "${KEY}=" >> "$FILE}"
-
-	sed -e "s|^ *\($(echo ${KEY})\)=.*|\1=\"${VALUE}\"|" \
-	< "${FILE}" > "${TMPFILE}"
-
-	mv -f "${TMPFILE}" "${FILE}"
-}
+CONFFILE="/etc/dehydrated/conf.d/config.sh"
 
 Install ()
 {
@@ -81,8 +54,6 @@ Install ()
 
 case "${1}" in
 	configure)
-		. /usr/share/debconf/confmodule
-
 		db_get open-infrastructure-dehydrated-tools/ca
 		CA="${RET}" # select
 
@@ -152,12 +123,68 @@ case "${1}" in
 				;;
 		esac
 
-		Config /etc/dehydrated/conf.d/ca.sh CA ${CA}
-		Config /etc/dehydrated/conf.d/cleanup.sh AUTO_CLEANUP ${AUTO_CLEANUP}
-		Config /etc/dehydrated/conf.d/challenge.sh CHALLENGETYPE ${CHALLENGETYPE}
-		Config /etc/dehydrated/conf.d/contact.sh CONTACT_EMAIL ${CONTACT_EMAIL}
-		Config /etc/dehydrated/conf.d/ocsp.sh OCSP_FETCH ${OCSP_FETCH}
-		Config /etc/dehydrated/conf.d/ocsp.sh OCSP_MUST_STAPLE ${OCSP_MUST_STAPLE}
+		HOOK="/usr/bin/dehydrated-hook.d"
+
+		if [ ! -e "${CONFFILE}" ]
+		then
+
+cat > "${CONFFILE}" << EOF
+# /etc/dehydrated/conf.d/config.sh
+
+AUTO_CLEANUP="${AUTO_CLEANUP}"
+CA="${CA}"
+CHALLENGETYPE="${CHALLENGETYPE}"
+CONTACT_EMAIL="${CONTACT_EMAIL}"
+HOOK="${HOOK}"
+OCSP_FETCH="${OCSP_FETCH}"
+OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}"
+EOF
+
+		fi
+
+		cp -a -f "${CONFFILE}" "${CONFFILE}.tmp"
+
+		# If the admin deleted or commented some variables but then set
+		# them via debconf, (re-)add them to the config file.
+
+		test -z "${AUTO_CLEANUP}" || \
+		grep -Eq '^ *AUTO_CLEANUP=' "${CONFFILE}" || \
+		echo "AUTO_CLEANUP=" >> "${CONFFILE}"
+
+		test -z "${CA}" || \
+		grep -Eq '^ *CA=' "${CONFFILE}" || \
+		echo "CA=" >> "${CONFFILE}"
+
+		test -z "${CHALLENGETYPE}" || \
+		grep -Eq '^ *CHALLENGETYPE=' "${CONFFILE}" || \
+		echo "CHALLENGETYPE=" >> "${CONFFILE}"
+
+		test -z "${CONTACT_EMAIL}" || \
+		grep -Eq '^ *CONTACT_EMAIL=' "${CONFFILE}" || \
+		echo "CONTACT_EMAIL=" >> "${CONFFILE}"
+
+		test -z "${HOOK}" || \
+		grep -Eq '^ *HOOK=' "${CONFFILE}" || \
+		echo "HOOK=" >> "${CONFFILE}"
+
+		test -z "${OCSP_FETCH}" || \
+		grep -Eq '^ *OCSP_FETCH=' "${CONFFILE}" || \
+		echo "OCSP_FETCH=" >> "${CONFFILE}"
+
+		test -z "${OCSP_MUST_STAPLE}" || \
+		grep -Eq '^ *OCSP_MUST_STAPLE=' "${CONFFILE}" || \
+		echo "OCSP_MUST_STAPLE=" >> "${CONFFILE}"
+
+		sed -e "s|^ *AUTO_CLEANUP=.*|AUTO_CLEANUP=\"${AUTO_CLEANUP}\"|" \
+		    -e "s|^ *CA=.*|CA=\"${CA}\"|" \
+		    -e "s|^ *CHALLENGETYPE=.*|CHALLENGETYPE=\"${CHALLENGETYPE}\"|" \
+		    -e "s|^ *CONTACT_EMAIL=.*|CONTACT_EMAIL=\"${CONTACT_EMAIL}\"|" \
+		    -e "s|^ *HOOK=.*|HOOK=\"${HOOK}\"|" \
+		    -e "s|^ *OCSP_FETCH=.*|OCSP_FETCH=\"${OCSP_FETCH}\"|" \
+		    -e "s|^ *OCSP_MUST_STAPLE=.*|OCSP_MUST_STAPLE=\"${OCSP_MUST_STAPLE}\"|" \
+		< "${CONFFILE}" > "${CONFFILE}.tmp"
+
+		mv -f "${CONFFILE}.tmp" "${CONFFILE}"
 
 		for HOOK in $(cd /usr/share/dehydrated/hooks && find -maxdepth 1 -not -type d -printf '%P\n' | sort)
 		do
@@ -169,8 +196,6 @@ case "${1}" in
 
 		if [ -n "${HOOKS}" ]
 		then
-			Config /etc/dehydrated/conf.d/hook.sh HOOK /usr/bin/dehydrated-hook.d
-
 			HOOKS="$(echo ${HOOKS} | sed -e 's|,| |g')"
 
 			if echo "${HOOKS}" | grep -qs "ALL"
@@ -200,14 +225,11 @@ case "${1}" in
 			Install "${BASEDIR}" "${NEW_BASEDIR}"
 		fi
 
-		if ! ls /var/lib/dehydrated/accounts/*/account_key.pem > /dev/null 2>&1
-		then
-			case "${REGISTER}" in
-				true)
-					dehydrated --register --accept-terms
-					;;
-			esac
-		fi
+		case "${REGISTER}" in
+			true)
+				dehydrated --register --accept-terms
+				;;
+		esac
 		;;
 
 	abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/debian/open-infrastructure-dehydrated-tools.templates b/debian/open-infrastructure-dehydrated-tools.templates
index 0f093ab..bf7fec4 100644
--- a/debian/open-infrastructure-dehydrated-tools.templates
+++ b/debian/open-infrastructure-dehydrated-tools.templates
@@ -2,6 +2,14 @@ Template: open-infrastructure-dehydrated-tools/title
 Type: title
 Description: dehydrated-tools: Setup
 
+Template: open-infrastructure-dehydrated-tools/auto-cleanup
+Type: boolean
+Default: no
+Description: dehydrated auto clean:
+ Please select the Certificate Authority to use with dehydrated.
+ .
+ If unsure, use letsencrypt (default).
+
 Template: open-infrastructure-dehydrated-tools/ca
 Type: select
 Choices: letsencrypt, letsencrypt-test, zerossl, buypass, buypass-test
@@ -11,14 +19,6 @@ Description: dehydrated Certificate Authority (CA):
  .
  If unsure, use letsencrypt (default).
 
-Template: open-infrastructure-dehydrated-tools/auto-cleanup
-Type: boolean
-Default: no
-Description: dehydrated auto clean:
- Please select the Certificate Authority to use with dehydrated.
- .
- If unsure, use letsencrypt (default).
-
 Template: open-infrastructure-dehydrated-tools/challengetype
 Type: select
 Choices: dns-01, http-01
@@ -36,28 +36,6 @@ Description: dehydrated Contact Email:
  .
  If unsure, leave empty (default).
 
-Template: open-infrastructure-dehydrated-tools/hooks
-Type: multiselect
-Choices: ${HOOKS_CHOICES}
-Default: 
-Description: dehydrated hooks:
- Please select any hooks that should be enabled for dehydrated.
-
-Template: open-infrastructure-dehydrated-tools/basedir
-Type: string
-Default: 
-Description: dehydrated base directory:
- Please enter the base directory where all the certificates are stored.
- .
- If unsure, use /var/lib/dehydrated (default).
-
-Template: open-infrastructure-dehydrated-tools/register
-Type: boolean
-Default: false
-Description: dehydrated register:
- Should a 'dehydrated --register --accept-terms' be executed now to create
- an account for this system with your CA.
-
 Template: open-infrastructure-dehydrated-tools/ocsp-fetch
 Type: boolean
 Default: false
@@ -73,3 +51,25 @@ Description: dehydrated OCSP must staple:
  Should dehydrated request certificates that must use OCSP stapling?
  .
  If unsure, use 'no' (default).
+
+Template: open-infrastructure-dehydrated-tools/basedir
+Type: string
+Default: 
+Description: dehydrated base directory:
+ Please enter the base directory where all the certificates are stored.
+ .
+ If unsure, use /var/lib/dehydrated (default).
+
+Template: open-infrastructure-dehydrated-tools/hooks
+Type: multiselect
+Choices: ${HOOKS_CHOICES}
+Default: 
+Description: dehydrated hooks:
+ Please select any hooks that should be enabled for dehydrated.
+
+Template: open-infrastructure-dehydrated-tools/register
+Type: boolean
+Default: false
+Description: dehydrated register:
+ Should a 'dehydrated --register --accept-terms' be executed now to create
+ an account for this system with your CA.
-- 
cgit v1.2.3