From e1099af2b23754503dd923759569eb9a377b5db4 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Tue, 8 Nov 2022 16:13:11 +0100 Subject: Adding preseeding for preferred-chain in dehydrated. Signed-off-by: Daniel Baumann --- debian/open-infrastructure-dehydrated-tools.config | 5 +++++ debian/open-infrastructure-dehydrated-tools.postinst | 9 +++++++++ debian/open-infrastructure-dehydrated-tools.templates | 8 ++++++++ 3 files changed, 22 insertions(+) diff --git a/debian/open-infrastructure-dehydrated-tools.config b/debian/open-infrastructure-dehydrated-tools.config index c031c65..646f67f 100644 --- a/debian/open-infrastructure-dehydrated-tools.config +++ b/debian/open-infrastructure-dehydrated-tools.config @@ -17,6 +17,7 @@ then db_set open-infrastructure-dehydrated-tools/key-algo "${KEY_ALGO}" db_set open-infrastructure-dehydrated-tools/ocsp-fetch "${OCSP_FETCH}" db_set open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}" + db_set open-infrastructure-dehydrated-tools/preferred-chain "${PREFERRED_CHAIN}" fi db_settitle open-infrastructure-dehydrated-tools/title @@ -47,6 +48,10 @@ db_settitle open-infrastructure-dehydrated-tools/title db_input low open-infrastructure-dehydrated-tools/ocsp-must-staple "${OCSP_MUST_STAPLE}" || true db_go +db_settitle open-infrastructure-dehydrated-tools/title +db_input low open-infrastructure-dehydrated-tools/preferred-chain "${PREFERRED_CHAIN}" || true +db_go + db_settitle open-infrastructure-dehydrated-tools/title db_input low open-infrastructure-dehydrated-tools/basedir "${BASEDIR}" || true db_go diff --git a/debian/open-infrastructure-dehydrated-tools.postinst b/debian/open-infrastructure-dehydrated-tools.postinst index 1b0f776..3eb3a04 100755 --- a/debian/open-infrastructure-dehydrated-tools.postinst +++ b/debian/open-infrastructure-dehydrated-tools.postinst @@ -75,6 +75,9 @@ case "${1}" in db_get open-infrastructure-dehydrated-tools/ocsp-must-staple OCSP_MUST_STAPLE="${RET}" # boolean + db_get open-infrastructure-dehydrated-tools/preferred-chain + PREFERRED_CHAIN="${RET}" # string w/ empty + db_get open-infrastructure-dehydrated-tools/hooks HOOKS="${RET}" # multi-select (w/ empty) @@ -141,6 +144,7 @@ HOOK="${HOOK}" KEY_ALGO="${KEY_ALGO}" OCSP_FETCH="${OCSP_FETCH}" OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}" +PREFERRED_CHAIN="${PREFERRED_CHAIN}" EOF fi @@ -182,6 +186,10 @@ EOF grep -Eq '^ *OCSP_MUST_STAPLE=' "${CONFFILE}" || \ echo "OCSP_MUST_STAPLE=" >> "${CONFFILE}" + test -z "${PREFERRED_CHAIN}" || \ + grep -Eq '^ *PREFERRED_CHAIN=' "${CONFFILE}" || \ + echo "PREFERRED_CHAIN=" >> "${CONFFILE}" + sed -e "s|^ *AUTO_CLEANUP=.*|AUTO_CLEANUP=\"${AUTO_CLEANUP}\"|" \ -e "s|^ *CA=.*|CA=\"${CA}\"|" \ -e "s|^ *CHALLENGETYPE=.*|CHALLENGETYPE=\"${CHALLENGETYPE}\"|" \ @@ -190,6 +198,7 @@ EOF -e "s|^ *KEY_ALGO=.*|KEY_ALGO=\"${KEY_ALGO}\"|" \ -e "s|^ *OCSP_FETCH=.*|OCSP_FETCH=\"${OCSP_FETCH}\"|" \ -e "s|^ *OCSP_MUST_STAPLE=.*|OCSP_MUST_STAPLE=\"${OCSP_MUST_STAPLE}\"|" \ + -e "s|^ *PREFERRED_CHAIN=.*|PREFERRED_CHAIN=\"${PREFERRED_CHAIN}\"|" \ < "${CONFFILE}" > "${CONFFILE}.tmp" mv -f "${CONFFILE}.tmp" "${CONFFILE}" diff --git a/debian/open-infrastructure-dehydrated-tools.templates b/debian/open-infrastructure-dehydrated-tools.templates index 8bef501..a29c550 100644 --- a/debian/open-infrastructure-dehydrated-tools.templates +++ b/debian/open-infrastructure-dehydrated-tools.templates @@ -61,6 +61,14 @@ Description: dehydrated OCSP must staple: . If unsure, use 'no' (default). +Template: open-infrastructure-dehydrated-tools/preferred-chain +Type: string +Default: +Description: dehydrated preferred chain: + Should an alternative root certificate by used in the certificat verification chain? + . + If unsure, leave empty. + Template: open-infrastructure-dehydrated-tools/basedir Type: string Default: -- cgit v1.2.3