#!/bin/sh set -e . /usr/share/debconf/confmodule CONFFILE="/etc/dehydrated/conf.d/config.sh" Install () { DEFAULT="${1}" TARGET="${2}" mkdir -p "${DEFAULT}" > /dev/null 2>&1 || true mkdir -p "${TARGET}" > /dev/null 2>&1 || true if [ "${TARGET}" != "${DEFAULT}" ] then if [ -h "${DEFAULT}" ] then rm -f "${DEFAULT}" ln -s "${TARGET}" "${DEFAULT}" else if [ -e "${DEFAULT}" ] && [ -z "$(ls -A ${DEFAULT})" ] then rmdir "${DEFAULT}" ln -s "${TARGET}" "${DEFAULT}" elif [ -n "$(ls -A ${DEFAULT})" ] && [ -z "$(ls -A ${TARGET})" ] then rmdir "${TARGET}" mv "${DEFAULT}" "${TARGET}" ln -s "${TARGET}" "${DEFAULT}" fi fi fi if ! dpkg-statoverride --list "${DEFAULT}" > /dev/null 2>&1 && ! dpkg-statoverride --list "${TARGET}" > /dev/null 2>&1 then if getent group ssl-cert > /dev/null 2>&1 then GROUP="ssl-cert" else GROUP="root" fi chmod 0770 "${TARGET}" chown root:"${GROUP}" "${TARGET}" chmod 0770 "${DEFAULT}" chown root:"${GROUP}" "${DEFAULT}" fi } case "${1}" in configure) db_get open-infrastructure-dehydrated-tools/ca CA="${RET}" # select db_get open-infrastructure-dehydrated-tools/auto-cleanup AUTO_CLEANUP="${RET}" # boolean db_get open-infrastructure-dehydrated-tools/challengetype CHALLENGETYPE="${RET}" # select db_get open-infrastructure-dehydrated-tools/contact-email CONTACT_EMAIL="${RET}" # string (w/ empty) db_get open-infrastructure-dehydrated-tools/key-algo KEY_ALGO="${RET}" # select db_get open-infrastructure-dehydrated-tools/ocsp-fetch OCSP_FETCH="${RET}" # boolean db_get open-infrastructure-dehydrated-tools/ocsp-must-staple OCSP_MUST_STAPLE="${RET}" # boolean db_get open-infrastructure-dehydrated-tools/preferred-chain PREFERRED_CHAIN="${RET}" # string w/ empty db_get open-infrastructure-dehydrated-tools/hooks HOOKS="${RET}" # multi-select (w/ empty) db_get open-infrastructure-dehydrated-tools/basedir NEW_BASEDIR="${RET}" # string (w/o empty) db_get open-infrastructure-dehydrated-tools/domains DOMAINS="${RET}" # string (w/ empty) db_get open-infrastructure-dehydrated-tools/tsig TSIG="${RET}" # string (w/ empty) db_get open-infrastructure-dehydrated-tools/register REGISTER="${RET}" # boolean db_get open-infrastructure-dehydrated-tools/run RUN="${RET}" # boolean db_stop case "${AUTO_CLEANUP}" in true) AUTO_CLEANUP="yes" ;; false) AUTO_CLEANUP="no" ;; esac case "${OCSP_FETCH}" in true) OCSP_FETCH="yes" ;; false) OCSP_FETCH="no" ;; esac case "${OCSP_MUST_STAPLE}" in true) OCSP_MUST_STAPLE="yes" ;; false) OCSP_MUST_STAPLE="no" ;; esac HOOK="/usr/bin/dehydrated-hook" if [ ! -e "${CONFFILE}" ] then cat > "${CONFFILE}" << EOF # /etc/dehydrated/conf.d/config.sh AUTO_CLEANUP="${AUTO_CLEANUP}" CA="${CA}" CHALLENGETYPE="${CHALLENGETYPE}" CONTACT_EMAIL="${CONTACT_EMAIL}" HOOK="${HOOK}" KEY_ALGO="${KEY_ALGO}" OCSP_FETCH="${OCSP_FETCH}" OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}" PREFERRED_CHAIN="${PREFERRED_CHAIN}" EOF fi cp -a -f "${CONFFILE}" "${CONFFILE}.tmp" # If the admin deleted or commented some variables but then set # them via debconf, (re-)add them to the config file. test -z "${AUTO_CLEANUP}" || \ grep -Eq '^ *AUTO_CLEANUP=' "${CONFFILE}" || \ echo "AUTO_CLEANUP=" >> "${CONFFILE}" test -z "${CA}" || \ grep -Eq '^ *CA=' "${CONFFILE}" || \ echo "CA=" >> "${CONFFILE}" test -z "${CHALLENGETYPE}" || \ grep -Eq '^ *CHALLENGETYPE=' "${CONFFILE}" || \ echo "CHALLENGETYPE=" >> "${CONFFILE}" test -z "${CONTACT_EMAIL}" || \ grep -Eq '^ *CONTACT_EMAIL=' "${CONFFILE}" || \ echo "CONTACT_EMAIL=" >> "${CONFFILE}" test -z "${HOOK}" || \ grep -Eq '^ *HOOK=' "${CONFFILE}" || \ echo "HOOK=" >> "${CONFFILE}" test -z "${KEY_ALGO}" || \ grep -Eq '^ *KEY_ALGO=' "${CONFFILE}" || \ echo "KEY_ALGO=" >> "${CONFFILE}" test -z "${OCSP_FETCH}" || \ grep -Eq '^ *OCSP_FETCH=' "${CONFFILE}" || \ echo "OCSP_FETCH=" >> "${CONFFILE}" test -z "${OCSP_MUST_STAPLE}" || \ grep -Eq '^ *OCSP_MUST_STAPLE=' "${CONFFILE}" || \ echo "OCSP_MUST_STAPLE=" >> "${CONFFILE}" test -z "${PREFERRED_CHAIN}" || \ grep -Eq '^ *PREFERRED_CHAIN=' "${CONFFILE}" || \ echo "PREFERRED_CHAIN=" >> "${CONFFILE}" sed -e "s|^ *AUTO_CLEANUP=.*|AUTO_CLEANUP=\"${AUTO_CLEANUP}\"|" \ -e "s|^ *CA=.*|CA=\"${CA}\"|" \ -e "s|^ *CHALLENGETYPE=.*|CHALLENGETYPE=\"${CHALLENGETYPE}\"|" \ -e "s|^ *CONTACT_EMAIL=.*|CONTACT_EMAIL=\"${CONTACT_EMAIL}\"|" \ -e "s|^ *HOOK=.*|HOOK=\"${HOOK}\"|" \ -e "s|^ *KEY_ALGO=.*|KEY_ALGO=\"${KEY_ALGO}\"|" \ -e "s|^ *OCSP_FETCH=.*|OCSP_FETCH=\"${OCSP_FETCH}\"|" \ -e "s|^ *OCSP_MUST_STAPLE=.*|OCSP_MUST_STAPLE=\"${OCSP_MUST_STAPLE}\"|" \ -e "s|^ *PREFERRED_CHAIN=.*|PREFERRED_CHAIN=\"${PREFERRED_CHAIN}\"|" \ < "${CONFFILE}" > "${CONFFILE}.tmp" mv -f "${CONFFILE}.tmp" "${CONFFILE}" for HOOK in $(cd /usr/share/dehydrated/hooks && find -maxdepth 1 -not -type d -printf '%P\n' | sort) do if [ -L "/etc/dehydrated/hook.d/${HOOK}" ] then rm -f "/etc/dehydrated/hook.d/${HOOK}" fi done if [ -n "${HOOKS}" ] then HOOKS="$(echo ${HOOKS} | sed -e 's|,| |g')" if echo "${HOOKS}" | grep -qs "ALL" then HOOKS="$(cd /usr/share/dehydrated/hooks && find -maxdepth 1 -not -type d -printf '%P\n' | sort)" fi for HOOK in ${HOOKS} do if [ ! -e "/etc/dehydrated/hook.d/${HOOK}" ] && [ -e "/usr/share/dehydrated/hooks/${HOOK}" ] then ln -sf "/usr/share/dehydrated/hooks/${HOOK}" "/etc/dehydrated/hook.d/${HOOK}" fi done fi for FILE in /etc/dehydrated/config /etc/dehydrated/conf.d/*.sh do if [ -e "${FILE}" ] then . ${FILE} || true fi done if [ -n "${NEW_BASEDIR}" ] && [ "${BASEDIR}" != "${NEW_BASEDIR}" ] then rmdir "${BASEDIR}/acme-challenges" > /dev/null 2>&1 || true Install "${BASEDIR}" "${NEW_BASEDIR}" mkdir -p "${BASEDIR}/acme-challenges" fi if [ -n "${DOMAINS}" ] && [ "${DOMAINS}" != "none" ] then rm -f /etc/dehydrated/domains.txt GROUPS="$(echo ${DOMAINS} | sed -e 's/ /#/g' -e 's/|/ /g')" for GROUP in ${GROUPS} do DOMAINS="$(echo ${GROUP} | sed -e 's/#/ /g' -e 's/^ //g')" echo "${DOMAINS}" >> /etc/dehydrated/domains.txt done fi if [ -n "${TSIG}" ] then case "${TSIG}" in http*) # tsig is a URL echo -n "Downloading tsig.key from '${TSIG}'..." if command -v wget -q "${TSIG}" -O /dev/null > /dev/null 2>&1 then rm -f /etc/dehydrated/tsig.key wget -q "${TSIG}" -O /etc/dehydrated/tsig.key chmod 0600 /etc/dehydrated/tsig.key TSIG_FILE="/etc/dehydrated/tsig.key" elif command -v curl -s "${TSIG}" -o /dev/null > /dev/null 2>&1 then rm -f /etc/dehydrated/tsig.key curl -s "${TSIG}" -o /etc/dehydrated/tsig.key chmod 0600 /etc/dehydrated/tsig.key TSIG_FILE="/etc/dehydrated/tsig.key" else echo echo "W: need wget or curl" >&2 fi if [ -n "${TSIG_FILE}" ] then echo " done." fi ;; *:*) # tsig is a string echo "${TSIG}" > /etc/dehydrated/tsig.key chmod 0600 /etc/dehydrated/tsig.key TSIG_FILE="/etc/dehydrated/tsig.key" ;; */*) # tsig is a path TSIG_FILE="${TSIG}" ;; *) echo "'${TSIG}' is neither a valid tsig nor a path to an existing file - ignoring" ;; esac fi if [ -n "${TSIG_FILE}" ] then DEFAULT_FILE="/etc/default/dehydrated-nsupdate" if [ ! -e "${DEFAULT_FILE}" ] then cat > "${DEFAULT_FILE}" << EOF # ${DEFAULT_FILE} TSIG_KEYFILE="${TSIG_FILE}" EOF fi cp -a -f "${DEFAULT_FILE}" "${DEFAULT_FILE}.tmp" # If the admin deleted or commented some variables but then set # them via debconf, (re-)add them to the config file. test -z "${TSIG_FILE}" || \ grep -Eq '^ *TSIG_KEYFILE=' "${DEFAULT_FILE}" || \ echo "TSIG_KEYFILE=" >> "${DEFAULT_FILE}" sed -e "s|^ *TSIG_KEYFILE=.*|TSIG_KEYFILE=\"${TSIG_FILE}\"|" \ < "${DEFAULT_FILE}" > "${DEFAULT_FILE}.tmp" mv -f "${DEFAULT_FILE}.tmp" "${DEFAULT_FILE}" fi case "${REGISTER}" in true) dehydrated --register --accept-terms ;; esac case "${RUN}" in true) dehydrated --cron --keep-going ;; esac ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`${1}'" >&2 exit 1 ;; esac #DEBHELPER# exit 0