[debian-edu-commits] debian-edu/ 01/01: Adjust IMAP SSL/TLS configuration now that dovecot uses snakeoil certs.
Wolfgang Schweer
schweer-guest at moszumanska.debian.org
Wed Nov 22 15:14:37 UTC 2017
This is an automated email from the git hooks/post-receive script.
schweer-guest pushed a commit to branch master
in repository debian-edu-config.
commit 882334bd06d41768b215c1318eca32e7cdd03f37
Author: Wolfgang Schweer <wschweer at arcor.de>
Date: Wed Nov 22 16:12:41 2017 +0100
Adjust IMAP SSL/TLS configuration now that dovecot uses snakeoil certs.
Keeping the existing setup breaks default openssl-snakeoil certs, so
- remove share/debian-edu-config/tools/debian-edu-dovecot-create-cert,
- remove script call from cf/cf.imap,
- reflect changes in Makefile and d/debian-edu-config.postinst.
---
Makefile | 1 -
cf/cf.imap | 3 ---
debian/changelog | 10 ++++++++
debian/debian-edu-config.postinst | 5 ++++
.../tools/debian-edu-dovecot-create-cert | 29 ----------------------
5 files changed, 15 insertions(+), 33 deletions(-)
diff --git a/Makefile b/Makefile
index 142e3a3..c4b3b4d 100644
--- a/Makefile
+++ b/Makefile
@@ -389,7 +389,6 @@ install: install-testsuite
share/debian-edu-config/tools/update-chromium-homepage \
share/debian-edu-config/tools/update-proxy-from-wpad \
share/debian-edu-config/tools/wpad-extract \
- share/debian-edu-config/tools/debian-edu-dovecot-create-cert \
share/debian-edu-config/tools/ldap-server-getcert \
share/debian-edu-config/tools/exim4-create-cert \
share/debian-edu-config/tools/exim4-create-environment \
diff --git a/cf/cf.imap b/cf/cf.imap
index 47c1560..56fd94a 100644
--- a/cf/cf.imap
+++ b/cf/cf.imap
@@ -6,6 +6,3 @@ shellcommands:
# warning message: ,,This message goes away after the first successful login.''
"/usr/bin/touch /var/lib/dovecot/auth-success"
- # create dovecot ssl certificate because dovecot-core stopped doing it
- # (Bug #772163).
- "/usr/share/debian-edu-config/tools/debian-edu-dovecot-create-cert"
diff --git a/debian/changelog b/debian/changelog
index 3c3258d..601596b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+debian-edu-config (1.938) UNRELEASED; urgency=medium
+
+ * Adjust IMAP SSL/TLS configuration now that dovecot uses snakeoil certs.
+ Keeping the existing setup breaks default openssl-snakeoil certs, so
+ - remove share/debian-edu-config/tools/debian-edu-dovecot-create-cert,
+ - remove script call from cf/cf.imap,
+ - reflect changes in Makefile and d/debian-edu-config.postinst.
+
+ -- Wolfgang Schweer <wschweer at arcor.de> Wed, 22 Nov 2017 16:06:59 +0100
+
debian-edu-config (1.937) unstable; urgency=medium
[ Wolfgang Schweer ]
diff --git a/debian/debian-edu-config.postinst b/debian/debian-edu-config.postinst
index a074538..c5e9cbd 100644
--- a/debian/debian-edu-config.postinst
+++ b/debian/debian-edu-config.postinst
@@ -131,6 +131,11 @@ configure)
rm /etc/asound.conf
fi
+ if dpkg --compare-versions "$2" le "1.937" && \
+ [ -f /usr/ share/debian-edu-config/tools/debian-edu-dovecot-create-cert] ; then
+ rm /usr/share/debian-edu-config/tools/debian-edu-dovecot-create-cert
+ fi
+
if dpkg --compare-versions "$2" le "1.929" && dpkg --compare-versions "$2" ge "1.926" && \
egrep -q "(Main-Server)" /etc/debian-edu/config ; then
rm /etc/apache2/mods-available/userdir.load
diff --git a/share/debian-edu-config/tools/debian-edu-dovecot-create-cert b/share/debian-edu-config/tools/debian-edu-dovecot-create-cert
deleted file mode 100755
index 37b95de..0000000
--- a/share/debian-edu-config/tools/debian-edu-dovecot-create-cert
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-#
-# Create a self-signed certificate for dovecot.
-# Based upon a script from debian-lan-config by Andreas B. Mundt.
-#
-
-set -e
-
-TEMPLATE="/usr/share/ssl-cert/ssleay.cnf"
-HostName="postoffice.intern"
-
-## Create dovecot certificate:
-CERT="/etc/dovecot/dovecot.pem"
-KEY="/etc/dovecot/private/dovecot.pem"
-CONF="/etc/dovecot/dovecot.cnf"
-
-if [ ! -f $CONF ] ; then
- sed -e s#@HostName@#"$HostName"# $TEMPLATE > $CONF
- echo "subjectAltName=DNS:$HostName,DNS:postoffice.intern" >> $CONF
- openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT -keyout $KEY
- chmod 640 $KEY $CERT $CONF
- chown root:dovecot $KEY $CERT
- ## Switch on SSL:
- sed -i -e "s/^ssl = no/ssl = yes/" \
- -e "s/^#ssl_cert =/ssl_cert =/" \
- -e "s/^#ssl_key =/ssl_key =/" /etc/dovecot/conf.d/10-ssl.conf
-else
- echo "$CONF exists, nothing done!"
-fi
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git
More information about the debian-edu-commits
mailing list