[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, master, updated. debian/0.10-3-g9b1791f

Andreas B. Mundt andi at debian.org
Mon May 6 17:46:01 UTC 2013 

The following commit has been merged in the master branch:
commit 9b1791f0f4cd91231eb8aed16f59e362c47621a8
Author: Andreas B. Mundt <andi at debian.org>
Date:   Mon May 6 15:01:27 2013 +0200

    Create certificate for dovecot and replace the default one.
    
    The certificate created by dovecot during installation is replaced by
    a certificate including 'subjectAltName=*'.

diff --git a/fai/config/scripts/MAIL_SERVER/30-certs b/fai/config/scripts/MAIL_SERVER/30-certs
index cc7d072..7235276 100755
--- a/fai/config/scripts/MAIL_SERVER/30-certs
+++ b/fai/config/scripts/MAIL_SERVER/30-certs
@@ -1,30 +1,45 @@
 #!/bin/bash
 #
-# Create a self-signed certificate for exim4 and switch on TLS.
+# Switch on TLS for exim.
+# Create a self-signed certificate for exim4 and dovecot.
 #
 
 set -e
 
+TEMPLATE="${target}/usr/share/ssl-cert/ssleay.cnf"
+HostName="${HOSTNAME}.intern"
+
 ## Activate TLS for exim:
 FILE=/etc/exim4/conf.d/main/000_localmacros
 ainsl -a $FILE "MAIN_TLS_ENABLE = yes"
 
-## Create certificate:
+## Create exim certificate:
 CERT="/etc/exim4/exim.crt"
 KEY="/etc/exim4/exim.key"
 CONF="/etc/exim4/exim.cnf"
-TEMPLATE="${target}/usr/share/ssl-cert/ssleay.cnf"
-HostName="${HOSTNAME}.intern"
 
-if [ -f $target/$CERT ] && [ -f $target/$KEY ]; then
-  echo "$CERT and $KEY exists, exiting!"
-  exit 0
+if [ ! -f $target/$CERT ] || [ ! -f $target/$KEY ]; then
+    sed -e s#@HostName@#"$HostName"# $TEMPLATE > ${target}/$CONF
+    echo "subjectAltName=DNS:$HostName,DNS:mail.intern" >> ${target}/$CONF
+    $ROOTCMD openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT -keyout $KEY
+    $ROOTCMD chmod 640 $KEY $CERT $CONF
+    $ROOTCMD chown root:Debian-exim $KEY $CERT
+else
+    echo "$CERT and $KEY exists, nothing done!"
 fi
 
-sed -e s#@HostName@#"$HostName"# $TEMPLATE > ${target}/$CONF
-echo "subjectAltName=DNS:$HostName,DNS:mail.intern" >> ${target}/$CONF
 
-$ROOTCMD openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT -keyout $KEY
+## Create dovecot certificate:
+CERT="/etc/dovecot/dovecot.pem"
+KEY="/etc/dovecot/private/dovecot.pem"
+CONF="/etc/dovecot/dovecot.cnf"
 
-$ROOTCMD chmod 640 $KEY $CERT $CONF
-$ROOTCMD chown root:Debian-exim $KEY $CERT
+if [ ! -f ${target}/$CONF ] ; then
+    sed -e s#@HostName@#"$HostName"# $TEMPLATE > ${target}/$CONF
+    echo "subjectAltName=DNS:$HostName,DNS:mail.intern" >> ${target}/$CONF
+    $ROOTCMD openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT -keyout $KEY
+    $ROOTCMD chmod 640 $KEY $CERT $CONF
+    $ROOTCMD chown root:dovecot $KEY $CERT
+else
+    echo "${target}/$CONF exists, nothing done!"
+fi

-- 
Debian-LAN development and packaging

More information about the debian-lan-devel mailing list