[pkg-remote-commits] [xrdp] 02/03: Generate X509 keys in postinst.

Dominik George natureshadow-guest at moszumanska.debian.org
Sun Jan 1 11:41:58 UTC 2017


This is an automated email from the git hooks/post-receive script.

natureshadow-guest pushed a commit to branch master
in repository xrdp.

commit 08617c7bdbc86797b2ca3856664fdda246713f03
Author: Dominik George <nik at naturalnet.de>
Date:   Sun Jan 1 12:13:25 2017 +0100

    Generate X509 keys in postinst.
---
 debian/control       |  1 +
 debian/xrdp.postinst | 12 ++++++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/debian/control b/debian/control
index 85484ce..a67a636 100644
--- a/debian/control
+++ b/debian/control
@@ -38,6 +38,7 @@ Architecture: any
 Depends:
  adduser,
  lsb-base (>= 3.0-6),
+ openssl,
  ${misc:Depends},
  ${shlibs:Depends},
 Recommends:
diff --git a/debian/xrdp.postinst b/debian/xrdp.postinst
index cbfce10..b38c876 100644
--- a/debian/xrdp.postinst
+++ b/debian/xrdp.postinst
@@ -38,13 +38,21 @@ configure)
 		rm -f /etc/xrdp/rsakeys.ini
 	fi
 
-	# generate a (512-bit, but that doesn't matter here
-	# because the RDP4 crypto is MITMable anyway)
+	# Generate snakeoil RDP security keys
 	test -e /etc/xrdp/rsakeys.ini || (
 		umask 077
 		xrdp-keygen xrdp auto
 		chown xrdp /etc/xrdp/rsakeys.ini
 	)
+
+	# Generate snakeoil X509 certificate and key
+	test -e /etc/xrdp/cert.pem || (
+		umask 077
+		cd /etc/xrdp
+		openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
+		chown xrdp cert.pem key.pem
+	)
+
 	;;
 
 abort-upgrade|abort-remove|abort-deconfigure)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-remote/xrdp.git



More information about the pkg-remote-commits mailing list