diff options
| author | Lee Starnes <lee@canned-death.us> | 2020-05-06 00:53:22 +0000 |
|---|---|---|
| committer | A. Wilcox <awilcox@wilcox-tech.com> | 2020-05-06 00:53:22 +0000 |
| commit | ed2e5d142804bd69d296c39c6b861b8401718469 (patch) | |
| tree | b8ece634ba552bad49e2d395bbb89d3430c5a028 /user/dovecot/dovecot.post-install | |
| parent | 7d6a83dbf478235cc84f3cdbd0d1ccb82c8514a1 (diff) | |
| download | packages-ed2e5d142804bd69d296c39c6b861b8401718469.tar.gz packages-ed2e5d142804bd69d296c39c6b861b8401718469.tar.bz2 packages-ed2e5d142804bd69d296c39c6b861b8401718469.tar.xz packages-ed2e5d142804bd69d296c39c6b861b8401718469.zip | |
user/dovecot: review fixes
- move default SSL key and cert stuff to a patch
- use auth-system.conf instead of auth-passwdfile.conf because we have PAM
- explain manual removal of *.la
- other Adelification fixes
Diffstat (limited to 'user/dovecot/dovecot.post-install')
| -rw-r--r-- | user/dovecot/dovecot.post-install | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/user/dovecot/dovecot.post-install b/user/dovecot/dovecot.post-install new file mode 100644 index 000000000..eb70cdece --- /dev/null +++ b/user/dovecot/dovecot.post-install @@ -0,0 +1,45 @@ +#!/bin/sh + +# based on doc/mkcert.sh + +# if ssl disabled then lets just exit +doveconf ssl 2>/dev/null | grep -Eq '(yes|required)' || exit 0 +# Generates a self-signed certificate. + +OPENSSL=${OPENSSL-openssl} +SSLDIR=${SSLDIR-/etc/ssl/dovecot} +OPENSSLCONFIG=${OPENSSLCONFIG-/etc/dovecot/dovecot-openssl.cnf} + +CERTDIR=$SSLDIR +KEYDIR=$SSLDIR + +# check if we have ssl_cert and/or key (for dovecot-2.0+) +# try expand the cert/key itself and if found, lets just keep it +[ -n "$(doveconf -x ssl_cert 2>/dev/null)" ] && exit 0 +[ -n "$(doveconf -x ssl_key 2>/dev/null)" ] && exit 0 + +ssl_cert_file=$(doveconf ssl_cert | sed 's/.*= <//') +ssl_key_file=$(doveconf ssl_key | sed 's/.*= <//') + +CERTFILE=${ssl_cert_file:-$CERTDIR/server.pem} +KEYFILE=${ssl_key_file:-$KEYDIR/server.key} + +if [ -e "$CERTFILE" ]; then + echo "Keeping existing $CERTFILE" + exit 0 +fi + +if [ -e "$KEYFILE" ]; then + echo "Keeping existing $KEYFILE" + exit 0 +fi + +if [ ! -c /dev/urandom ] && [ ! -c /dev/random ]; then + echo "No /dev/urandom or /dev/random so ssl cert not created" + exit 1 +fi + +$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 +chmod 0600 $KEYFILE +echo +$OPENSSL x509 -subject -fingerprint -noout -in $CERTFILE || exit 2 |