/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to debian/mandos.postinst

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 03:50:20 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 370.
  • Revision ID: teddy@recompile.se-20190210035020-nttr1tybgwwixueu
http://bugs.debian.org/879538
http://bugs.debian.org/916673
Show debconf note about new TLS key IDs

If mandos-client did not see TLS keys and had to create them, or if
mandos sees GnuTLS version 3.6.6 or later, show an important notice on
package installation about the importance of adding the new key_id
options to clients.conf on the Mandos server.

* debian/control (Package: mandos, Package: mandos-client): Depend on
                                                            debconf.
* debian/mandos-client.lintian-overrides: Override warnings.
* debian/mandos-client.postinst (create_keys): Show notice if new TLS
                                               key files were created.
* debian/mandos-client.templates: New.
* debian/mandos.lintian-overrides: Override warnings.
* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
                                      detected, show an important
                                      notice (once) about the new
                                      key_id option required in
                                      clients.conf.
* debian/mandos.templates: New.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/mandos.postinst
50
50
                invoke-rc.d mandos start
51
51
            fi
52
52
        fi
53
 
        # Reload D-Bus daemon to be aware of the _mandos user & group
54
 
        if [ -x /etc/init.d/dbus ]; then
55
 
            invoke-rc.d dbus force-reload || :
56
 
        fi
57
53
        if ! dpkg-statoverride --list "/var/lib/mandos" >/dev/null \
58
54
             2>&1; then
59
55
            chown _mandos:_mandos /var/lib/mandos
60
56
            chmod u=rwx,go= /var/lib/mandos
61
57
        fi
62
58
 
63
 
        if dpkg --compare-versions "$2" eq "1.8.0-1" \
64
 
                || dpkg --compare-versions "$2" eq "1.8.0-1~bpo9+1"; then
65
 
            if grep --quiet --regexp='^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$' /etc/mandos/clients.conf; then
66
 
                sed --in-place \
67
 
                    --expression='/^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$/d' \
68
 
                    /etc/mandos/clients.conf
69
 
                invoke-rc.d mandos restart
70
 
                db_version 2.0
71
 
                db_fset mandos/removed_bad_key_ids seen false
72
 
                db_reset mandos/removed_bad_key_ids
73
 
                db_input critical mandos/removed_bad_key_ids || true
74
 
                db_go
75
 
                db_stop
76
 
            fi
77
 
        fi
78
 
 
79
59
        gnutls_version=$(dpkg-query --showformat='${Version}' \
80
60
                                    --show libgnutls30 \
81
61
                                    2>/dev/null || :)