/mandos/release

« back to all changes in this revision

Viewing changes to debian/mandos-client.postinst

• browse files at revision 376
• compare with another revision
• download diff
• download tarball
• view history from revision 376

• reverse the comparison (376 to 237.7.512)
• stop comparing with revision 237.7.512

Show diffs side-by-side

added

removed

debian/mandos-client.postinst

15

15

# If prerm fails during replacement due to conflict:

16

16

#       <postinst> abort-remove in-favour <new-package> <version>

17

17

 

 

18

. /usr/share/debconf/confmodule

 

19

 

18

20

set -e

19

21

 

20

22

# Update the initial RAM file system image

61

63

        return 0

62

64

    fi

63

65

 

 

66

    # Remove any bad TLS keys by 1.8.0-1

 

67

    if dpkg --compare-versions "$2" eq "1.8.0-1" \

 

68

       || dpkg --compare-versions "$2" eq "1.8.0-1~bpo9+1"; then

 

69

        # Is the key bad?

 

70

        if ! certtool --password='' \

 

71

             --load-privkey=/etc/keys/mandos/tls-privkey.pem \

 

72

             --outfile=/dev/null --pubkey-info --no-text \

 

73

             2>/dev/null; then

 

74

            shred --remove -- /etc/keys/mandos/tls-privkey.pem \

 

75

                  2>/dev/null || :

 

76

            rm --force -- /etc/keys/mandos/tls-pubkey.pem

 

77

        fi

 

78

    fi

 

79

 

64

80

    # If the TLS keys already exists, do nothing

65

81

    if [ -r /etc/keys/mandos/tls-privkey.pem \

66

82

            -a -r /etc/keys/mandos/tls-pubkey.pem ]; then

67

83

        return 0

68

84

    fi

69

85

 

70

 

    # If this is an upgrade from an old installation, the TLS keys

71

 

    # will not exist; create them.

72

 

 

73

 

    # First try certtool from GnuTLS

74

 

    if ! certtool --generate-privkey --password='' \

75

 

         --outfile /etc/keys/mandos/tls-privkey.pem \

76

 

         --sec-param ultra --key-type=ed25519 --pkcs8 --no-text \

77

 

         2>/dev/null; then

78

 

        # Otherwise try OpenSSL

79

 

        if ! openssl genpkey -algorithm X25519 \

80

 

             -out /etc/keys/mandos/tls-privkey.pem; then

81

 

            rm --force /etc/keys/mandos/tls-privkey.pem

82

 

            # None of the commands succeded; give up

83

 

            return 1

84

 

        fi

85

 

    fi

86

 

 

87

 

    local umask=$(umask)

88

 

    umask 077

89

 

    # First try certtool from GnuTLS

90

 

    if ! certtool --password='' \

91

 

         --load-privkey=/etc/keys/mandos/tls-privkey.pem \

92

 

         --outfile=/etc/keys/mandos/tls-pubkey.pem --pubkey-info \

93

 

         --no-text 2>/dev/null; then

94

 

        # Otherwise try OpenSSL

95

 

        if ! openssl pkey -in /etc/keys/mandos/tls-privkey.pem \

96

 

             -out /etc/keys/mandos/tls-pubkey.pem -pubout; then

97

 

            rm --force /etc/keys/mandos/tls-pubkey.pem

98

 

            # None of the commands succeded; give up

99

 

            umask $umask

100

 

            return 1

101

 

        fi

102

 

    fi

103

 

    umask $umask

 

86

    # Try to create the TLS keys

 

87

 

 

88

    TLS_PRIVKEYTMP="`mktemp -t mandos-client-privkey.XXXXXXXXXX`"

 

89

 

 

90

    if certtool --generate-privkey --password='' \

 

91

                --outfile "$TLS_PRIVKEYTMP" --sec-param ultra \

 

92

                --key-type=ed25519 --pkcs8 --no-text 2>/dev/null; then

 

93

 

 

94

        local umask=$(umask)

 

95

        umask 077

 

96

        cp --archive "$TLS_PRIVKEYTMP" /etc/keys/mandos/tls-privkey.pem

 

97

        shred --remove -- "$TLS_PRIVKEYTMP" 2>/dev/null || :

 

98

 

 

99

        # First try certtool from GnuTLS

 

100

        if ! certtool --password='' \

 

101

             --load-privkey=/etc/keys/mandos/tls-privkey.pem \

 

102

             --outfile=/etc/keys/mandos/tls-pubkey.pem --pubkey-info \

 

103

             --no-text 2>/dev/null; then

 

104

            # Otherwise try OpenSSL

 

105

            if ! openssl pkey -in /etc/keys/mandos/tls-privkey.pem \

 

106

                 -out /etc/keys/mandos/tls-pubkey.pem -pubout; then

 

107

                rm --force /etc/keys/mandos/tls-pubkey.pem

 

108

                # None of the commands succeded; give up

 

109

                umask $umask

 

110

                return 1

 

111

            fi

 

112

        fi

 

113

        umask $umask

 

114

 

 

115

        key_id=$(mandos-keygen --passfile=/dev/null \

 

116

                     | grep --regexp="^key_id[ =]")

 

117

 

 

118

        db_version 2.0

 

119

        db_fset mandos-client/key_id seen false

 

120

        db_reset mandos-client/key_id

 

121

        db_subst mandos-client/key_id key_id $key_id

 

122

        db_input critical mandos-client/key_id || true

 

123

        db_go

 

124

        db_stop

 

125

    else

 

126

        shred --remove -- "$TLS_PRIVKEYTMP" 2>/dev/null || :

 

127

    fi

104

128

}

105

129

 

106

130

create_dh_params(){

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0