/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to debian/mandos.postinst

  • Committer: Teddy Hogeborn
  • Date: 2019-02-10 03:50:20 UTC
  • Revision ID: teddy@recompile.se-20190210035020-nttr1tybgwwixueu
http://bugs.debian.org/879538
http://bugs.debian.org/916673
Show debconf note about new TLS key IDs

If mandos-client did not see TLS keys and had to create them, or if
mandos sees GnuTLS version 3.6.6 or later, show an important notice on
package installation about the importance of adding the new key_id
options to clients.conf on the Mandos server.

* debian/control (Package: mandos, Package: mandos-client): Depend on
                                                            debconf.
* debian/mandos-client.lintian-overrides: Override warnings.
* debian/mandos-client.postinst (create_keys): Show notice if new TLS
                                               key files were created.
* debian/mandos-client.templates: New.
* debian/mandos.lintian-overrides: Override warnings.
* debian/mandos.postinst (configure): If GnuTLS 3.6.6 or later is
                                      detected, show an important
                                      notice (once) about the new
                                      key_id option required in
                                      clients.conf.
* debian/mandos.templates: New.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/mandos.postinst
27
27
                *:Mandos\ password\ system,,,:/nonexistent:/bin/false)
28
28
                    usermod --login _mandos mandos
29
29
                    groupmod --new-name _mandos mandos
30
 
                    # Reload D-Bus daemon to be aware of the _mandos
31
 
                    # user & group
32
 
                    if [ -x /etc/init.d/dbus ]; then
33
 
                        invoke-rc.d dbus force-reload || :
34
 
                    fi
35
30
                    ;;
36
31
            esac
37
32
        fi
41
36
                --home /nonexistent --no-create-home --group \
42
37
                --disabled-password --gecos "Mandos password system" \
43
38
                _mandos
44
 
            # Reload D-Bus daemon to be aware of the _mandos user &
45
 
            # group
46
 
            if [ -x /etc/init.d/dbus ]; then
47
 
                invoke-rc.d dbus force-reload || :
48
 
            fi
49
39
        elif dpkg --compare-versions "$2" eq 1.7.4-1 \
50
40
                || dpkg --compare-versions "$2" eq "1.7.4-1~bpo8+1"
51
41
        then
66
56
            chmod u=rwx,go= /var/lib/mandos
67
57
        fi
68
58
 
69
 
        if dpkg --compare-versions "$2" eq "1.8.0-1" \
70
 
                || dpkg --compare-versions "$2" eq "1.8.0-1~bpo9+1"; then
71
 
            if grep --quiet --regexp='^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$' /etc/mandos/clients.conf; then
72
 
                sed --in-place \
73
 
                    --expression='/^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$/d' \
74
 
                    /etc/mandos/clients.conf
75
 
                invoke-rc.d mandos restart
76
 
                db_version 2.0
77
 
                db_fset mandos/removed_bad_key_ids seen false
78
 
                db_reset mandos/removed_bad_key_ids
79
 
                db_input critical mandos/removed_bad_key_ids || true
80
 
                db_go
81
 
                db_stop
82
 
            fi
83
 
        fi
84
 
 
85
59
        gnutls_version=$(dpkg-query --showformat='${Version}' \
86
60
                                    --show libgnutls30 \
87
61
                                    2>/dev/null || :)