aboutsummaryrefslogtreecommitdiffstats
path: root/main/dovecot/dovecot.post-install
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2010-07-01 08:34:04 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2010-07-01 08:34:04 +0000
commitc90d42990d2db190884cec32ca3f58dcd680af3f (patch)
tree57a1eec8fbc843aa1bbf7913990468d50975932e /main/dovecot/dovecot.post-install
parent2da022a8f0642c8990ba999256fc8b9ccada29f2 (diff)
downloadaports-c90d42990d2db190884cec32ca3f58dcd680af3f.tar.gz
aports-c90d42990d2db190884cec32ca3f58dcd680af3f.tar.bz2
aports-c90d42990d2db190884cec32ca3f58dcd680af3f.tar.xz
main/dovecot: parse dovecot.conf to find the cert/key in post-install
also check that we have /dev/urandom or /dev/random. Those might not exist if dovecot is installed with --root
Diffstat (limited to 'main/dovecot/dovecot.post-install')
-rw-r--r--main/dovecot/dovecot.post-install19
1 files changed, 16 insertions, 3 deletions
diff --git a/main/dovecot/dovecot.post-install b/main/dovecot/dovecot.post-install
index a7cccddfd8..e57deb48b5 100644
--- a/main/dovecot/dovecot.post-install
+++ b/main/dovecot/dovecot.post-install
@@ -3,7 +3,6 @@
# based on doc/mkcert.sh
# Generates a self-signed certificate.
-# Edit dovecot-openssl.cnf before running this.
OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl/dovecot}
@@ -12,8 +11,17 @@ OPENSSLCONFIG=${OPENSSLCONFIG-/etc/dovecot/dovecot-openssl.cnf}
CERTDIR=$SSLDIR
KEYDIR=$SSLDIR
-CERTFILE=$CERTDIR/server.pem
-KEYFILE=$KEYDIR/server.key
+# parse cert and key file from dovecot.conf
+dovecot_conf=/etc/dovecot/dovecot.conf
+ssl_cert_file=
+ssl_key_file=
+if [ -r "$dovecot_conf" ]; then
+ ssl_cert_file=$(awk -F'[[:space:]*=[[:space:]]*' '/^ssl_cert_file/ { print $2}' $dovecot_conf)
+ ssl_cert_file=$(awk -F'[[:space:]*=[[:space:]]*' '/^ssl_key_file/ { print $2}' $dovecot_conf)
+fi
+
+CERTFILE=${ssl_cert_file:-$CERTDIR/server.pem}
+KEYFILE=${ssl_key_file:-KEYDIR/server.key}
if [ -e "$CERTFILE" ]; then
echo "Keeiping existing $CERTFILE"
@@ -25,6 +33,11 @@ if [ -e "$KEYFILE" ]; then
exit 0
fi
+if [ ! -c /dev/urandom ] && [ ! -c /dev/random ]; then
+ echo "No /dev/urandom or /dev/random so ssl cert not created"
+ exit 1
+fi
+
$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
chmod 0600 $KEYFILE
echo