#!/bin/sh set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package # $1 = version of the package being upgraded. install() { if [ -f /etc/default/epoptes ]; then . /etc/default/epoptes || true fi SOCKET_GROUP=${SOCKET_GROUP:-epoptes} if ! getent group "$SOCKET_GROUP" >/dev/null; then addgroup --system "$SOCKET_GROUP" fi if ! [ -f /etc/epoptes/server.key ] || ! [ -f /etc/epoptes/server.crt ] then # openssl leaves an .rnd file causing a lintian warning (bug #750099). tmphome=$(mktemp -d) # Generate a certificate that is valid since the Epoch, # to work around wrong dates on clients with CMOS battery issues. # faketime fails on launchpad, so also try without it. HOME=$tmphome faketime '1970-01-01 00:00:00 UTC' \ openssl req -batch -x509 -nodes \ -newkey rsa:4096 -days $(($(date --utc +%s) / 86400 + 3652)) \ -keyout /etc/epoptes/server.key -out /etc/epoptes/server.crt || HOME=$tmphome openssl req -batch -x509 -nodes \ -newkey rsa:4096 -days $(($(date --utc +%s) / 86400 + 3652)) \ -keyout /etc/epoptes/server.key -out /etc/epoptes/server.crt rm -rf "$tmphome" chmod 600 /etc/epoptes/server.key echo ' A new OpenSSL certificate has been generated for epoptes. Please ensure that you transfer /etc/epoptes/server.crt to your clients by issuing `epoptes-client -c` from your regular workstations or from your LTSP chroots.' >&2 fi } case "$1" in configure) install "$2" ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0