Commit 5d6d30bc authored by Natanael Copa's avatar Natanael Copa

main/dovecot: parse dovecot.conf to find the cert/key in post-install

also check that we have /dev/urandom or /dev/random. Those might not
exist if dovecot is installed with --root
(cherry picked from commit c90d4299)
parent f3ed664c
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=dovecot
pkgver=1.2.12
pkgrel=0
pkgrel=1
pkgdesc="IMAP and POP3 server"
url="http://www.dovecot.org/"
license="LGPL-2.1"
......
......@@ -3,7 +3,6 @@
# based on doc/mkcert.sh
# Generates a self-signed certificate.
# Edit dovecot-openssl.cnf before running this.
OPENSSL=${OPENSSL-openssl}
SSLDIR=${SSLDIR-/etc/ssl/dovecot}
......@@ -12,8 +11,17 @@ OPENSSLCONFIG=${OPENSSLCONFIG-/etc/dovecot/dovecot-openssl.cnf}
CERTDIR=$SSLDIR
KEYDIR=$SSLDIR
CERTFILE=$CERTDIR/server.pem
KEYFILE=$KEYDIR/server.key
# parse cert and key file from dovecot.conf
dovecot_conf=/etc/dovecot/dovecot.conf
ssl_cert_file=
ssl_key_file=
if [ -r "$dovecot_conf" ]; then
ssl_cert_file=$(awk -F'[[:space:]*=[[:space:]]*' '/^ssl_cert_file/ { print $2}' $dovecot_conf)
ssl_cert_file=$(awk -F'[[:space:]*=[[:space:]]*' '/^ssl_key_file/ { print $2}' $dovecot_conf)
fi
CERTFILE=${ssl_cert_file:-$CERTDIR/server.pem}
KEYFILE=${ssl_key_file:-KEYDIR/server.key}
if [ -e "$CERTFILE" ]; then
echo "Keeiping existing $CERTFILE"
......@@ -25,6 +33,11 @@ if [ -e "$KEYFILE" ]; then
exit 0
fi
if [ ! -c /dev/urandom ] && [ ! -c /dev/random ]; then
echo "No /dev/urandom or /dev/random so ssl cert not created"
exit 1
fi
$OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2
chmod 0600 $KEYFILE
echo
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment