[arch-commits] Commit in imap/trunk (PKGBUILD imap.install)
Levente Polyak
anthraxx at archlinux.org
Tue Nov 28 03:35:16 UTC 2017
Date: Tuesday, November 28, 2017 @ 03:35:15
Author: anthraxx
Revision: 311052
upgpkg: imap 2007f-9 (generate certs per host during install)
- old modified certs will be preserved as .pacsave
- forces creation of new certs as they are renamed
- raised to rsa-4096
Added:
imap/trunk/imap.install
Modified:
imap/trunk/PKGBUILD
--------------+
PKGBUILD | 32 ++++----------------------------
imap.install | 40 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+), 28 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-11-27 19:31:19 UTC (rev 311051)
+++ PKGBUILD 2017-11-28 03:35:15 UTC (rev 311052)
@@ -3,7 +3,7 @@
pkgbase=imap
pkgname=(imap c-client)
pkgver=2007f
-pkgrel=8
+pkgrel=9
arch=('x86_64')
license=('APACHE')
url="http://www.washington.edu/imap"
@@ -36,29 +36,8 @@
cd $srcdir/$pkgbase-$pkgver
# NOTE: if you wish to enforce SSL, use SSLTYPE=unix.nopwd
- yes "y" | make lnp EXTRAAUTHENTICATORS=gss PASSWDTYPE=pam SPECIALAUTHENTICATORS=ssl SSLTYPE=unix EXTRACFLAGS="${CFLAGS} -fPIC -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lpam"
+ yes "y" | make lnp EXTRAAUTHENTICATORS=gss PASSWDTYPE=pam SPECIALAUTHENTICATORS=ssl SSLTYPE=unix EXTRACFLAGS="${CFLAGS} -fPIC -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lpam" EXTRALDFLAGS="${LDFLAGS}"
- # create ssl certs for secure imap
- for i in imapd ipop3d; do
- PEM1=$srcdir/pem1
- PEM2=$srcdir/pem2
- /usr/bin/openssl req -newkey rsa:1024 -keyout $PEM1 \
- -nodes -x509 -days 365 -out $PEM2 << EOF
---
-SomeState
-SomeCity
-SomeOrganization
-SomeOrganizationalUnit
-localhost.localdomain
-root at localhost.localdomain
-EOF
-
- cat $PEM1 > ${i}.pem
- echo "" >> ${i}.pem
- cat $PEM2 >> ${i}.pem
- rm $PEM1 $PEM2
- umask 022
- done
}
package_imap() {
@@ -66,7 +45,8 @@
depends=('c-client')
provides=('imap-server' 'pop3-server')
conflicts=('courier-mta' 'courier-imap')
- backup=(etc/xinetd.d/{imap,ipop2,ipop3} etc/ssl/certs/{imapd,ipop3d}.pem)
+ backup=(etc/xinetd.d/{imap,ipop2,ipop3})
+ install=imap.install
cd $srcdir/$pkgbase-$pkgver
install -d $pkgdir/usr/bin
@@ -74,10 +54,6 @@
install -D -m755 ipopd/ipop2d $pkgdir/usr/bin/ipop2d
install -D -m755 ipopd/ipop3d $pkgdir/usr/bin/ipop3d
- # install certs
- install -D -m600 imapd.pem $pkgdir/etc/ssl/certs/imapd.pem
- install -D -m600 ipop3d.pem $pkgdir/etc/ssl/certs/ipop3d.pem
-
# install xinetd.d configs
install -D -m644 ../imap $pkgdir/etc/xinetd.d/imap
install -D -m644 ../ipop2 $pkgdir/etc/xinetd.d/ipop2
Added: imap.install
===================================================================
--- imap.install (rev 0)
+++ imap.install 2017-11-28 03:35:15 UTC (rev 311052)
@@ -0,0 +1,40 @@
+post_install() {
+ if [ ! -e /etc/ssl/certs/imapd.pem ]; then
+ generate_certificate imapd
+ fi
+ if [ ! -e /etc/ssl/certs/ipop3d.pem ]; then
+ generate_certificate ipop3d
+ fi
+}
+
+post_upgrade() {
+ post_install
+}
+
+generate_certificate() {
+ t=$1
+ echo -n "Generating $t certificate..."
+
+ umask 077
+ tmpdir=$(mktemp -d)
+ PEM1="$tmpdir/$t.pem1"
+ PEM2="$tmpdir/$t.pem2"
+ cert="$tmpdir/$t.pem"
+ /usr/bin/openssl req -newkey rsa:4096 -keyout "$PEM1" \
+ -nodes -x509 -days 365 -out "$PEM2" >/dev/null 2>&1 << EOF
+--
+SomeState
+SomeCity
+SomeOrganization
+SomeOrganizationalUnit
+localhost.localdomain
+root at localhost.localdomain
+EOF
+
+ cat "$PEM1" > "$cert"
+ echo "" >> "$cert"
+ cat "$PEM2" >> "$cert"
+ install -Dm 600 "$cert" -t /etc/ssl/certs
+ rm -rf "$tmpdir"
+ echo "done."
+}
More information about the arch-commits
mailing list