Package: dovecot Version: 1.0.rc1-1 Severity: wishlist Tags: patch Hi!
In an effort to clean up the SSL certificate mess on Ubuntu servers, we recently converted all our supported Server packages to make use of the ssl-cert package instead of creating a package-specific self-signed SSL certificate. This allows admins to easily replace the certificate with a 'real' one without touching dozens of configuration files, and also provides a consistent setup out of the box. dovecot was one of these packages. I think this is interesting for Debian, too, so I send you the patch. Do you consider adopting this? If not, feel free to just close this bug. Thank you, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
--- dovecot-1.0.rc1/debian/control
+++ dovecot-1.0.rc1/debian/control
@@ -8,7 +8,7 @@
Package: dovecot-common
Architecture: any
-Depends: ${shlibs:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser
+Depends: ${shlibs:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser,
ssl-cert (>= 1.0.12)
Replaces: dovecot
Description: secure mail server that supports mbox and maildir mailboxes
Dovecot is a mail server whose major goals are security and extreme
diff -u dovecot-1.0.rc1/debian/patches/00list
dovecot-1.0.rc1/debian/patches/00list
--- dovecot-1.0.rc1/debian/patches/00list
+++ dovecot-1.0.rc1/debian/patches/00list
@@ -5,0 +6 @@
+ssl-cert-snakeoil
--- dovecot-1.0.rc1/debian/dovecot-common.postinst
+++ dovecot-1.0.rc1/debian/dovecot-common.postinst
@@ -19,8 +19,8 @@
## SSL Certs
# Certs and key file
- SSL_CERT=$( (egrep -s "^[^#]*ssl_cert_file" /etc/dovecot/dovecot.conf ||
echo '/etc/ssl/certs/dovecot.pem') | cut -d'=' -f2)
- SSL_KEY=$( (grep -s "^[^#]*ssl_key_file" /etc/dovecot/dovecot.conf || echo
'/etc/ssl/private/dovecot.pem') | cut -d'=' -f2)
+ SSL_CERT=$( (grep "ssl_cert_file" /etc/dovecot/dovecot.conf || echo
'/etc/ssl/certs/dovecot.pem') | cut -d'=' -f2)
+ SSL_KEY=$( (grep "ssl_key_file" /etc/dovecot/dovecot.conf || echo
'/etc/ssl/private/dovecot.pem') | cut -d'=' -f2)
# Generate new certs if needed
if [ -f $SSL_CERT ] && [ -f $SSL_KEY ]; then
only in patch2:
unchanged:
--- dovecot-1.0.rc1.orig/debian/patches/ssl-cert-snakeoil.dpatch
+++ dovecot-1.0.rc1/debian/patches/ssl-cert-snakeoil.dpatch
@@ -0,0 +1,35 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## ssl-cert-snakeoil.dpatch by <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad dovecot-1.0.beta3~/dovecot-example.conf
dovecot-1.0.beta3/dovecot-example.conf
+--- dovecot-1.0.beta3~/dovecot-example.conf 2006-04-04 11:40:15.000000000
+0200
++++ dovecot-1.0.beta3/dovecot-example.conf 2006-04-04 11:40:16.000000000
+0200
+@@ -37,8 +37,8 @@
+ # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+ # dropping root privileges, so keep the key file unreadable by anyone but
+ # root.
+-#ssl_cert_file = /etc/ssl/certs/dovecot.pem
+-#ssl_key_file = /etc/ssl/private/dovecot.pem
++#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
++#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # If key file is password protected, give the password here. Alternatively
+ # give it when starting dovecot with -p parameter.
+diff -urNad dovecot-1.0.beta3~/src/master/master-settings.c
dovecot-1.0.beta3/src/master/master-settings.c
+--- dovecot-1.0.beta3~/src/master/master-settings.c 2006-02-02
22:15:30.000000000 +0100
++++ dovecot-1.0.beta3/src/master/master-settings.c 2006-04-04
11:40:45.000000000 +0200
+@@ -262,8 +262,8 @@
+
+ MEMBER(ssl_disable) FALSE,
+ MEMBER(ssl_ca_file) NULL,
+- MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem",
+- MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem",
++ MEMBER(ssl_cert_file) SSLDIR"/certs/ssl-cert-snakeoil.pem",
++ MEMBER(ssl_key_file) SSLDIR"/private/ssl-cert-snakeoil.key",
+ MEMBER(ssl_key_password) NULL,
+ MEMBER(ssl_parameters_regenerate) 168,
+ MEMBER(ssl_cipher_list) NULL,
signature.asc
Description: Digital signature
