Package: dovecot
Version: 1.0.rc1-1
Severity: wishlist
Tags: patch

Hi!

In an effort to clean up the SSL certificate mess on Ubuntu servers, we
recently converted all our supported Server packages to make use of
the ssl-cert package instead of creating a package-specific
self-signed SSL certificate. This allows admins to easily replace the
certificate with a 'real' one without touching dozens of configuration
files, and also provides a consistent setup out of the box.

dovecot was one of these packages. I think this is interesting for
Debian, too, so I send you the patch.

Do you consider adopting this? If not, feel free to just close this
bug.

Thank you,

Martin
-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?
--- dovecot-1.0.rc1/debian/control
+++ dovecot-1.0.rc1/debian/control
@@ -8,7 +8,7 @@
 
 Package: dovecot-common
 Architecture: any
-Depends: ${shlibs:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser
+Depends: ${shlibs:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser, 
ssl-cert (>= 1.0.12)
 Replaces: dovecot
 Description: secure mail server that supports mbox and maildir mailboxes
  Dovecot is a mail server whose major goals are security and extreme
diff -u dovecot-1.0.rc1/debian/patches/00list 
dovecot-1.0.rc1/debian/patches/00list
--- dovecot-1.0.rc1/debian/patches/00list
+++ dovecot-1.0.rc1/debian/patches/00list
@@ -5,0 +6 @@
+ssl-cert-snakeoil
--- dovecot-1.0.rc1/debian/dovecot-common.postinst
+++ dovecot-1.0.rc1/debian/dovecot-common.postinst
@@ -19,8 +19,8 @@
   
   ## SSL Certs
   # Certs and key file
-  SSL_CERT=$( (egrep -s "^[^#]*ssl_cert_file" /etc/dovecot/dovecot.conf  || 
echo '/etc/ssl/certs/dovecot.pem') | cut -d'=' -f2)
-  SSL_KEY=$( (grep -s "^[^#]*ssl_key_file" /etc/dovecot/dovecot.conf || echo 
'/etc/ssl/private/dovecot.pem') | cut -d'=' -f2)
+  SSL_CERT=$( (grep "ssl_cert_file" /etc/dovecot/dovecot.conf  || echo 
'/etc/ssl/certs/dovecot.pem') | cut -d'=' -f2)
+  SSL_KEY=$( (grep "ssl_key_file" /etc/dovecot/dovecot.conf || echo 
'/etc/ssl/private/dovecot.pem') | cut -d'=' -f2)
   
   # Generate new certs if needed
   if [ -f $SSL_CERT ] && [ -f $SSL_KEY ]; then
only in patch2:
unchanged:
--- dovecot-1.0.rc1.orig/debian/patches/ssl-cert-snakeoil.dpatch
+++ dovecot-1.0.rc1/debian/patches/ssl-cert-snakeoil.dpatch
@@ -0,0 +1,35 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## ssl-cert-snakeoil.dpatch by  <[EMAIL PROTECTED]>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
[EMAIL PROTECTED]@
+diff -urNad dovecot-1.0.beta3~/dovecot-example.conf 
dovecot-1.0.beta3/dovecot-example.conf
+--- dovecot-1.0.beta3~/dovecot-example.conf    2006-04-04 11:40:15.000000000 
+0200
++++ dovecot-1.0.beta3/dovecot-example.conf     2006-04-04 11:40:16.000000000 
+0200
+@@ -37,8 +37,8 @@
+ # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
+ # dropping root privileges, so keep the key file unreadable by anyone but
+ # root.
+-#ssl_cert_file = /etc/ssl/certs/dovecot.pem
+-#ssl_key_file = /etc/ssl/private/dovecot.pem
++#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
++#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
+ 
+ # If key file is password protected, give the password here. Alternatively
+ # give it when starting dovecot with -p parameter.
+diff -urNad dovecot-1.0.beta3~/src/master/master-settings.c 
dovecot-1.0.beta3/src/master/master-settings.c
+--- dovecot-1.0.beta3~/src/master/master-settings.c    2006-02-02 
22:15:30.000000000 +0100
++++ dovecot-1.0.beta3/src/master/master-settings.c     2006-04-04 
11:40:45.000000000 +0200
+@@ -262,8 +262,8 @@
+ 
+       MEMBER(ssl_disable) FALSE,
+       MEMBER(ssl_ca_file) NULL,
+-      MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem",
+-      MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem",
++      MEMBER(ssl_cert_file) SSLDIR"/certs/ssl-cert-snakeoil.pem",
++      MEMBER(ssl_key_file) SSLDIR"/private/ssl-cert-snakeoil.key",
+       MEMBER(ssl_key_password) NULL,
+       MEMBER(ssl_parameters_regenerate) 168,
+       MEMBER(ssl_cipher_list) NULL,

Attachment: signature.asc
Description: Digital signature

Reply via email to