Package: dovecot Version: 1.0.rc1-1 Severity: wishlist Tags: patch Hi!
In an effort to clean up the SSL certificate mess on Ubuntu servers, we recently converted all our supported Server packages to make use of the ssl-cert package instead of creating a package-specific self-signed SSL certificate. This allows admins to easily replace the certificate with a 'real' one without touching dozens of configuration files, and also provides a consistent setup out of the box. dovecot was one of these packages. I think this is interesting for Debian, too, so I send you the patch. Do you consider adopting this? If not, feel free to just close this bug. Thank you, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
--- dovecot-1.0.rc1/debian/control +++ dovecot-1.0.rc1/debian/control @@ -8,7 +8,7 @@ Package: dovecot-common Architecture: any -Depends: ${shlibs:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser +Depends: ${shlibs:Depends}, libpam-runtime (>= 0.76-13.1), openssl, adduser, ssl-cert (>= 1.0.12) Replaces: dovecot Description: secure mail server that supports mbox and maildir mailboxes Dovecot is a mail server whose major goals are security and extreme diff -u dovecot-1.0.rc1/debian/patches/00list dovecot-1.0.rc1/debian/patches/00list --- dovecot-1.0.rc1/debian/patches/00list +++ dovecot-1.0.rc1/debian/patches/00list @@ -5,0 +6 @@ +ssl-cert-snakeoil --- dovecot-1.0.rc1/debian/dovecot-common.postinst +++ dovecot-1.0.rc1/debian/dovecot-common.postinst @@ -19,8 +19,8 @@ ## SSL Certs # Certs and key file - SSL_CERT=$( (egrep -s "^[^#]*ssl_cert_file" /etc/dovecot/dovecot.conf || echo '/etc/ssl/certs/dovecot.pem') | cut -d'=' -f2) - SSL_KEY=$( (grep -s "^[^#]*ssl_key_file" /etc/dovecot/dovecot.conf || echo '/etc/ssl/private/dovecot.pem') | cut -d'=' -f2) + SSL_CERT=$( (grep "ssl_cert_file" /etc/dovecot/dovecot.conf || echo '/etc/ssl/certs/dovecot.pem') | cut -d'=' -f2) + SSL_KEY=$( (grep "ssl_key_file" /etc/dovecot/dovecot.conf || echo '/etc/ssl/private/dovecot.pem') | cut -d'=' -f2) # Generate new certs if needed if [ -f $SSL_CERT ] && [ -f $SSL_KEY ]; then only in patch2: unchanged: --- dovecot-1.0.rc1.orig/debian/patches/ssl-cert-snakeoil.dpatch +++ dovecot-1.0.rc1/debian/patches/ssl-cert-snakeoil.dpatch @@ -0,0 +1,35 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## ssl-cert-snakeoil.dpatch by <[EMAIL PROTECTED]> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + [EMAIL PROTECTED]@ +diff -urNad dovecot-1.0.beta3~/dovecot-example.conf dovecot-1.0.beta3/dovecot-example.conf +--- dovecot-1.0.beta3~/dovecot-example.conf 2006-04-04 11:40:15.000000000 +0200 ++++ dovecot-1.0.beta3/dovecot-example.conf 2006-04-04 11:40:16.000000000 +0200 +@@ -37,8 +37,8 @@ + # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before + # dropping root privileges, so keep the key file unreadable by anyone but + # root. +-#ssl_cert_file = /etc/ssl/certs/dovecot.pem +-#ssl_key_file = /etc/ssl/private/dovecot.pem ++#ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem ++#ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key + + # If key file is password protected, give the password here. Alternatively + # give it when starting dovecot with -p parameter. +diff -urNad dovecot-1.0.beta3~/src/master/master-settings.c dovecot-1.0.beta3/src/master/master-settings.c +--- dovecot-1.0.beta3~/src/master/master-settings.c 2006-02-02 22:15:30.000000000 +0100 ++++ dovecot-1.0.beta3/src/master/master-settings.c 2006-04-04 11:40:45.000000000 +0200 +@@ -262,8 +262,8 @@ + + MEMBER(ssl_disable) FALSE, + MEMBER(ssl_ca_file) NULL, +- MEMBER(ssl_cert_file) SSLDIR"/certs/dovecot.pem", +- MEMBER(ssl_key_file) SSLDIR"/private/dovecot.pem", ++ MEMBER(ssl_cert_file) SSLDIR"/certs/ssl-cert-snakeoil.pem", ++ MEMBER(ssl_key_file) SSLDIR"/private/ssl-cert-snakeoil.key", + MEMBER(ssl_key_password) NULL, + MEMBER(ssl_parameters_regenerate) 168, + MEMBER(ssl_cipher_list) NULL,
signature.asc
Description: Digital signature