On Mon, Oct 20, 2008 at 10:07:58PM +0200, Vincent Bernat wrote: > This bug still happens when upgrading from Etch to Lenny in some case > corner. I set the severity back to grave because: > - I have a patch > - it modifies files in /etc without user approval > > Here is my configuration file: > ssl_cert_file = /etc/ssl/certs/dovecot.pem > ssl_key_file = /etc/ssl/private/dovecot.key > > When upgrading (from Etch to Lenny), I get: > Installing new version of config file /etc/init.d/dovecot ... > Creating generic self-signed certificate: /etc/ssl/certs/dovecot.pem > (replace with hand-crafted or authorized one if needed). > > This overwrites /etc/ssl/certs/dovecot.pem > This creates /etc/ssl/private/dovecot.pem > > Here are the simple steps to reproduce it: > - build an Etch chroot (with pbuilder for me) > - apt-get install dovecot-imapd > - mv /etc/ssl/private/dovecot.pem /etc/ssl/private/dovecot.key > - md5sum /etc/ssl/private/dovecot.key /etc/ssl/certs/dovecot.pem > - in dovecot.conf: > ssl_cert_file = /etc/ssl/certs/dovecot.pem > ssl_key_file = /etc/ssl/private/dovecot.key > - sed -i 's/etch/lenny/g' /etc/apt/sources.list > - apt-get update > - apt-get dist-upgrade > - md5sum /etc/ssl/private/dovecot.key /etc/ssl/certs/dovecot.pem > > -> /etc/ssl/certs/dovecot.pem has been modified. > > I attach a patch to fix this. >
> diff --git a/debian/dovecot-common.postinst b/debian/dovecot-common.postinst > index c49e151..1cb77f9 100644 > --- a/debian/dovecot-common.postinst > +++ b/debian/dovecot-common.postinst > @@ -35,7 +35,7 @@ if [ "$1" = "configure" ]; then > SSL_KEY="/etc/ssl/private/dovecot.pem" > > # Generate new certs if needed > - if [ -e $SSL_CERT ] && [ -e $SSL_KEY ]; then > + if [ -e $SSL_CERT ] || [ -e $SSL_KEY ]; then > echo "You already have ssl certs for dovecot." > else > echo "Creating generic self-signed certificate: $SSL_CERT" Oops. Seems I mistakenly assumed it had been fixed (based on my earlier posts to the bug). In recompense, I offer to NMU this fix; I've also updated the diagnostic warning to more accurate. I will do this this evening unless the maintainer shouts/gets there before me. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
