- if (/^\w*?ssl_cert/) {
- say 'ssl_cert = <$OLD_SSL_CERT'
+ if (m|^\w*?ssl_cert\s*=\s*<$OLD_SSL_CERT|) {
+ say 'ssl_cert = <$SSL_CERT'
}
- elsif (/^\w*?ssl_key/) {
- say 'ssl_key = <$OLD_SSL_KEY'
+ elsif (m|^\w*?ssl_key\s*=\s*<$OLD_SSL_KEY|) {
+ say 'ssl_key = <$SSL_KEY'
If I'm following the logic correctly then that would change to $SSL_CERT
and $SSL_KEY while these will never be generated.
And I'm still trying to figure out why that whole block of code exists..
Here is what I came up with, if this seems to make sense and is
considered as a patch, *please do proofread and test it, I did no such
thing on my end.*
The assumption being made is that current config works, and if it
doesn't then it's not our business to attempt to fix it - it was broken
and will remain broken for reasons beyond the scope of a package
installation. And as for the recommendation to move the certificates, I
can't see why we should try to actually do it for the user automatically.
--- postinst.old 2012-12-30 23:44:27.537179984 -0500
+++ postinst 2012-12-31 00:41:22.250090217 -0500
@@ -119,8 +119,8 @@ if [ "$1" = "configure" ]; then
## SSL Certs
# Certs and key file
- OLD_SSL_CERT="/etc/ssl/certs/dovecot.pem"
- OLD_SSL_KEY="/etc/ssl/private/dovecot.pem"
+ OLD_SSL_CERT=$(perl -ne 'print $1 and exit if m/^\s*ssl_cert+\s*=\s*<(\S+)/' /etc/dovecot/conf.d/10-ssl.conf)
+ OLD_SSL_KEY=$(perl -ne 'print $1 and exit if m/^\s*ssl_key+\s*=\s*<(\S+)/' /etc/dovecot/conf.d/10-ssl.conf)
SSL_CERT="/etc/dovecot/dovecot.pem"
SSL_KEY="/etc/dovecot/private/dovecot.pem"
@@ -128,24 +128,15 @@ if [ "$1" = "configure" ]; then
install -d -o root -g root -m0700 /etc/dovecot/private
fi
- if [ -e $OLD_SSL_CERT ] || [ -e $OLD_SSL_KEY ]; then
+ if [ "$OLD_SSL_CERT" = "$SSL_CERT" ] && [ -e $SSL_CERT ] && [ "$OLD_SSL_KEY" = "$SSL_KEY" ] && [ -e $SSL_KEY ]; then
+ echo "You already have ssl certs for dovecot."
+ elif ([ -n $OLD_SSL_CERT ] && [ -e $OLD_SSL_CERT ]) || ([ -n $OLD_SSL_KEY ] && [ -e $OLD_SSL_KEY ]); then
echo "You already have ssl certs for dovecot."
echo "However you should move them out of /etc/ssl"
echo "and into /etc/dovecot and update the configuration"
echo "in /etc/dovecot/conf.d/10-ssl.conf accordingly."
echo "See /usr/share/doc/dovecot-core/NEWS.Debian.gz for details."
- perl -i -nE "
- if (/^\w*?ssl_cert/) {
- say 'ssl_cert = <$OLD_SSL_CERT'
- }
- elsif (/^\w*?ssl_key/) {
- say 'ssl_key = <$OLD_SSL_KEY'
- } else {
- print;
- }" /etc/dovecot/conf.d/10-ssl.conf
# Generate new certs if needed
- elif [ -e $SSL_CERT ] || [ -e $SSL_KEY ]; then
- echo "You already have ssl certs for dovecot."
else
echo "Creating generic self-signed certificate: $SSL_CERT"
echo "This certificate will expire in 10 years."
