Whack build environment with a club to get rpki-ca package to start up

properly after install on Ubuntu.  Some cleanup still required,
rpki-ca cron stuff isn't done yet, and GUI has not yet been tested
with this, but daemons now start up properly upon install as an Ubuntu
user would expect, which is some kind of progress.

svn path=/trunk/; revision=5283

4 files changed, 137 insertions, 7 deletions

diff --git a/buildtools/debian-skeleton/rpki-ca.install b/buildtools/debian-skeleton/rpki-ca.install
index 2a68ddb3..bf926af0 100644
--- a/buildtools/debian-skeleton/rpki-ca.install
+++ b/buildtools/debian-skeleton/rpki-ca.install
@@ -1,4 +1,4 @@
-etc/rpki.conf.sample
+etc/rpki/rpki-confgen.xml
 etc/rpki/apache.conf
 usr/lib
 usr/sbin
diff --git a/buildtools/debian-skeleton/rpki-ca.postinst b/buildtools/debian-skeleton/rpki-ca.postinst
index 68daa7b7..8b93c2bd 100644
--- a/buildtools/debian-skeleton/rpki-ca.postinst
+++ b/buildtools/debian-skeleton/rpki-ca.postinst
@@ -20,7 +20,7 @@ setup_rpkid_group() {
 }
 
 setup_apache() {
-    # edit existing file
+    # Edit existing file
     f=/etc/apache2/sites-available/default-ssl
     conf=/etc/rpki/apache.conf
     cmd=no
@@ -53,15 +53,46 @@ setup_apache() {
     fi
 }
 
-setup_django() {
-    # we can't perform automatic upgrade when rpki.conf isn't present
-    if test -f /etc/rpki.conf
+setup_rpki_conf() {
+    # Update /etc/rpki.conf.sample for this system, and copy it to
+    # /etc/rpki.conf if no configuration file exists yet.
+
+    # We don't (yet) have the ability to merge in settings from an
+    # existing rpki.conf, so we generate a new secret_key and a new
+    # SQL password every time, but that's harmless so long as we're
+    # careful not to overwrite an existing configuration.
+
+    mysql_passwd=`python -c 'import random, string; print "".join(random.choice(string.uppercase + string.lowercase + string.digits) for _ in xrange(16))'`
+    secret_key=`python -c 'import random, string; print "".join(random.choice(string.uppercase + string.lowercase + string.digits) for _ in xrange(50))'`
+
+    rpki-confgen --read-xml /etc/rpki/rpki-confgen.xml			\
+	--autoconf							\
+	--set myrpki::handle=`hostname -f | sed 's/[.]/_/g'`		\
+	--set myrpki::rpkid_server_host=`hostname -f`			\
+	--set myrpki::pubd_server_host=`hostname -f`			\
+	--set myrpki::shared_sql_password="$mysql_passwd"		\
+	--set web_portal::secret-key="$secret_key"			\
+	--write-conf /etc/rpki.conf.sample
+
+    if test ! -f /etc/rpki.conf
     then
-	rpki-manage syncdb
-	rpki-manage migrate app
+	cp -p /etc/rpki.conf.sample /etc/rpki.conf
     fi
 }
 
+setup_mysql() {
+    rpki-sql-setup --missing_only --mysql_defaults /etc/mysql/debian.cnf
+}
+
+setup_bpki() {
+    rpkic initialize_server_bpki
+}
+
+setup_django() {
+    rpki-manage syncdb --noinput
+    rpki-manage migrate app
+}
+
 setup_cron() {
     t=$(hexdump -n 1 -e '"%u"' /dev/urandom) && echo "$(($t % 60)) */2 * * * nobody /usr/share/rpki/routeviews.sh" > /etc/cron.d/rpkigui-routeviews
     chmod 644 /etc/cron.d/rpkigui-routeviews
@@ -86,6 +117,9 @@ case "$1" in
 	setup_rpkid_group
 	setup_rpkid_user
 	setup_apache
+	setup_rpki_conf
+	setup_mysql
+	setup_bpki
 	setup_django
 	setup_cron
     ;;
diff --git a/buildtools/debian-skeleton/rpki-ca.postrm b/buildtools/debian-skeleton/rpki-ca.postrm
new file mode 100644
index 00000000..14c14dab
--- /dev/null
+++ b/buildtools/debian-skeleton/rpki-ca.postrm
@@ -0,0 +1,48 @@
+#!/bin/sh
+# postrm script for #PACKAGE#
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <overwriter>
+#          <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+
+    purge)
+
+	# If we had an rpki-purge-sql script, we might call it here to
+	# whack the SQL databases before we whack the configuration
+	# file that tells us what their names and passwords are.  Then
+	# again, we might not.
+
+	rm -f /etc/rpki.conf /etc/rpki.conf.sample
+    ;;
+
+    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/buildtools/debian-skeleton/rpki-ca.prerm b/buildtools/debian-skeleton/rpki-ca.prerm
new file mode 100644
index 00000000..5b83de2f
--- /dev/null
+++ b/buildtools/debian-skeleton/rpki-ca.prerm
@@ -0,0 +1,48 @@
+#!/bin/sh
+# prerm script for rpki-ca
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <prerm> `remove'
+#        * <old-prerm> `upgrade' <new-version>
+#        * <new-prerm> `failed-upgrade' <old-version>
+#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+#        * <deconfigured's-prerm> `deconfigure' `in-favour'
+#          <package-being-installed> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    remove)
+	rm -f /usr/share/rpki/ca.cer
+	rm -f /usr/share/rpki/irbe.cer
+	rm -f /usr/share/rpki/irdbd.cer
+	rm -f /usr/share/rpki/pubd.cer
+	rm -f /usr/share/rpki/pubd.key
+	rm -f /usr/share/rpki/rpkid.cer
+	rm -f /usr/share/rpki/rpkid.key
+	;;
+
+    upgrade|deconfigure)
+    ;;
+
+    failed-upgrade)
+    ;;
+
+    *)
+        echo "prerm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0