6 files changed, 157 insertions, 44 deletions
diff --git a/buildtools/build-ubuntu-ports.py b/buildtools/build-ubuntu-ports.py
index e748c86b..bb60af8a 100644
--- a/buildtools/build-ubuntu-ports.py
+++ b/buildtools/build-ubuntu-ports.py
@@ -32,13 +32,14 @@ import os
 
 def usage(status):
     f = sys.stderr if status else sys.stdout
-    f.write("Usage: %s [--debuild]\n" % sys.argv[0])
+    f.write("Usage: %s [--debuild] [--debi]\n" % sys.argv[0])
     sys.exit(status)
 
 debuild = False
+debi    = False
 
 try:
-    opts, argv = getopt.getopt(sys.argv[1:], "-bh?", ["debuild", "help"])
+    opts, argv = getopt.getopt(sys.argv[1:], "-bih?", ["debuild", "debi", "help"])
 except getopt.GetoptError:
     usage(1)
 for o, a in opts:
@@ -46,6 +47,8 @@ for o, a in opts:
         usage(0)
     elif o in ("-b", "--debuild"):
         debuild = not debuild
+    elif o in ("-i", "--debi"):
+        debi = not debi
 if argv:
     usage(1)
 
@@ -69,5 +72,8 @@ subprocess.check_call(("dch", "--create", "--package", "rpki", "--newversion",
                                  TZ       = "UTC",
                                  DEBEMAIL = "APT Builder Robot <aptbot@rpki.net>"))
 
-if debuild:
+if debuild or debi:
     subprocess.check_call(("debuild", "-us", "-uc"))
+
+if debi:
+    subprocess.check_call(("sudo", "debi", "--with-depends"))
diff --git a/buildtools/debian-skeleton/rpki-ca.postinst b/buildtools/debian-skeleton/rpki-ca.postinst
index 35c77cf7..397b879b 100644
--- a/buildtools/debian-skeleton/rpki-ca.postinst
+++ b/buildtools/debian-skeleton/rpki-ca.postinst
@@ -20,33 +20,51 @@ setup_rpkid_group() {
 }
 
 setup_apache() {
-    # Edit existing file
+
+    # Whack our config into existing config file for default SSL
+    # vhost; if you want this to run in a different vhost, you'll have
+    # to do that yourself.
     f=/etc/apache2/sites-available/default-ssl
-    conf=/etc/rpki/apache.conf
     cmd=no
-    if test "$(grep "[^#]*Include $conf" $f 2>/dev/null)" = ""
+    awk < $f > ${f}.tmp '
+	BEGIN {
+	    conf_file = "/etc/rpki/apache.conf";
+	    conf_regexp = "^[ \t]*Include[ \t]+" conf_file "[ \t]*$";
+	    conf_line = "\tInclude " conf_file;
+	}
+	/^[ \t]*<\/VirtualHost>/ {
+	    print conf_line;
+	}
+	$0 !~ conf_regexp {
+	    print;
+	}'
+    if cmp -s $f ${f}.tmp
     then
-        awk < $f > ${f}.tmp -v conf=$conf '
-	    $0 ~ /[^#]*<\/VirtualHost>/ { print "Include", conf }
-            { print }
-	'
+	rm -f ${f}.tmp
+    else
         if test ! -f ${f}.orig
         then
             ln $f ${f}.orig
         fi
-        mv ${f}.tmp $f
+        mv -f ${f}.tmp $f
         cmd=reload
     fi
+
+    # Enable default SSL vhost if necessary.
     if test ! -f /etc/apache2/sites-enabled/default-ssl
     then
         a2ensite default-ssl
         cmd=reload
     fi
+
+    # Enable mod_ssl if necessary.
     if test ! -f /etc/apache2/mods-enabled/ssl.conf
     then
         a2enmod ssl
         cmd=restart
     fi
+
+    # Whack Apache if we've changed anything here.
     if test $cmd != no
     then
         service apache2 $cmd
@@ -81,7 +99,7 @@ setup_rpki_conf() {
 }
 
 setup_mysql() {
-    rpki-sql-setup --missing_only --mysql_defaults /etc/mysql/debian.cnf
+    rpki-sql-setup --mysql_defaults /etc/mysql/debian.cnf
 }
 
 setup_bpki() {
diff --git a/buildtools/debian-skeleton/rpki-ca.postrm b/buildtools/debian-skeleton/rpki-ca.postrm
index 14c14dab..c5e9179a 100644
--- a/buildtools/debian-skeleton/rpki-ca.postrm
+++ b/buildtools/debian-skeleton/rpki-ca.postrm
@@ -22,13 +22,12 @@ set -e
 case "$1" in
 
     purge)
-
-	# If we had an rpki-purge-sql script, we might call it here to
-	# whack the SQL databases before we whack the configuration
-	# file that tells us what their names and passwords are.  Then
-	# again, we might not.
-
-	rm -f /etc/rpki.conf /etc/rpki.conf.sample
+	sql=/etc/rpki/drop_databases.sql
+	if test -f $sql
+	then
+	    mysql --defaults-file=/etc/mysql/debian.cnf --execute "source $sql"
+	fi
+	rm -f /etc/rpki.conf /etc/rpki.conf.sample $sql
     ;;
 
     remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/buildtools/debian-skeleton/rpki-ca.prerm b/buildtools/debian-skeleton/rpki-ca.prerm
index 5b83de2f..6992153a 100644
--- a/buildtools/debian-skeleton/rpki-ca.prerm
+++ b/buildtools/debian-skeleton/rpki-ca.prerm
@@ -26,6 +26,29 @@ case "$1" in
 	rm -f /usr/share/rpki/pubd.key
 	rm -f /usr/share/rpki/rpkid.cer
 	rm -f /usr/share/rpki/rpkid.key
+
+	rpki-sql-setup --mysql_defaults /etc/mysql/debian.cnf --script_purge >/etc/rpki/drop_databases.sql
+
+	f=/etc/apache2/sites-available/default-ssl
+	awk < $f > ${f}.tmp '
+	    BEGIN {
+		conf_file = "/etc/rpki/apache.conf";
+		conf_regexp = "^[ \t]*Include[ \t]+" conf_file "[ \t]*$";
+	    }
+	    $0 !~ conf_regexp {
+		print;
+	    }'
+
+	if cmp -s ${f}.tmp ${f}.orig
+	then
+	    mv -f ${f}.orig $f
+	    rm -f ${f}.tmp
+	else
+	    mv -f ${f}.tmp $f
+	fi
+	# At this point we've cleaned up our config mess.
+	# Not sure whether we should do "service apache2 reload"
+	# here, one could make a case either way.  Skip for now.
 	;;
 
     upgrade|deconfigure)
diff --git a/buildtools/debian-skeleton/rpki-rp.postrm b/buildtools/debian-skeleton/rpki-rp.postrm
new file mode 100644
index 00000000..ad4ed1b9
--- /dev/null
+++ b/buildtools/debian-skeleton/rpki-rp.postrm
@@ -0,0 +1,42 @@
+#!/bin/sh
+# postrm script for #PACKAGE#
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <overwriter>
+#          <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+
+    purge)
+	rm -rf /var/rcynic
+    ;;
+
+    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/rpkid/rpki-sql-setup b/rpkid/rpki-sql-setup
index 01de0822..465e4113 100755
--- a/rpkid/rpki-sql-setup
+++ b/rpkid/rpki-sql-setup
@@ -52,49 +52,74 @@ def sql_setup(name):
   password = cfg.get("sql-password", section = name)
   schema = read_schema(name)
 
-  if missing_only and database in databases:
-    print "Database already present and --missing-only set, skipping \"%s\"" % database
+  if script_purge and database in databases:
+    databases.remove(database)
+    print "DROP DATABASE IF EXISTS %s;" %  database
     return
 
-  print "Creating database", database
   cur = rootdb.cursor()
-  try:
-    cur.execute("DROP DATABASE IF EXISTS %s" %  database)
-  except Exception:
-    pass
-  cur.execute("CREATE DATABASE %s" % database)
-  cur.execute("GRANT ALL ON %s.* TO %s@localhost IDENTIFIED BY %%s" % (database, username), (password,))
+
+  if drop and database in databases:
+    log("Dropping database %s" % database)
+    databases.remove(database)
+    try:
+      cur.execute("DROP DATABASE IF EXISTS %s" %  database)
+    except Exception, e:
+      log("Couldn't drop database %s, blundering onwards: %s" % (database, e))
+
+  if create and database not in databases:
+    log("Creating database %s" % database)
+    cur = rootdb.cursor()
+    cur.execute("CREATE DATABASE %s" % database)
+    cur.execute("GRANT ALL ON %s.* TO %s@localhost IDENTIFIED BY %%s" % (database, username), (password,))
+
   rootdb.commit()
 
-  db = MySQLdb.connect(db = database, user = username, passwd = password)
-  cur = db.cursor()
-  for statement in schema:
-    if statement.upper().startswith("DROP TABLE"):
-      continue
-    if verbose:
-      print "+", statement
-    cur.execute(statement)
-  db.commit()
-  db.close()
+  if create and database not in databases:
+    databases.add(database)
+    db = MySQLdb.connect(db = database, user = username, passwd = password)
+    cur = db.cursor()
+    for statement in schema:
+      if statement.upper().startswith("DROP TABLE"):
+        continue
+      if verbose:
+        log(statement)
+      cur.execute(statement)
+    db.commit()
+    db.close()
+
+def log(text):
+  if verbose:
+    print "#", text
 
 cfg_file = None
 
 verbose = False
 mysql_defaults = None
-missing_only = False
 
-opts, argv = getopt.getopt(sys.argv[1:], "c:hv?", ["config=", "help", "missing_only", "mysql_defaults=", "verbose"])
+drop = False
+create = True
+script_purge = False
+
+opts, argv = getopt.getopt(sys.argv[1:], "c:hv?", ["config=", "help", "missing_only", "mysql_defaults=", "purge", "script_purge", "recreate", "verbose"])
 for o, a in opts:
   if o in ("-h", "--help", "-?"):
     print __doc__
     sys.exit(0)
   if o in ("-v", "--verbose"):
     verbose = True
-  if o in ("-c", "--config"):
+  elif o in ("-c", "--config"):
     cfg_file = a
-  if o == "--missing_only":
-    missing_only = not missing_only
-  if o == "--mysql_defaults":
+  elif o == "--purge":
+    drop = True
+    create = script_purge = False
+  elif o == "--recreate":
+    drop = create = True
+    script_purge = False
+  elif o == "--script_purge":
+    script_purge = True
+    drop = create = False
+  elif o == "--mysql_defaults":
     mysql_defaults = a
 
 cfg = rpki.config.parser(cfg_file, "myrpki")