From f25b1a9a55fd9e61b19d073fe8426cc2aac3c0ef Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 5 Apr 2013 19:10:24 +0000 Subject: Whack build environment with a club to get rpki-ca package to start up properly after install on Ubuntu. Some cleanup still required, rpki-ca cron stuff isn't done yet, and GUI has not yet been tested with this, but daemons now start up properly upon install as an Ubuntu user would expect, which is some kind of progress. svn path=/trunk/; revision=5283 --- buildtools/debian-skeleton/rpki-ca.install | 2 +- buildtools/debian-skeleton/rpki-ca.postinst | 46 +++++++++++++++++++++++---- buildtools/debian-skeleton/rpki-ca.postrm | 48 +++++++++++++++++++++++++++++ buildtools/debian-skeleton/rpki-ca.prerm | 48 +++++++++++++++++++++++++++++ 4 files changed, 137 insertions(+), 7 deletions(-) create mode 100644 buildtools/debian-skeleton/rpki-ca.postrm create mode 100644 buildtools/debian-skeleton/rpki-ca.prerm (limited to 'buildtools/debian-skeleton') diff --git a/buildtools/debian-skeleton/rpki-ca.install b/buildtools/debian-skeleton/rpki-ca.install index 2a68ddb3..bf926af0 100644 --- a/buildtools/debian-skeleton/rpki-ca.install +++ b/buildtools/debian-skeleton/rpki-ca.install @@ -1,4 +1,4 @@ -etc/rpki.conf.sample +etc/rpki/rpki-confgen.xml etc/rpki/apache.conf usr/lib usr/sbin diff --git a/buildtools/debian-skeleton/rpki-ca.postinst b/buildtools/debian-skeleton/rpki-ca.postinst index 68daa7b7..8b93c2bd 100644 --- a/buildtools/debian-skeleton/rpki-ca.postinst +++ b/buildtools/debian-skeleton/rpki-ca.postinst @@ -20,7 +20,7 @@ setup_rpkid_group() { } setup_apache() { - # edit existing file + # Edit existing file f=/etc/apache2/sites-available/default-ssl conf=/etc/rpki/apache.conf cmd=no @@ -53,15 +53,46 @@ setup_apache() { fi } -setup_django() { - # we can't perform automatic upgrade when rpki.conf isn't present - if test -f /etc/rpki.conf +setup_rpki_conf() { + # Update /etc/rpki.conf.sample for this system, and copy it to + # /etc/rpki.conf if no configuration file exists yet. + + # We don't (yet) have the ability to merge in settings from an + # existing rpki.conf, so we generate a new secret_key and a new + # SQL password every time, but that's harmless so long as we're + # careful not to overwrite an existing configuration. + + mysql_passwd=`python -c 'import random, string; print "".join(random.choice(string.uppercase + string.lowercase + string.digits) for _ in xrange(16))'` + secret_key=`python -c 'import random, string; print "".join(random.choice(string.uppercase + string.lowercase + string.digits) for _ in xrange(50))'` + + rpki-confgen --read-xml /etc/rpki/rpki-confgen.xml \ + --autoconf \ + --set myrpki::handle=`hostname -f | sed 's/[.]/_/g'` \ + --set myrpki::rpkid_server_host=`hostname -f` \ + --set myrpki::pubd_server_host=`hostname -f` \ + --set myrpki::shared_sql_password="$mysql_passwd" \ + --set web_portal::secret-key="$secret_key" \ + --write-conf /etc/rpki.conf.sample + + if test ! -f /etc/rpki.conf then - rpki-manage syncdb - rpki-manage migrate app + cp -p /etc/rpki.conf.sample /etc/rpki.conf fi } +setup_mysql() { + rpki-sql-setup --missing_only --mysql_defaults /etc/mysql/debian.cnf +} + +setup_bpki() { + rpkic initialize_server_bpki +} + +setup_django() { + rpki-manage syncdb --noinput + rpki-manage migrate app +} + setup_cron() { t=$(hexdump -n 1 -e '"%u"' /dev/urandom) && echo "$(($t % 60)) */2 * * * nobody /usr/share/rpki/routeviews.sh" > /etc/cron.d/rpkigui-routeviews chmod 644 /etc/cron.d/rpkigui-routeviews @@ -86,6 +117,9 @@ case "$1" in setup_rpkid_group setup_rpkid_user setup_apache + setup_rpki_conf + setup_mysql + setup_bpki setup_django setup_cron ;; diff --git a/buildtools/debian-skeleton/rpki-ca.postrm b/buildtools/debian-skeleton/rpki-ca.postrm new file mode 100644 index 00000000..14c14dab --- /dev/null +++ b/buildtools/debian-skeleton/rpki-ca.postrm @@ -0,0 +1,48 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + + purge) + + # If we had an rpki-purge-sql script, we might call it here to + # whack the SQL databases before we whack the configuration + # file that tells us what their names and passwords are. Then + # again, we might not. + + rm -f /etc/rpki.conf /etc/rpki.conf.sample + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/buildtools/debian-skeleton/rpki-ca.prerm b/buildtools/debian-skeleton/rpki-ca.prerm new file mode 100644 index 00000000..5b83de2f --- /dev/null +++ b/buildtools/debian-skeleton/rpki-ca.prerm @@ -0,0 +1,48 @@ +#!/bin/sh +# prerm script for rpki-ca +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove) + rm -f /usr/share/rpki/ca.cer + rm -f /usr/share/rpki/irbe.cer + rm -f /usr/share/rpki/irdbd.cer + rm -f /usr/share/rpki/pubd.cer + rm -f /usr/share/rpki/pubd.key + rm -f /usr/share/rpki/rpkid.cer + rm -f /usr/share/rpki/rpkid.key + ;; + + upgrade|deconfigure) + ;; + + failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 -- cgit v1.2.3