blob: 08af52e00f0d6fb49563ee97be0b78d63b1bcc24 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
#!/bin/sh
# postinst script for rpki-ca
#
# see: dh_installdeb(1)
set -e
setup_rpkid_user() {
if ! getent passwd rpkid >/dev/null
then
useradd -g rpkid -M -N -d /nonexistent -s /sbin/nologin -c "RPKI certification authority engine(s)" rpkid
fi
}
setup_rpkid_group() {
if ! getent group rpkid >/dev/null
then
groupadd rpkid
fi
}
setup_apache() {
/usr/lib/rpki/rpkigui-apache-conf-gen --debian --install --verbose
}
setup_rpki_conf() {
# Update /etc/rpki.conf.sample for this system, and copy it to
# /etc/rpki.conf if no configuration file exists yet.
# We don't (yet) have the ability to merge in settings from an
# existing rpki.conf, so we generate a new secret_key and a new
# SQL password every time, but that's harmless so long as we're
# careful not to overwrite an existing configuration.
rpki-confgen --read-xml /etc/rpki/rpki-confgen.xml \
--autoconf \
--set myrpki::handle=`hostname -f | sed 's/[.]/_/g'` \
--set myrpki::rpkid_server_host=`hostname -f` \
--set myrpki::pubd_server_host=`hostname -f` \
--pwgen myrpki::shared_sql_password \
--pwgen web_portal::secret-key \
--write-conf /etc/rpki.conf.sample
if test ! -f /etc/rpki.conf
then
cp -p /etc/rpki.conf.sample /etc/rpki.conf
fi
}
setup_mysql() {
rpki-sql-setup --mysql-defaults /etc/mysql/debian.cnf
}
setup_bpki() {
rpkic initialize_server_bpki
}
setup_django() {
rpki-manage syncdb --noinput
rpki-manage migrate app
}
setup_cron() {
t=$(hexdump -n 1 -e '"%u"' /dev/urandom) && echo "$(($t % 60)) */2 * * * nobody /usr/lib/rpki/rpkigui-import-routes" > /etc/cron.d/rpkigui-routeviews
chmod 644 /etc/cron.d/rpkigui-routeviews
ln -sf /usr/lib/rpki/rpkigui-check-expired /etc/cron.daily/rpkigui-check-expired
# This should be user rpkid, but I don't have permissions set up
# properly for that yet. Arguably this should be integrated with
# rpkigui-check-expired anyway, not there yet either.
echo "30 3 * * * root /usr/sbin/rpkic update_bpki" >/etc/cron.d/rpki-update-bpki
chmod 644 /etc/cron.d/rpki-update-bpki
}
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
configure)
setup_rpkid_group
setup_rpkid_user
setup_apache
setup_rpki_conf
setup_mysql
setup_bpki
setup_django
setup_cron
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
|
