X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fpostinst;h=9d8f3ce461d043aaf35a197894345657c5e58896;hb=2b68c779de205d3c4e0b6aaafd6445c2b7b1a7c5;hp=bbd264c17b3544364e70b2ad1ed7313f0b901b15;hpb=668a2ea39a23b44f1dfd13c4eaaa6fdca36a7b9d;p=proftpd-cn.git

diff --git a/debian/postinst b/debian/postinst
index bbd264c..9d8f3ce 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -1,100 +1,77 @@
 #!/bin/sh
-# postinst script for proftpd-cn
-#
-# see: dh_installdeb(1)
 
 set -e
 
-# summary of how this script can be called:
-#        * <postinst> `configure' <most-recently-configured-version>
-#        * <old-postinst> `abort-upgrade' <new version>
-#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-#          <new-version>
-#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-#          <failed-install-package> <version> `removing'
-#          <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-#
-
-case "$1" in
-    configure|reconfigure)
-      # continue below
-    ;;
-
-    *)
-        exit 0
-    ;;
-esac
+[ "$1" = "configure" ] || exit 0
+[ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
 
 # created:     2002-11-15 Bozo Juretic <bjuretic@srce.hr>
 # last update: 2007-05-14 Zoran Dzelajlija <zoran.dzelajlija@carnet.hr>
-# last update: 2007-10-27 Dinko Korunic <kreator@carnet.hr>
+# last update: 2011-04-24 Dinko Korunic <kreator@carnet.hr>
 
-# Source debconf library.
-. /usr/share/debconf/confmodule
-
-# Import CN toolsa
+# Load CARNet Tools
 . /usr/share/carnet-tools/functions.sh
 
+# Load Debconf
+#. /usr/share/debconf/confmodule
+
 FTP_CONF=/etc/proftpd/proftpd.conf
 FTP_TMP=`mktemp /etc/proftpd/proftpd.conf.XXXXXX`
 FTP_OLD=/var/backups/proftpd.conf.bak
-SSL_CERT=/etc/ssl/certs/ftpd-rsa.pem
-SSL_KEY=/etc/ssl/certs/ftpd-rsa-key.pem
+SSL_CERT=/etc/ssl/certs/ftpd.pem
+SSL_KEY=/etc/ssl/private/ftpd.pem
 
 # Backup stare konfiguracije
 cp_backup_conffile $FTP_CONF
 cp -p $FTP_CONF $FTP_TMP
 
 # Onemogucavanje Anonymous ftp pristupa
-disable_anonymous()
-{
-    if grep -qi "^<Anonymous" $FTP_TMP; then
-    	echo "CN: Anonymous access has been disabled in $FTP_CONF." 
-     	# Brisanje Anonymous linija
-    	sed -n -i -e '/<Anonymous /,/\/Anon/!p' $FTP_TMP
-    fi
+disable_anonymous() {
+  if grep -qi "^<Anonymous" $FTP_TMP; then
+    echo "CN: Anonymous access has been disabled in $FTP_CONF." 
+    # Brisanje Anonymous linija
+    sed -n -i -e '/<Anonymous /,/\/Anon/!p' $FTP_TMP
+  fi
 }
 
 # Popravi razne stvari u confu
-fix_conf()
-{
-    if [ -f $FTP_TMP ]; then
-        # Stare list opcije
-    	sed -i -e 's/lsdefaultoptions/ListOptions/i' $FTP_TMP 
-
-        # Stari tcpwin
-        sed -i -e "s/tcpreceivewindow/SocketOptions rcvbuf/i" \
-            -e "s/tcpsendwindow/SocketOptions sndbuf/i" $FTP_TMP
-
-        # Scoreboard
-        sed -i -e "s/\(scoreboardpath.*\)/#\n#ScoreboardPath is deprecated in 1.2.9, use ScoreboardFile instead\n#\1\n#\n#ScoreboardFile\t\/var\/run\/proftpd\/proftpd.scoreboard\n#/i" $FTP_TMP
-
-        # Ubaci pravi hostname
-        CARNET_HOSTNAME=`hostname`
-        CARNET_DOMAINNAME=`hostname --domain`
-	    sed -i -e "s/^ServerName.*\"Debian\"/ServerName \"$CARNET_HOSTNAME.$CARNET_DOMAINNAME\"/i" $FTP_TMP 
-
-        # Upali DelayEngine
-        sed -i -e 's/^#.*DelayEngine.*/DelayEngine on/i' $FTP_TMP
-
-        # Omoguci da bude standalone servis
-        sed -i -e 's/^\(ServerType.*\)inetd/\1standalone/' $FTP_TMP
-        update-inetd --disable ftp || true
-        db_set shared/proftpd/inetd_or_standalone "standalone"
-        db_go || true
-        db_stop
-    fi
+fix_conf() {
+  if [ -f $FTP_TMP ]; then
+    # Stare list opcije
+    sed -i -e 's/lsdefaultoptions/ListOptions/i' $FTP_TMP 
+
+    # Stari tcpwin
+    sed -i -e "s/tcpreceivewindow/SocketOptions rcvbuf/i" \
+           -e "s/tcpsendwindow/SocketOptions sndbuf/i" $FTP_TMP
+
+    # Scoreboard
+    sed -i -e "s/\(scoreboardpath.*\)/#\n#ScoreboardPath is deprecated in 1.2.9, use ScoreboardFile instead\n#\1\n#\n#ScoreboardFile\t\/var\/run\/proftpd\/proftpd.scoreboard\n#/i" $FTP_TMP
+
+    # Ubaci pravi hostname
+    CARNET_HOSTNAME=`hostname`
+    CARNET_DOMAINNAME=`hostname --domain`
+    sed -i -e "s/^ServerName.*\"Debian\"/ServerName \"$CARNET_HOSTNAME.$CARNET_DOMAINNAME\"/i" $FTP_TMP 
+
+    # Upali DelayEngine
+    sed -i -e 's/^#.*DelayEngine.*/DelayEngine on/i' $FTP_TMP
+
+    # Omoguci da bude standalone servis
+    sed -i -e 's/^\(ServerType.*\)inetd/\1standalone/' $FTP_TMP
+    update-inetd --disable ftp || true
+    #db_set shared/proftpd/inetd_or_standalone "standalone"
+    #db_go || true
+    #db_stop
+  fi
 }
 
 # Dodaj TLS konfiguraciju ako je potrebna
-add_tls()
-{
-    if [ -f $FTP_TMP ]; then
-        cp-update proftpd-cn $FTP_TMP <<EOF
+add_tls() {
+  if [ -f $FTP_TMP ]; then
+    cp-update proftpd-cn $FTP_TMP <<EOF
 <IfModule mod_tls.c>
   TLSEngine on
+  TLSLog /var/log/proftpd/tls.log
+  TLSProtocol SSLv23
 
   # Are clients required to use FTP over TLS when talking to this server?
   TLSRequired off
@@ -117,69 +94,72 @@ add_tls()
   TLSRenegotiate required off
 </IfModule>
 EOF
-    fi
+  fi
 }
 
 # include za slucaj da sistemac nije prihvatio izmjene od Debiana
-include_modules()
-{
-    if [ -f $FTP_TMP ] ; then
-        if ! egrep -qi "^[[:space:]]*Include.*/etc/proftpd/modules.conf" $FTP_TMP ; then
-            printf "#\n# Includes required DSO modules. This is mandatory in proftpd 1.3\n#\nInclude\t/etc/proftpd/modules.conf\n\n" >$FTP_TMP.tmp.$$
-            cat $FTP_TMP >>$FTP_TMP.tmp.$$
-            mv -f $FTP_TMP.tmp.$$ $FTP_TMP
-        fi
+include_modules() {
+  if [ -f $FTP_TMP ] ; then
+    if ! egrep -qi "^[[:space:]]*Include.*/etc/proftpd/modules.conf" $FTP_TMP ; then
+      printf "#\n# Includes required DSO modules. This is mandatory in proftpd 1.3\n#\nInclude\t/etc/proftpd/modules.conf\n\n" >$FTP_TMP.tmp.$$
+      cat $FTP_TMP >>$FTP_TMP.tmp.$$
+      cp_mv $FTP_TMP.tmp.$$ $FTP_TMP
     fi
+  fi
 }
 
 # Generiranje SSL certifikata
-make_ssl_cert()
-{
-    if [ ! -f $SSL_CERT ] ; then
-        cd $(dirname $SSL_CERT)
-        echo "CN: Generating SSL certificate ... "
-        openssl req -new -x509 -days 365 -nodes -out $(basename $SSL_CERT) -keyout $(basename $SSL_KEY)
-        echo "CN: Self-signed SSL certificate generated in $SSL_CERT."
-        echo "CN: Please note that the certificate will expire in one year."
-    fi
+make_ssl_cert() {
+  if [ \( ! -f $SSL_CERT \) -o \( ! -f $SSL_KEY \) ] ; then
+    echo "CN: Generating SSL certificate... "
+    HOSTNAME=`hostname -s`
+    FQDN=`hostname -f`
+    MAILNAME=`cat /etc/mailname 2> /dev/null || hostname -f`
+    (openssl req -new -x509 -days 365 -nodes -out $SSL_CERT -keyout $SSL_KEY >/dev/null 2>&1 <<EOF
+.
+.
+.
+FTP server
+$hostname.$domainname
+$fqdn
+root@$mailname
+EOF
+)
+    echo "CN: Self-signed SSL certificate generated in $SSL_CERT."
+    echo "CN: Please note that the certificate will expire in one year."
+  fi
 }
 
 # purge starog proftpd-common paketa bi napravio rusvaj
-defuse_old_postrm()
-{
-    if [ -f /var/lib/dpkg/info/proftpd-common.postrm ]; then
-        cp_check_and_sed '^[^#]*(update-rc.d|update-inetd|/var/run/proftpd)' \
-            '/update-rc.d/d; /update-inetd/d; /var\/run\/proftpd/d' \
-            /var/lib/dpkg/info/proftpd-common.postrm || true
-    fi
+defuse_old_postrm() {
+  if [ -f /var/lib/dpkg/info/proftpd-common.postrm ]; then
+    cp_check_and_sed '^[^#]*(update-rc.d|update-inetd|/var/run/proftpd)' \
+                     '/update-rc.d/d; /update-inetd/d; /var\/run\/proftpd/d' \
+                     /var/lib/dpkg/info/proftpd-common.postrm || true
+  fi
 }
 
 defuse_old_postrm
 disable_anonymous
+make_ssl_cert
 fix_conf
 add_tls
 include_modules
-make_ssl_cert
 
 if [ -z "$2" ]; then
-	echo "CN: Proftpd-cn is configured with disabled anonymous FTP access,"
-	echo "CN: for the security reasons."
+  echo "CN: Proftpd-cn is configured with disabled anonymous FTP access,"
+  echo "CN: for the security reasons."
 fi
 
 if ! cmp -s $FTP_TMP $FTP_CONF; then
-	echo "CN: Original configuration file is saved in $FTP_OLD."
-	cp_mv $FTP_TMP $FTP_CONF
+  echo "CN: Original configuration file is saved in $FTP_OLD."
+  cp_mv $FTP_TMP $FTP_CONF
 else
-	rm -f $FTP_TMP
+  rm -f $FTP_TMP
 fi
 
-echo "CN: Restarting proftpd ..."
-
-if [ -x /usr/sbin/invoke-rc.d ]; then
-	invoke-rc.d proftpd restart
-else
-	/etc/init.d/proftpd restart
-fi
+echo "CN: Restarting proftpd..."
+service proftpd restart
 
 # dh_installdeb will replace this with shell code automatically
 # generated by other debhelper scripts.