X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fpostinst;h=ffcbf7feee0caddc0d1701eb68c4edf1d60bc3bc;hb=refs%2Fheads%2Fwheezy;hp=988e0816b751e76e5e5735a7376a5ff515891a7d;hpb=63ee45aa102917c53d6faa071785f51652f7a21b;p=proftpd-cn.git

diff --git a/debian/postinst b/debian/postinst
index 988e081..ffcbf7f 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -29,7 +29,7 @@ esac
 
 # created:     2002-11-15 Bozo Juretic <bjuretic@srce.hr>
 # last update: 2007-05-14 Zoran Dzelajlija <zoran.dzelajlija@carnet.hr>
-# last update: 2007-10-27 Dinko Korunic <kreator@carnet.hr>
+# last update: 2011-04-24 Dinko Korunic <kreator@carnet.hr>
 
 # Source debconf library.
 . /usr/share/debconf/confmodule
@@ -40,8 +40,8 @@ esac
 FTP_CONF=/etc/proftpd/proftpd.conf
 FTP_TMP=`mktemp /etc/proftpd/proftpd.conf.XXXXXX`
 FTP_OLD=/var/backups/proftpd.conf.bak
-SSL_CERT=/etc/ssl/certs/ftpd-rsa.pem
-SSL_KEY=/etc/ssl/certs/ftpd-rsa-key.pem
+SSL_CERT=/etc/ssl/certs/ftpd.pem
+SSL_KEY=/etc/ssl/private/ftpd.pem
 
 # Backup stare konfiguracije
 cp_backup_conffile $FTP_CONF
@@ -95,6 +95,8 @@ add_tls()
         cp-update proftpd-cn $FTP_TMP <<EOF
 <IfModule mod_tls.c>
   TLSEngine on
+  TLSLog /var/log/proftpd/tls.log
+  TLSProtocol SSLv23
 
   # Are clients required to use FTP over TLS when talking to this server?
   TLSRequired off
@@ -127,7 +129,7 @@ include_modules()
         if ! egrep -qi "^[[:space:]]*Include.*/etc/proftpd/modules.conf" $FTP_TMP ; then
             printf "#\n# Includes required DSO modules. This is mandatory in proftpd 1.3\n#\nInclude\t/etc/proftpd/modules.conf\n\n" >$FTP_TMP.tmp.$$
             cat $FTP_TMP >>$FTP_TMP.tmp.$$
-            mv -f $FTP_TMP.tmp.$$ $FTP_TMP
+            cp_mv $FTP_TMP.tmp.$$ $FTP_TMP
         fi
     fi
 }
@@ -135,10 +137,21 @@ include_modules()
 # Generiranje SSL certifikata
 make_ssl_cert()
 {
-    if [ ! -f $SSL_CERT ] ; then
-        cd $(dirname $SSL_CERT)
-        echo "CN: Generating SSL certificate ... "
-        openssl req -new -x509 -days 365 -nodes -out $(basename $SSL_CERT) -keyout $(basename $SSL_KEY)
+    if [ \( ! -f $SSL_CERT \) -o \( ! -f $SSL_KEY \) ] ; then
+        echo "CN: Generating SSL certificate... "
+        HOSTNAME=`hostname -s`
+        FQDN=`hostname -f`
+        MAILNAME=`cat /etc/mailname 2> /dev/null || hostname -f`
+        (openssl req -new -x509 -days 365 -nodes -out $SSL_CERT -keyout $SSL_KEY >/dev/null 2>&1 <<EOF
+.
+.
+.
+FTP server
+$hostname.$domainname
+$fqdn
+root@$mailname
+EOF
+)
         echo "CN: Self-signed SSL certificate generated in $SSL_CERT."
         echo "CN: Please note that the certificate will expire in one year."
     fi
@@ -173,7 +186,7 @@ else
 	rm -f $FTP_TMP
 fi
 
-echo "CN: Restarting proftpd ..."
+echo "CN: Restarting proftpd..."
 
 if [ -x /usr/sbin/invoke-rc.d ]; then
 	invoke-rc.d proftpd restart