Changes for umask and file access permissions in carnet-generate-ssl.
[apache2-cn.git] / debian / postinst
index 19da2b1..941cdcc 100755 (executable)
@@ -29,9 +29,7 @@ esac
 PKG="apache2-cn"
 VERSION="2.2-1"
 CONFDIR="/etc/apache2"
-CONFDIROLD="/etc/apache"
 CONF="$CONFDIR/apache2.conf"
-CONFOLD="$CONFDIROLD/httpd.conf"
 A2MODEDIR="$CONFDIR/mods-enabled"
 PORTCONF="$CONFDIR/ports.conf"
 A2CNDIR=/usr/share/apache2-cn
@@ -328,11 +326,14 @@ fi
 
 # Make sure Apache is NOT running.
 #
-if [ -x /usr/sbin/invoke-rc.d ]; then
-       [ -x /usr/sbin/apache ] && invoke-rc.d apache stop || true
-       pkill -9 -f /usr/sbin/apache || true
-else
-       [ -x /etc/init.d/apache ] && /etc/init.d/apache stop || true
+if [ -x /etc/init.d/apache ]; then
+       if [ -x /usr/sbin/invoke-rc.d ]; then
+               invoke-rc.d apache stop || true
+       else
+               /etc/init.d/apache stop || true
+       fi
+
+       pkill -9 -f '/usr/sbin/apache$' || true
 fi
 
 
@@ -487,9 +488,12 @@ fi
 
 
 # Add VirtualHosts.
+# - on fresh install
 #
-db_get apache2-cn/wwwhost || true
-if [ "$RET" = "true" ]; then
+if [ -z "$2" ]; then
+
+    db_get apache2-cn/wwwhost || true
+    if [ "$RET" = "true" ]; then
 
        # Add WWW VirtualHost.
        if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
@@ -522,6 +526,7 @@ if [ "$RET" = "true" ]; then
                install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
                need_restart=1
        fi
+    fi
 fi
 
 
@@ -535,7 +540,7 @@ if [ $apache2_sslcert -eq 0 ]; then
 
        # No active SSL VirtualHosts found - add new one.
        chk_conf_tag "$CONFDIR/sites-available/ssl"
-       if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+       if [ ! -f "$CONFDIR/sites-available/ssl" ] || [ $RET -eq 0 ]; then
                install_vhost -r $FQDN -n $HOST ssl ssl 001-ssl
                need_restart=1
        fi
@@ -581,16 +586,14 @@ if [ $apache2_sslcert -eq 0 ]; then
 fi
 
 
-# Check file access permissions and group ownership for SSL certificates.
+# Check file access permissions for SSL certificates.
 #
-cp_echo "CN: Checking file permissions and group ownership for Apache2 SSL certificates."
+cp_echo "CN: Checking file access permissions for Apache2 SSL certificates."
 sslkey=/etc/ssl/private
-sslcerts="${sslkey}/ca.key ${sslkey}/ca.csr ${sslkey}/apache2-ca.key
-         ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr"
+sslcerts="${sslkey}/ca.key ${sslkey}/apache2-ca.key ${sslkey}/apache2.key"
 for certf in $sslcerts; do
        if [ -f "$certf" ]; then
-           chgrp www-data $certf
-           chmod 640 $certf
+           chmod 600 $certf
        fi
 done