projects / dovecot-cn.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
postinst mail_privileged_grup = mail check and sed
[dovecot-cn.git] / debian / postinst
1 #!/bin/sh
2
3 set -e
4
5 [ "$1" = "configure" ] || exit 0
6 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
7
8 # Load CARNet Tools
9 . /usr/share/carnet-tools/functions.sh
10
11 cp_check_and_sed '#disable_plaintext_auth' \
12                  's/#disable_plaintext_auth/disable_plaintext_auth/g' \
13                  /etc/dovecot/conf.d/10-auth.conf || true
14
15 cp_check_and_sed 'disable_plaintext_auth.*yes' \
16                  's/disable_plaintext_auth.*$/disable_plaintext_auth = no/g' \
17                  /etc/dovecot/conf.d/10-auth.conf || true
18
19 if ! grep -q "mail_privileged_group.*mail$" /etc/dovecot/conf.d/10-mail.conf \
20         cp_check_and_sed 'mail_privileged_group' \
21                          's/mail_privileged_group.*$/mail_privileged_group = mail/g' \
22                          /etc/dovecot/conf.d/10-mail.conf || true
23 fi
24
25 cp_check_and_sed '#imap_client_workarounds' \
26                  's/#imap_client_workarounds/imap_client_workarounds/g' \
27                  /etc/dovecot/conf.d/20-imap.conf || true
28
29 cp_check_and_sed '#pop3_client_workarounds' \
30                  's/#pop3_client_workarounds/pop3_client_workarounds/g' \
31                  /etc/dovecot/conf.d/20-pop3.conf || true
32
33 cp_check_and_sed 'imap_client_workarounds' \
34                  's/imap_client_workarounds.*$/imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags/g' \
35                  /etc/dovecot/conf.d/20-imap.conf || true
36
37 cp_check_and_sed 'pop3_client_workarounds' \
38                  's/pop3_client_workarounds.*$/pop3_client_workarounds = outlook-no-nuls oe-ns-eoh/g' \
39                  /etc/dovecot/conf.d/20-pop3.conf || true
40
41 cp_check_and_sed '#ssl_cipher_list' \
42                  's/#ssl_cipher_list.*/ssl_cipher_list = ALL:!aNULL:!eNULL:!ADH!LOW:!MEDIUM:!EXP:HIGH/g' \
43                  /etc/dovecot/conf.d/10-ssl.conf || true
44
45 # izbacujemo SSLv2
46 cp_check_and_sed 'ssl_cipher_list' \
47                  's/:\!SSLv2//g' \
48                  /etc/dovecot/conf.d/10-ssl.conf || true
49
50 # trazio zelja
51 cp_check_and_sed '#ssl =' \
52                  's/^#ssl =/ssl =/g' \
53                  /etc/dovecot/conf.d/10-ssl.conf || true
54
55 # trazio zelja
56 cp_check_and_sed 'ssl = no' \
57                  's/^ssl = no/ssl = yes/g' \
58                  /etc/dovecot/conf.d/10-ssl.conf || true
59
60 if ! grep -q ^ssl_cert /etc/dovecot/conf.d/10-ssl.conf \
61   && ! grep -q ^ssl_key /etc/dovecot/conf.d/10-ssl.conf; then
62
63   if [ ! -f /etc/dovecot/dovecot.pem -a ! -f /etc/dovecot/private/dovecot.pem ]; then
64     echo "CN: Generating certificate and key..."
65     /usr/share/dovecot-cn/mkcert.sh || true
66   fi
67
68   cp_check_and_sed '#ssl_cert = </etc/dovecot/dovecot.pem' \
69                    's|#ssl_cert = </etc/dovecot/dovecot.pem|ssl_cert = </etc/dovecot/dovecot.pem|g' \
70                    /etc/dovecot/conf.d/10-ssl.conf || true
71   cp_check_and_sed '#ssl_key = </etc/dovecot/private/dovecot.pem' \
72                    's|#ssl_key = </etc/dovecot/private/dovecot.pem|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
73                    /etc/dovecot/conf.d/10-ssl.conf || true
74   # negdje se pojavljuje dovecot.key umjesto dovecot.pem
75   cp_check_and_sed 'ssl_key = </etc/dovecot/private/dovecot.key' \
76                    's|ssl_key = </etc/dovecot/private/dovecot.key|ssl_key = </etc/dovecot/private/dovecot.pem|g' \
77                    /etc/dovecot/conf.d/10-ssl.conf || true
78 fi
79
80 ### buster ima ssl_min_protocol umjesto ssl_protocols
81 # ne radimo ništa ako već postoji ^ssl_min_protocol = TLS*, možda je sistemac smanjivao level TLS-a
82
83 if ! grep -q "^ssl_min_protocol = TLS" /etc/dovecot/conf.d/10-ssl.conf; then
84         # postavlja minimalni TLS protokol i mijenja ime varijable
85         cp_check_and_sed '#ssl_protocols =' \
86                          's/^#ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
87                          /etc/dovecot/conf.d/10-ssl.conf || true
88
89         # postavlja minimalni TLS protokol ako je varijabla već uključena
90         cp_check_and_sed 'ssl_protocols =' \
91                          's/^ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
92                          /etc/dovecot/conf.d/10-ssl.conf || true
93
94         # samo popravlja inačicu protokola i uključuje varijablu
95         cp_check_and_sed '#ssl_min_protocol =' \
96                          's/^#ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
97                          /etc/dovecot/conf.d/10-ssl.conf || true
98
99         # popravlja inačicu protokola ako je varijabla već uključena (ako je zaostao SSLv2 i SSLv3)
100         cp_check_and_sed 'ssl_min_protocol =' \
101                          's/^ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
102                          /etc/dovecot/conf.d/10-ssl.conf || true
103 fi
104
105 ### buster ima DH ključ koji se nalazi u paketu dovecot-core
106 # ne radimo ništa ako već postoji ^ssl_dh koji nije prazan
107
108 if ! grep -q "^ssl_dh = /" /etc/dovecot/conf.d/10-ssl.conf; then
109         # postavlja DH i uključuje varijablu
110         cp_check_and_sed '#ssl_dh =' \
111                          's,^#ssl_dh.*,ssl_dh = </usr/share/dovecot/dh.pem,g' \
112                          /etc/dovecot/conf.d/10-ssl.conf || true
113 fi
114
115 # maknuti kludge kreiran u carnet-upgrade
116 test -f /etc/dovecot/conf.d/95-cn6-upgrade.conf && mv /etc/dovecot/conf.d/95-cn6-upgrade.conf /var/backups || true
117 test -f /etc/dovecot/conf.d/95-cn7-upgrade.conf && mv /etc/dovecot/conf.d/95-cn7-upgrade.conf /var/backups || true
118 test -f /etc/dovecot/conf.d/95-cn8-upgrade.conf && mv /etc/dovecot/conf.d/95-cn8-upgrade.conf /var/backups || true
119 test -f /etc/dovecot/conf.d/95-cn9-upgrade.conf && mv /etc/dovecot/conf.d/95-cn9-upgrade.conf /var/backups || true
120 # nije više potrebno editirati dovecot.conf koji je samo hrpa includea
121 test -f /etc/dovecot/dovecot.conf.cn6-upgrade && mv /etc/dovecot/dovecot.conf.cn6-upgrade /var/backups || true
122 test -f /etc/dovecot/dovecot.conf.cn7-upgrade && mv /etc/dovecot/dovecot.conf.cn7-upgrade /var/backups || true
123 test -f /etc/dovecot/dovecot.conf.cn8-upgrade && mv /etc/dovecot/dovecot.conf.cn8-upgrade /var/backups || true
124 test -f /etc/dovecot/dovecot.conf.cn9-upgrade && mv /etc/dovecot/dovecot.conf.cn9-upgrade /var/backups || true
125
126 # staro, može se brisati
127 # dodao ico, gasi SSLv3 protokol
128 #cp_check_and_sed '#ssl_protocols =' \
129 #                's/^#ssl_protocols.*/ssl_protocols = !SSLv3/g' \
130 #                /etc/dovecot/conf.d/10-ssl.conf || true
131
132 # dodao zelja, gasi stare SSL protokole
133 #cp_check_and_sed 'ssl_protocols =' \
134 #                's/\!SSLv2 //g' \
135 #                /etc/dovecot/conf.d/10-ssl.conf || true
136
137 # dodao zelja, gasi stare SSL protokole/ciphere u 95-cn9-upgrade.conf ako postoje
138 #if [ -f /etc/dovecot/conf.d/95-cn9-upgrade.conf ]; then
139 #       cp_check_and_sed 'ssl_protocols =' \
140 #                        's/\!SSLv2 //g' \
141 #                        /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
142 #       cp_check_and_sed 'ssl_cipher_list' \
143 #                        's/:\!SSLv2//g' \
144 #                        /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
145 #fi
146
147 # restart 
148 service dovecot restart || true
149
150 #DEBHELPER#
151
152 exit 0
dovecot-cn