projects / dovecot-cn.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Izbačen bash-izam iz postinsta
[dovecot-cn.git] / debian / postinst
1 #!/bin/sh
2
3 set -e
4
5 [ "$1" = "configure" ] || exit 0
6 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx
7
8 # Load CARNet Tools
9 . /usr/share/carnet-tools/functions.sh
10
11
12 move_certs() {
13         if [ -f /etc/dovecot/private/dovecot.pem -a ! -f /etc/dovecot/private/dovecot.key ]; then
14                 mv -f /etc/dovecot/private/dovecot.pem /etc/dovecot/private/dovecot.key || true
15         fi
16
17         if [ -f /etc/dovecot/dovecot.pem ]; then
18                 mv -f /etc/dovecot/dovecot.pem /etc/dovecot/private/dovecot.pem || true
19         fi
20 }
21
22 put_new_certs() {
23 # postavlja cert i key na nove putanje iz bustera
24   cp_check_and_sed '#ssl_key = </etc/dovecot/private/dovecot.pem' \
25                    's|#ssl_key = </etc/dovecot/private/dovecot.pem|ssl_key = </etc/dovecot/private/dovecot.key|g' \
26                    /etc/dovecot/conf.d/10-ssl.conf || true
27   cp_check_and_sed '#ssl_cert = </etc/dovecot/dovecot.pem' \
28                    's|#ssl_cert = </etc/dovecot/dovecot.pem|ssl_cert = </etc/dovecot/private/dovecot.pem|g' \
29                    /etc/dovecot/conf.d/10-ssl.conf || true
30   cp_check_and_sed 'ssl_cert = </etc/dovecot/dovecot.pem' \
31                    's|ssl_cert = </etc/dovecot/dovecot.pem|ssl_cert = </etc/dovecot/private/dovecot.pem|g' \
32                    /etc/dovecot/conf.d/10-ssl.conf || true
33   cp_check_and_sed 'ssl_key = </etc/dovecot/private/dovecot.pem' \
34                    's|ssl_key = </etc/dovecot/private/dovecot.pem|ssl_key = </etc/dovecot/private/dovecot.key|g' \
35                    /etc/dovecot/conf.d/10-ssl.conf || true
36   cp_check_and_sed '#ssl_cert = </etc/dovecot/private/dovecot.pem' \
37                    's|#ssl_cert = </etc/dovecot/private/dovecot.pem|ssl_cert = </etc/dovecot/private/dovecot.pem|g' \
38                    /etc/dovecot/conf.d/10-ssl.conf || true
39   cp_check_and_sed '#ssl_key = </etc/dovecot/private/dovecot.key' \
40                    's|#ssl_key = </etc/dovecot/private/dovecot.key|ssl_key = </etc/dovecot/private/dovecot.key|g' \
41                    /etc/dovecot/conf.d/10-ssl.conf || true
42 }
43
44
45 cp_check_and_sed '#disable_plaintext_auth' \
46                  's/#disable_plaintext_auth/disable_plaintext_auth/g' \
47                  /etc/dovecot/conf.d/10-auth.conf || true
48
49 cp_check_and_sed 'disable_plaintext_auth.*yes' \
50                  's/disable_plaintext_auth.*$/disable_plaintext_auth = no/g' \
51                  /etc/dovecot/conf.d/10-auth.conf || true
52
53 if ! grep -q "mail_privileged_group.*mail$" /etc/dovecot/conf.d/10-mail.conf; then
54         cp_check_and_sed 'mail_privileged_group' \
55                          's/mail_privileged_group.*$/mail_privileged_group = mail/g' \
56                          /etc/dovecot/conf.d/10-mail.conf || true
57 fi
58
59 cp_check_and_sed '#imap_client_workarounds' \
60                  's/#imap_client_workarounds/imap_client_workarounds/g' \
61                  /etc/dovecot/conf.d/20-imap.conf || true
62
63 cp_check_and_sed '#pop3_client_workarounds' \
64                  's/#pop3_client_workarounds/pop3_client_workarounds/g' \
65                  /etc/dovecot/conf.d/20-pop3.conf || true
66
67 cp_check_and_sed 'imap_client_workarounds' \
68                  's/imap_client_workarounds.*$/imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags/g' \
69                  /etc/dovecot/conf.d/20-imap.conf || true
70
71 cp_check_and_sed 'pop3_client_workarounds' \
72                  's/pop3_client_workarounds.*$/pop3_client_workarounds = outlook-no-nuls oe-ns-eoh/g' \
73                  /etc/dovecot/conf.d/20-pop3.conf || true
74
75 cp_check_and_sed '#ssl_cipher_list' \
76                  's/#ssl_cipher_list.*/ssl_cipher_list = ALL:!aNULL:!eNULL:!ADH!LOW:!MEDIUM:!EXP:HIGH/g' \
77                  /etc/dovecot/conf.d/10-ssl.conf || true
78
79 # izbacujemo SSLv2
80 cp_check_and_sed 'ssl_cipher_list' \
81                  's/:\!SSLv2//g' \
82                  /etc/dovecot/conf.d/10-ssl.conf || true
83
84 # trazio zelja
85 cp_check_and_sed '#ssl =' \
86                  's/^#ssl =/ssl =/g' \
87                  /etc/dovecot/conf.d/10-ssl.conf || true
88
89 # trazio zelja
90 cp_check_and_sed 'ssl = no' \
91                  's/^ssl = no/ssl = yes/g' \
92                  /etc/dovecot/conf.d/10-ssl.conf || true
93
94
95 dovecert="$(doveconf ssl_cert)"
96 dovekey="$(doveconf ssl_key)"
97
98 if [ -n "$dovecert" -a -n "$dovekey" ]; then
99         echo -n "CN: Opcije ssl_cert i ssl_key su pronađene"
100
101         cfile=$(grep -l ^ssl_cert /etc/dovecot/conf.d/*.conf | tail -1)
102         kfile=$(grep -l ^ssl_key /etc/dovecot/conf.d/*.conf | tail -1)
103
104         if grep -q ^ssl_cert $cfile && grep -q ^ssl_key $kfile; then
105                 if [ "$cfile" != "/etc/dovecot/conf.d/10-ssl.conf" -o "$kfile" != "/etc/dovecot/conf.d/10-ssl.conf" ]; then
106                         echo " izvan 10-ssl.conf (u $cfile), preskačem rekonfiguraciju..."
107                 else
108                         echo " u /etc/dovecot/conf.d/10-ssl.conf. Postavljam default vrijednosti iz Debiana 10..."
109                         put_new_certs
110                         move_certs
111                 fi
112         fi
113 else
114         echo "CN: ssl_cert i ssl_key nisu definirani, postavljam default vrijednosti iz Debiana 10!"
115         # ako postoji,  pomaknut ćemo stari certifikat na novo mjesto i preimenovati kljuc
116         # ako ne postoje certifikati generiraj ih i postavi na prava mjesta
117
118         move_certs
119
120         if [ ! -f /etc/dovecot/private/dovecot.pem -a ! -f /etc/dovecot/private/dovecot.key ]; then
121             echo "CN: Pravim certifikat i kljuc i postavljam ih u /etc/dovecot/private..."
122             /usr/share/dovecot-cn/mkcert.sh || true
123         fi  
124         put_new_certs
125 fi
126
127
128
129 ### buster ima ssl_min_protocol umjesto ssl_protocols
130 # ne radimo ništa ako već postoji ^ssl_min_protocol = TLS*, možda je sistemac smanjivao level TLS-a
131
132 if ! grep -q "^ssl_min_protocol = TLS" /etc/dovecot/conf.d/10-ssl.conf; then
133         # postavlja minimalni TLS protokol i mijenja ime varijable
134         cp_check_and_sed '#ssl_protocols =' \
135                          's/^#ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
136                          /etc/dovecot/conf.d/10-ssl.conf || true
137
138         # postavlja minimalni TLS protokol ako je varijabla već uključena
139         cp_check_and_sed 'ssl_protocols =' \
140                          's/^ssl_protocols.*/ssl_min_protocol = TLSv1.2/g' \
141                          /etc/dovecot/conf.d/10-ssl.conf || true
142
143         # samo popravlja inačicu protokola i uključuje varijablu
144         cp_check_and_sed '#ssl_min_protocol =' \
145                          's/^#ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
146                          /etc/dovecot/conf.d/10-ssl.conf || true
147
148         # popravlja inačicu protokola ako je varijabla već uključena (ako je zaostao SSLv2 i SSLv3)
149         cp_check_and_sed 'ssl_min_protocol =' \
150                          's/^ssl_min_protocol.*/ssl_min_protocol = TLSv1.2/g' \
151                          /etc/dovecot/conf.d/10-ssl.conf || true
152 fi
153
154 ### buster ima DH ključ koji se nalazi u paketu dovecot-core
155 # ne radimo ništa ako već postoji ^ssl_dh koji nije prazan
156
157 if ! grep -q "^ssl_dh = /" /etc/dovecot/conf.d/10-ssl.conf; then
158         # postavlja DH i uključuje varijablu
159         cp_check_and_sed '#ssl_dh =' \
160                          's,^#ssl_dh.*,ssl_dh = </usr/share/dovecot/dh.pem,g' \
161                          /etc/dovecot/conf.d/10-ssl.conf || true
162 fi
163
164 # maknuti kludge kreiran u carnet-upgrade
165 test -f /etc/dovecot/conf.d/95-cn6-upgrade.conf && mv /etc/dovecot/conf.d/95-cn6-upgrade.conf /var/backups || true
166 test -f /etc/dovecot/conf.d/95-cn7-upgrade.conf && mv /etc/dovecot/conf.d/95-cn7-upgrade.conf /var/backups || true
167 test -f /etc/dovecot/conf.d/95-cn8-upgrade.conf && mv /etc/dovecot/conf.d/95-cn8-upgrade.conf /var/backups || true
168 test -f /etc/dovecot/conf.d/95-cn9-upgrade.conf && mv /etc/dovecot/conf.d/95-cn9-upgrade.conf /var/backups || true
169 # nije više potrebno editirati dovecot.conf koji je samo hrpa includea
170 test -f /etc/dovecot/dovecot.conf.cn6-upgrade && mv /etc/dovecot/dovecot.conf.cn6-upgrade /var/backups || true
171 test -f /etc/dovecot/dovecot.conf.cn7-upgrade && mv /etc/dovecot/dovecot.conf.cn7-upgrade /var/backups || true
172 test -f /etc/dovecot/dovecot.conf.cn8-upgrade && mv /etc/dovecot/dovecot.conf.cn8-upgrade /var/backups || true
173 test -f /etc/dovecot/dovecot.conf.cn9-upgrade && mv /etc/dovecot/dovecot.conf.cn9-upgrade /var/backups || true
174
175 # staro, može se brisati
176 # dodao ico, gasi SSLv3 protokol
177 #cp_check_and_sed '#ssl_protocols =' \
178 #                's/^#ssl_protocols.*/ssl_protocols = !SSLv3/g' \
179 #                /etc/dovecot/conf.d/10-ssl.conf || true
180
181 # dodao zelja, gasi stare SSL protokole
182 #cp_check_and_sed 'ssl_protocols =' \
183 #                's/\!SSLv2 //g' \
184 #                /etc/dovecot/conf.d/10-ssl.conf || true
185
186 # dodao zelja, gasi stare SSL protokole/ciphere u 95-cn9-upgrade.conf ako postoje
187 #if [ -f /etc/dovecot/conf.d/95-cn9-upgrade.conf ]; then
188 #       cp_check_and_sed 'ssl_protocols =' \
189 #                        's/\!SSLv2 //g' \
190 #                        /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
191 #       cp_check_and_sed 'ssl_cipher_list' \
192 #                        's/:\!SSLv2//g' \
193 #                        /etc/dovecot/conf.d/95-cn9-upgrade.conf || true
194 #fi
195
196 # restart 
197 service dovecot restart || true
198
199 #DEBHELPER#
200
201 exit 0
dovecot-cn