Script debian/postinst:
* no need for 'db_fget apache2-cn/wwwhost seen'.
* after 'cp_check_and_sed ... $SSLTMP || true', remove $SSLTMP.cn-old.
* check file access permissions and group ownership for existing Apache2
SSL certificates.
* inform the user before executing 'update-monit.d || true'.
#
if [ ! -f ${sslkey}/apache2-ca.key ]; then
#
if [ ! -f ${sslkey}/apache2-ca.key ]; then
- openssl genrsa -out ${sslkey}/apache2-ca.key 1024
+ (umask 027; openssl genrsa -out ${sslkey}/apache2-ca.key 1024)
KEYS="${KEYS}
- ${sslkey}/apache2-ca.key"
fi
KEYS="${KEYS}
- ${sslkey}/apache2-ca.key"
fi
# Generate server certificate
#
# Generate server certificate
#
-openssl genrsa -out ${sslkey}/apache2.key 1024
+(umask 027; openssl genrsa -out ${sslkey}/apache2.key 1024)
echo 01 > "$TMPFILE2"
sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
echo 01 > "$TMPFILE2"
sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
/var/log/apache/ se postavlja u /var/log/apache2/.
* Izmjene unutar README.CARNet datoteke.
* Manje izmjene unutar debian/control datoteke (Depends).
/var/log/apache/ se postavlja u /var/log/apache2/.
* Izmjene unutar README.CARNet datoteke.
* Manje izmjene unutar debian/control datoteke (Depends).
+ * Provjera dozvola za vec postojece SSL certifikate.
-- Dragan Dosen <ddosen@ffzg.hr> Wed, 2 Apr 2008 12:37:00 +0200
-- Dragan Dosen <ddosen@ffzg.hr> Wed, 2 Apr 2008 12:37:00 +0200
-db_fget apache2-cn/wwwhost seen
-if [ "$RET" != "true" ]; then
-
- db_get apache2-cn/wwwhost || true
- if [ "$RET" = "true" ]; then
+db_get apache2-cn/wwwhost || true
+if [ "$RET" = "true" ]; then
# Add WWW VirtualHost.
if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
# Add WWW VirtualHost.
if [ -f "$CONFDIR/sites-available/$FQDN" ]; then
fi
chk_conf_tag "$CONFDIR/sites-available/$FQDN"
fi
chk_conf_tag "$CONFDIR/sites-available/$FQDN"
- if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN
need_restart=1
fi
chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN"
install_vhost -nvh -d -r www.$DOMAIN default $FQDN 000-$FQDN
need_restart=1
fi
chk_conf_tag "$CONFDIR/sites-available/www.$DOMAIN"
- if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ if [ ! -f "$CONFDIR/sites-available/www.$DOMAIN" ] || [ $RET -eq 0 ]; then
install_vhost default www.$DOMAIN www.$DOMAIN
need_restart=1
fi
install_vhost default www.$DOMAIN www.$DOMAIN
need_restart=1
fi
fi
chk_conf_tag "$CONFDIR/sites-available/$FQDN"
fi
chk_conf_tag "$CONFDIR/sites-available/$FQDN"
- if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 -a -f "$CONFOLD" ]; then
+ if [ ! -f "$CONFDIR/sites-available/$FQDN" ] || [ $RET -eq 0 ]; then
install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
need_restart=1
fi
install_vhost -nvh -d -r $FQDN default $FQDN 000-$FQDN
need_restart=1
fi
if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then
SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
if [ $RET -eq 0 ] && [ -n "$apache2_sslcf" ]; then
SSLTMP=$(mktemp ${CONFDIR}/ssltmp.XXXXXX)
- temp_files="${temp_files} ${SSLTMP}"
+ temp_files="${temp_files} ${SSLTMP} ${SSLTMP}.cn-old"
cp ${CONFDIR}/sites-available/ssl $SSLTMP
# SSLCertificateFile
cp ${CONFDIR}/sites-available/ssl $SSLTMP
# SSLCertificateFile
need_restart=1
# Just to be sure.
need_restart=1
# Just to be sure.
- if [ -e "$SSLTMP" ]; then
- rm -f $SSLTMP
- fi
+ [ -e "${SSLTMP}" ] && rm -f ${SSLTMP}
+ [ -e "${SSLTMP}.cn-old" ] && rm -f ${SSLTMP}.cn-old
+# Check file access permissions and group ownership for SSL certificates.
+#
+cp_echo "CN: Checking file permissions and group ownership for Apache2 SSL certificates."
+sslkey=/etc/ssl/private
+sslcerts="${sslkey}/ca.key ${sslkey}/ca.csr ${sslkey}/apache2-ca.key
+ ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr"
+for certf in $sslcerts; do
+ if [ -f "$certf" ]; then
+ chgrp www-data $certf
+ chmod 640 $certf
+ fi
+done
+
+
# Check for CustomLog, ErrorLog and TransferLog in Apache2 configuration.
#
cp_echo "CN: Checking Apache2 CustomLog, ErrorLog and TransferLog directives."
# Check for CustomLog, ErrorLog and TransferLog in Apache2 configuration.
#
cp_echo "CN: Checking Apache2 CustomLog, ErrorLog and TransferLog directives."
# (re)generate monit.d files if monit-cn is installed.
#
if [ -x "/usr/sbin/update-monit.d" ]; then
# (re)generate monit.d files if monit-cn is installed.
#
if [ -x "/usr/sbin/update-monit.d" ]; then
+ cp_echo "CN: Updating monit configuration..."
update-monit.d || true
fi
update-monit.d || true
fi