blob: 07299d03f394fe4b1c0575c150e79c2f8f79a061 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
# arg 1: the new package version
post_install() {
# target directory
TARGET_DIR='/var/cache/pixelserv'
# ensure the target directory exists
if [[ -d "$TARGET_DIR" ]]; then
echo "$TARGET_DIR already exists. Consider to remove it before generating new certificates"
else
sudo mkdir -pv "$TARGET_DIR"
fi
# check the ownership of the directory
if [[ "$(stat -c '%U' "$TARGET_DIR")" != 'nobody' ]]; then
sudo chown -vR nobody:root "$TARGET_DIR"
fi
# check directory permissions
if [[ "$(stat -c '%A' "$TARGET_DIR")" =~ '---$' ]]; then
sudo chmod -vR o-rwx "$TARGET_DIR"
fi
cat <<EOF
In order to use pixelserv-tls you need to:
1. create root CA certificate https://git.io/vNuoH
cd /var/cache/pixelserv
sudo -u nobody openssl genrsa -out ca.key 1024
sudo -u nobody openssl req -key ca.key -new -x509 -days 3650 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"
2. import CA certificate
sudo cp /var/cache/pixelserv/ca.crt /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt
sudo trust extract-compat
... OR just run script (as your current user!):
pixelserv-ca-init
... THEN start/enable systemd service:
sudo systemctl enable --now pixelserv-tls
EOF
}
# arg 1: the new package version
# arg 2: the old package version
post_upgrade() {
post_install
}
# arg 1: the old package version
post_remove() {
TARGET_DIR='/var/cache/pixelserv'
cat <<EOF
If you won't use pixelserv-tls anymore you may remove "Pixelserv CA" certificate
and pixelserv-tls's cert folder using:
rm /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt
trust extract-compat
rm -rf $TARGET_DIR
EOF
}
|