Date: Tuesday, November 28, 2017 @ 03:35:15 Author: anthraxx Revision: 311052
upgpkg: imap 2007f-9 (generate certs per host during install) - old modified certs will be preserved as .pacsave - forces creation of new certs as they are renamed - raised to rsa-4096 Added: imap/trunk/imap.install Modified: imap/trunk/PKGBUILD --------------+ PKGBUILD | 32 ++++---------------------------- imap.install | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 28 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-11-27 19:31:19 UTC (rev 311051) +++ PKGBUILD 2017-11-28 03:35:15 UTC (rev 311052) @@ -3,7 +3,7 @@ pkgbase=imap pkgname=(imap c-client) pkgver=2007f -pkgrel=8 +pkgrel=9 arch=('x86_64') license=('APACHE') url="http://www.washington.edu/imap" @@ -36,29 +36,8 @@ cd $srcdir/$pkgbase-$pkgver # NOTE: if you wish to enforce SSL, use SSLTYPE=unix.nopwd - yes "y" | make lnp EXTRAAUTHENTICATORS=gss PASSWDTYPE=pam SPECIALAUTHENTICATORS=ssl SSLTYPE=unix EXTRACFLAGS="${CFLAGS} -fPIC -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lpam" + yes "y" | make lnp EXTRAAUTHENTICATORS=gss PASSWDTYPE=pam SPECIALAUTHENTICATORS=ssl SSLTYPE=unix EXTRACFLAGS="${CFLAGS} -fPIC -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lpam" EXTRALDFLAGS="${LDFLAGS}" - # create ssl certs for secure imap - for i in imapd ipop3d; do - PEM1=$srcdir/pem1 - PEM2=$srcdir/pem2 - /usr/bin/openssl req -newkey rsa:1024 -keyout $PEM1 \ - -nodes -x509 -days 365 -out $PEM2 << EOF --- -SomeState -SomeCity -SomeOrganization -SomeOrganizationalUnit -localhost.localdomain -root@localhost.localdomain -EOF - - cat $PEM1 > ${i}.pem - echo "" >> ${i}.pem - cat $PEM2 >> ${i}.pem - rm $PEM1 $PEM2 - umask 022 - done } package_imap() { @@ -66,7 +45,8 @@ depends=('c-client') provides=('imap-server' 'pop3-server') conflicts=('courier-mta' 'courier-imap') - backup=(etc/xinetd.d/{imap,ipop2,ipop3} etc/ssl/certs/{imapd,ipop3d}.pem) + backup=(etc/xinetd.d/{imap,ipop2,ipop3}) + install=imap.install cd $srcdir/$pkgbase-$pkgver install -d $pkgdir/usr/bin @@ -74,10 +54,6 @@ install -D -m755 ipopd/ipop2d $pkgdir/usr/bin/ipop2d install -D -m755 ipopd/ipop3d $pkgdir/usr/bin/ipop3d - # install certs - install -D -m600 imapd.pem $pkgdir/etc/ssl/certs/imapd.pem - install -D -m600 ipop3d.pem $pkgdir/etc/ssl/certs/ipop3d.pem - # install xinetd.d configs install -D -m644 ../imap $pkgdir/etc/xinetd.d/imap install -D -m644 ../ipop2 $pkgdir/etc/xinetd.d/ipop2 Added: imap.install =================================================================== --- imap.install (rev 0) +++ imap.install 2017-11-28 03:35:15 UTC (rev 311052) @@ -0,0 +1,40 @@ +post_install() { + if [ ! -e /etc/ssl/certs/imapd.pem ]; then + generate_certificate imapd + fi + if [ ! -e /etc/ssl/certs/ipop3d.pem ]; then + generate_certificate ipop3d + fi +} + +post_upgrade() { + post_install +} + +generate_certificate() { + t=$1 + echo -n "Generating $t certificate..." + + umask 077 + tmpdir=$(mktemp -d) + PEM1="$tmpdir/$t.pem1" + PEM2="$tmpdir/$t.pem2" + cert="$tmpdir/$t.pem" + /usr/bin/openssl req -newkey rsa:4096 -keyout "$PEM1" \ + -nodes -x509 -days 365 -out "$PEM2" >/dev/null 2>&1 << EOF +-- +SomeState +SomeCity +SomeOrganization +SomeOrganizationalUnit +localhost.localdomain +root@localhost.localdomain +EOF + + cat "$PEM1" > "$cert" + echo "" >> "$cert" + cat "$PEM2" >> "$cert" + install -Dm 600 "$cert" -t /etc/ssl/certs + rm -rf "$tmpdir" + echo "done." +}