Your message dated Wed, 14 Nov 2007 21:41:07 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Closing bugs already fixed in unstable
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: dovecot-common
Version: 1.0.rc15-2etch1
Severity: minor
I thought at first this would be grave, but it fortunately isn't.
I have two separate cert files both based off the same key for
dovecot imap and pop:
protocol imap {
ssl_listen = *
ssl_cert_file = /etc/ssl/certs/imap.madduck.net.pem
ssl_key_file = /etc/ssl/private/seamus.madduck.net.key
}
protocol pop3 {
ssl_listen = *ยท
ssl_cert_file = /etc/ssl/certs/pop.madduck.net.pem
ssl_key_file = /etc/ssl/private/seamus.madduck.net.key
}
The postinst can't deal with that:
++ egrep -s '^[^#]*ssl_cert_file' /etc/dovecot/dovecot.conf
++ cut -d= -f2
+ SSL_CERT=' /etc/ssl/certs/imap.madduck.net.pem
/etc/ssl/certs/pop.madduck.net.pem'
...
+ '[' -f /etc/ssl/certs/imap.madduck.net.pem
/etc/ssl/certs/pop.madduck.net.pem ']'
/var/lib/dpkg/info/dovecot-common.postinst: line 28: [:
/etc/ssl/certs/imap.madduck.net.pem: binary operator expected
+ echo 'Creating generic self-signed certificate:
/etc/ssl/certs/imap.madduck.net.pem
/etc/ssl/certs/pop.madduck.net.pem'
So this would overwrite the existing certs. Fortunately, I was saved
by openssl:
+ openssl req -new -x509 -days 365 -nodes -out
/etc/ssl/certs/imap.madduck.net.pem /etc/ssl/certs/pop.madduck.net.pem -keyout
/etc/ssl/private/seamus.madduck.net.key /etc/ssl/private/seamus.madduck.net.key
+ echo 'Warning : Bad SSL config, can'\''t generate certificate'
So, nothing happened.
If you can't figure out how to handle multiple certs, be safe and
simply do nothing if more than one cert is present, as then it's
moderately safe to assume that the admin knows what s/he's doing.
Also, I'd really change the if statement. Now it creates self-signed
certs if the if is false, which may be the case if there's an error
(-f should actually not be true on symlinks). I suggest to revert it
such that certs are only created if
[ ! -e cert ] && [ ! -e key ]
else nothing happens.
Cheers,
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.22-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' : proud Debian developer, author, administrator, and user
`. `'` http://people.debian.org/~madduck - http://debiansystem.info
`- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
--- End Message ---
--- Begin Message ---
Version: 1:1.0.3-3
Hello,
The shell code in dovecot-common.postinst which deals with certificates and
keys has been changed in 1:1.0.3-3 to check and create only the default
certificate and key. Your bug report refers to 1.0.rc15-2etch1, which is
the current version in etch (after a security upload), so I'm closing this
it with the right version information.
Best regards,
--
Fabio Tranchitella http://www.kobold.it
Free Software Developer and Consultant http://www.tranchitella.it
_____________________________________________________________________
1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564
--- End Message ---
