1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
Description: generate key in the initscript instead of post-install
- this allows things to work easily even on pre-installed system images,
such as liveCDs, c.f. debian bug #594175
Author: Ximin Luo <infinity0@torproject.org>
Applied-Upstream: commit:7ba80db17d0fe53dfc0eff9ed4dec46312e853e7
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/facilitator/Makefile.am
+++ b/facilitator/Makefile.am
@@ -73,10 +73,10 @@
# non-standard directories to ./configure or DESTDIR to make.
pre-install: meta-install-sanity install-user
-post-install: meta-install-sanity install-secrets install-symlinks install-daemon
+post-install: meta-install-sanity install-symlinks install-daemon
pre-remove: meta-install-sanity remove-daemon remove-symlinks
post-remove: meta-install-sanity
-pre-purge: pre-remove remove-secrets remove-daemon-data
+pre-purge: pre-remove remove-daemon-data
post-purge: post-remove remove-user
meta-install-sanity:
@@ -111,17 +111,6 @@
userdel \
${fpfacilitatoruser} ; } || true
-install-secrets:
- test -f ${pkgconfdir}/reg-daemon.key || { \
- install -m 600 /dev/null ${pkgconfdir}/reg-daemon.key && \
- openssl genrsa 2048 | tee ${pkgconfdir}/reg-daemon.key | \
- openssl rsa -pubout > ${pkgconfdir}/reg-daemon.pub; }
-
-remove-secrets:
- for i in reg-daemon.key reg-daemon.pub; do \
- rm -f ${pkgconfdir}/$$i; \
- done
-
install-symlinks:
for i in fp-reg.go app.yaml; do \
$(LN_S) -f ${appenginedir}/$$i ${appengineconfdir}/$$i; \
@@ -159,14 +148,17 @@
endif
remove-daemon-data:
+ for i in reg-daemon.key reg-daemon.pub; do \
+ rm -f ${pkgconfdir}/$$i; \
+ done
if DO_INITSCRIPTS
for i in ${initscript_names}; do \
rm -f ${localstatedir}/log/$$i.log* \
- rm -f ${localstatedir}/run/$$i.pid \
+ rm -f ${localstatedir}/run/$$i.pid; \
done
endif
.PHONY: pre-install post-install pre-remove post-remove pre-purge post-purge
-.PHONY: install-user install-secrets install-symlinks install-daemon
-.PHONY: remove-user remove-secrets remove-symlinks remove-daemon
+.PHONY: install-user install-symlinks install-daemon
+.PHONY: remove-user remove-symlinks remove-daemon
.PHONY: pylint
--- a/facilitator/init.d/fp-reg-decryptd.in
+++ b/facilitator/init.d/fp-reg-decryptd.in
@@ -49,6 +49,16 @@
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
+
+ # Automatically generate a key if one doesn't exist
+ if [ ! -f "$CONFDIR/reg-daemon.key" ]; then
+ echo >&2 "$CONFDIR/reg-daemon.key does not exist; generating it"
+ # prevent race for non-root to open read file handle
+ install -m 600 /dev/null "$CONFDIR/reg-daemon.key"
+ openssl genrsa 2048 | tee "$CONFDIR/reg-daemon.key" | \
+ openssl rsa -pubout > "$CONFDIR/reg-daemon.pub"
+ fi
+
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
|
