1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
#!/bin/sh
set -e
PKG="pollen"
DIR="/etc/$PKG"
mkdir -p -m 700 "$DIR"
PUB_CERT="$DIR/cert.pem"
PK="$DIR/key.pem"
CA="$DIR/ca.pem"
# Create the pollen user if necessary
if ! getent passwd $PKG >/dev/null; then
adduser --disabled-password --quiet --system --home /var/cache/pollen --ingroup daemon $PKG --shell /bin/false
fi
# Set capabilities on the pollen binary to bind to privileged ports
setcap 'cap_net_bind_service=+ep' /usr/bin/pollen
if [ ! -r "$PUB_CERT" ] || [ ! -r "$PK" ]; then
install -m 600 /dev/null "$PUB_CERT"
install -m 600 /dev/null "$PK"
# Auto generate self signed certs if we don't have one already in place
openssl req -new -newkey rsa:4096 -nodes -x509 -out "$PUB_CERT" -keyout "$PK" -days 3650 -subj "/C=US/ST=TX/L=Austin/CN=localhost/emailAddress=pollen@example.com"
fi
chown $PKG:root $DIR
chown $PKG:root $DIR/*
#DEBHELPER#
|
