From 2ee8f1ef5875a111c66ec36cd6c62dcdb29050fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=8F=D0=BD=20=D0=9C=D0=B8=D0=BD=D0=BA?= =?UTF-8?q?=D0=BE=D0=B2?= Date: Mon, 30 Apr 2018 17:19:30 -0500 Subject: [PATCH] Updates postinst prosody (#2896) * Creates conf.d in /etc/prosody if missing. Fixes a problem installing prosody 0.10 when using prosody repositories. * Cleanups certificates on purge. There are various occasions where users purge packages and the new installations after that generate certificate which doesn't end up in the java trust store on the target machine. * Generate jicofo user and component passwords if missing. There are situations where if prosody is already installed, the order of configuring the packages is not in the correct order. In those situations jitsi-meet-prosody got configured before jicofo and the user password and the component secret are not available and we ask the user for that and later when jicofo is configured we generate new set of them. Now we will end up always generating them in jitsi-meet-prosody or jicofo and we will reuse them. See https://github.com/jitsi/jicofo/pull/283. --- debian/jitsi-meet-prosody.postinst | 21 ++++++++++++++------- debian/jitsi-meet-prosody.postrm | 8 ++++++++ 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/debian/jitsi-meet-prosody.postinst b/debian/jitsi-meet-prosody.postinst index 2d16b80acb..2b82f0154c 100644 --- a/debian/jitsi-meet-prosody.postinst +++ b/debian/jitsi-meet-prosody.postinst @@ -50,17 +50,21 @@ case "$1" in db_get jicofo/jicofo-authpassword if [ -z "$RET" ] ; then - db_input critical jicofo/jicofo-authpassword || true - db_go + # if password is missing generate it, and store it + JICOFO_AUTH_PASSWORD=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'` + db_set jicofo/jicofo-authpassword "$JICOFO_AUTH_PASSWORD" + else + JICOFO_AUTH_PASSWORD="$RET" fi - JICOFO_AUTH_PASSWORD="$RET" db_get jicofo/jicofosecret if [ -z "$RET" ] ; then - db_input critical jicofo/jicofosecret || true - db_go + # if secret is missing generate it, and store it + JICOFO_SECRET=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'` + db_set jicofo/jicofosecret "$JICOFO_SECRET" + else + JICOFO_SECRET="$RET" fi - JICOFO_SECRET="$RET" JICOFO_AUTH_DOMAIN="auth.$JVB_HOSTNAME" @@ -88,6 +92,7 @@ case "$1" in if [ ! -f $PROSODY_HOST_CONFIG ] && ! grep -q "VirtualHost \"$JVB_HOSTNAME\"" $PROSODY_CONFIG_OLD; then PROSODY_CONFIG_PRESENT="false" mkdir -p /etc/prosody/conf.avail/ + mkdir -p /etc/prosody/conf.d/ cp /usr/share/doc/jitsi-meet-prosody/prosody.cfg.lua-jvb.example $PROSODY_HOST_CONFIG sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $PROSODY_HOST_CONFIG sed -i "s/jitmeetSecret/$JVB_SECRET/g" $PROSODY_HOST_CONFIG @@ -132,7 +137,9 @@ case "$1" in ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt $AUTH_CRT_FILE ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt /usr/local/share/ca-certificates/$JICOFO_AUTH_DOMAIN.crt - update-ca-certificates + # we need to force updating certificates, in some cases java trust + # store not get re-generated with latest changes + update-ca-certificates -f # don't fail on systems with custom config ($PROSODY_HOST_CONFIG is missing) if [ -f $PROSODY_HOST_CONFIG ]; then diff --git a/debian/jitsi-meet-prosody.postrm b/debian/jitsi-meet-prosody.postrm index 89a1ff87bd..8f2c334ff7 100644 --- a/debian/jitsi-meet-prosody.postrm +++ b/debian/jitsi-meet-prosody.postrm @@ -35,6 +35,14 @@ case "$1" in if [ -n "$RET" ]; then rm -f /etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua rm -f /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua + + # clean up generated certificates + rm -f /etc/prosody/certs/$JVB_HOSTNAME.crt + rm -f /etc/prosody/certs/$JVB_HOSTNAME.key + rm -f /etc/prosody/certs/auth.$JVB_HOSTNAME.crt + rm -f /etc/prosody/certs/auth.$JVB_HOSTNAME.key + rm -rf /var/lib/prosody/auth.$JVB_HOSTNAME.* + rm -rf /var/lib/prosody/$JVB_HOSTNAME.* fi # Clear the debconf variable