[hcoop/debian/exim4.git] / debian / exim4_refresh_gnutls-params

#!/bin/sh
set -e

if [ -n "$EX4DEBUG" ]; then
  echo "now debugging $0 $@"
  set -x
fi


# regenerate $EXIM4_SPOOLDIR/gnutls-params-*
# As this can take _very_ long on machines with little entropy, we limit
# the maximum runtime to 1800 seconds and keep using the
# old file otherwise.

# Only do anything if exim4 is actually installed
if [ ! -x /usr/lib/exim4/exim4 ]; then
  exit 0
fi

# Only do anyting if TLS is enabled in exim
if [ -z "$(/usr/lib/exim4/exim4 -bP tls_advertise_hosts | sed 's/.*=[[:space:]]\(.*\)/\1/')" ]; then 
  # TLS disabled
  exit 0
fi

TIMEOUT=${1:-1800}

EXIM4_SPOOLDIR="${EXIM4_SPOOLDIR:-$(/usr/lib/exim4/exim4 -bP spool_directory | sed 's/.*=[[:space:]]\(.*\)/\1/')}"
cd $EXIM4_SPOOLDIR

# loop over gnutls-params-files
for paramfile in `find -maxdepth 1 -regex '\./gnutls-params-[0-9][0-9][0-9]*'` ; do
  bits=`echo ${paramfile} | sed -e 's:\./gnutls-params-::'`
  tempgnutls=$(tempfile --directory $EXIM4_SPOOLDIR --mode 644 --prefix  "gnutp" )

  if [ -x /usr/bin/certtool ] ; then
    # GnuTLS
    if timeout --preserve-status --kill-after=15 \
        "$TIMEOUT" /usr/bin/certtool --generate-dh-params --bits ${bits} \
        > "$tempgnutls" 2> /dev/null ; then
      cat "$tempgnutls" > "${paramfile}" ; rm -f "$tempgnutls"
    else
      rm -f "$tempgnutls"
      break
    fi
  else
    # gnutls-bin not installed, let exim generate the DH params
    rm -f "${paramfile}" "$tempgnutls"
  fi
done

# vim:tabstop=2:expandtab:shiftwidth=2
Commit	Line	Data
89fb561f AM	1	#!/bin/sh
	2	set -e
	3
	4	if [ -n "$EX4DEBUG" ]; then
	5	echo "now debugging $0 $@"
	6	set -x
	7	fi
	8
	9
	10	# regenerate $EXIM4_SPOOLDIR/gnutls-params-*
	11	# As this can take _very_ long on machines with little entropy, we limit
	12	# the maximum runtime to 1800 seconds and keep using the
	13	# old file otherwise.
	14
	15	# Only do anything if exim4 is actually installed
	16	if [ ! -x /usr/lib/exim4/exim4 ]; then
	17	exit 0
	18	fi
	19
	20	# Only do anyting if TLS is enabled in exim
	21	if [ -z "$(/usr/lib/exim4/exim4 -bP tls_advertise_hosts \| sed 's/.=[[:space:]]\(.\)/\1/')" ]; then
	22	# TLS disabled
	23	exit 0
	24	fi
	25
	26	TIMEOUT=${1:-1800}
	27
	28	EXIM4_SPOOLDIR="${EXIM4_SPOOLDIR:-$(/usr/lib/exim4/exim4 -bP spool_directory \| sed 's/.=[[:space:]]\(.\)/\1/')}"
	29	cd $EXIM4_SPOOLDIR
	30
	31	# loop over gnutls-params-files
	32	for paramfile in `find -maxdepth 1 -regex '\./gnutls-params-[0-9][0-9][0-9]*'` ; do
	33	bits=`echo ${paramfile} \| sed -e 's:\./gnutls-params-::'`
	34	tempgnutls=$(tempfile --directory $EXIM4_SPOOLDIR --mode 644 --prefix "gnutp" )
	35
	36	if [ -x /usr/bin/certtool ] ; then
	37	# GnuTLS
	38	if timeout --preserve-status --kill-after=15 \
	39	"$TIMEOUT" /usr/bin/certtool --generate-dh-params --bits ${bits} \
	40	> "$tempgnutls" 2> /dev/null ; then
	41	cat "$tempgnutls" > "${paramfile}" ; rm -f "$tempgnutls"
	42	else
	43	rm -f "$tempgnutls"
	44	break
	45	fi
	46	else
	47	# gnutls-bin not installed, let exim generate the DH params
	48	rm -f "${paramfile}" "$tempgnutls"
	49	fi
	50	done
	51
	52	# vim:tabstop=2:expandtab:shiftwidth=2