Commit | Line | Data |
---|---|---|
89fb561f AM |
1 | #!/bin/sh |
2 | set -e | |
3 | ||
4 | if [ -n "$EX4DEBUG" ]; then | |
5 | echo "now debugging $0 $@" | |
6 | set -x | |
7 | fi | |
8 | ||
9 | ||
10 | # regenerate $EXIM4_SPOOLDIR/gnutls-params-* | |
11 | # As this can take _very_ long on machines with little entropy, we limit | |
12 | # the maximum runtime to 1800 seconds and keep using the | |
13 | # old file otherwise. | |
14 | ||
15 | # Only do anything if exim4 is actually installed | |
16 | if [ ! -x /usr/lib/exim4/exim4 ]; then | |
17 | exit 0 | |
18 | fi | |
19 | ||
20 | # Only do anyting if TLS is enabled in exim | |
21 | if [ -z "$(/usr/lib/exim4/exim4 -bP tls_advertise_hosts | sed 's/.*=[[:space:]]\(.*\)/\1/')" ]; then | |
22 | # TLS disabled | |
23 | exit 0 | |
24 | fi | |
25 | ||
26 | TIMEOUT=${1:-1800} | |
27 | ||
28 | EXIM4_SPOOLDIR="${EXIM4_SPOOLDIR:-$(/usr/lib/exim4/exim4 -bP spool_directory | sed 's/.*=[[:space:]]\(.*\)/\1/')}" | |
29 | cd $EXIM4_SPOOLDIR | |
30 | ||
31 | # loop over gnutls-params-files | |
32 | for paramfile in `find -maxdepth 1 -regex '\./gnutls-params-[0-9][0-9][0-9]*'` ; do | |
33 | bits=`echo ${paramfile} | sed -e 's:\./gnutls-params-::'` | |
34 | tempgnutls=$(tempfile --directory $EXIM4_SPOOLDIR --mode 644 --prefix "gnutp" ) | |
35 | ||
36 | if [ -x /usr/bin/certtool ] ; then | |
37 | # GnuTLS | |
38 | if timeout --preserve-status --kill-after=15 \ | |
39 | "$TIMEOUT" /usr/bin/certtool --generate-dh-params --bits ${bits} \ | |
40 | > "$tempgnutls" 2> /dev/null ; then | |
41 | cat "$tempgnutls" > "${paramfile}" ; rm -f "$tempgnutls" | |
42 | else | |
43 | rm -f "$tempgnutls" | |
44 | break | |
45 | fi | |
46 | else | |
47 | # gnutls-bin not installed, let exim generate the DH params | |
48 | rm -f "${paramfile}" "$tempgnutls" | |
49 | fi | |
50 | done | |
51 | ||
52 | # vim:tabstop=2:expandtab:shiftwidth=2 |