debian/exim4_refresh_gnutls-params

   1 #!/bin/sh
   2 set -e
   3
   4 if [ -n "$EX4DEBUG" ]; then
   5   echo "now debugging $0 $@"
   6   set -x
   7 fi
   8
   9
  10 # regenerate $EXIM4_SPOOLDIR/gnutls-params-*
  11 # As this can take _very_ long on machines with little entropy, we limit
  12 # the maximum runtime to 1800 seconds and keep using the
  13 # old file otherwise.
  14
  15 # Only do anything if exim4 is actually installed
  16 if [ ! -x /usr/lib/exim4/exim4 ]; then
  17   exit 0
  18 fi
  19
  20 # Only do anyting if TLS is enabled in exim
  21 if [ -z "$(/usr/lib/exim4/exim4 -bP tls_advertise_hosts | sed 's/.*=[[:space:]]\(.*\)/\1/')" ]; then
  22   # TLS disabled
  23   exit 0
  24 fi
  25
  26 TIMEOUT=${1:-1800}
  27
  28 EXIM4_SPOOLDIR="${EXIM4_SPOOLDIR:-$(/usr/lib/exim4/exim4 -bP spool_directory | sed 's/.*=[[:space:]]\(.*\)/\1/')}"
  29 cd $EXIM4_SPOOLDIR
  30
  31 # loop over gnutls-params-files
  32 for paramfile in `find -maxdepth 1 -regex '\./gnutls-params-[0-9][0-9][0-9]*'` ; do
  33   bits=`echo ${paramfile} | sed -e 's:\./gnutls-params-::'`
  34   tempgnutls=$(tempfile --directory $EXIM4_SPOOLDIR --mode 644 --prefix  "gnutp" )
  35
  36   if [ -x /usr/bin/certtool ] ; then
  37     # GnuTLS
  38     if timeout --preserve-status --kill-after=15 \
  39         "$TIMEOUT" /usr/bin/certtool --generate-dh-params --bits ${bits} \
  40         > "$tempgnutls" 2> /dev/null ; then
  41       cat "$tempgnutls" > "${paramfile}" ; rm -f "$tempgnutls"
  42     else
  43       rm -f "$tempgnutls"
  44       break
  45     fi
  46   else
  47     # gnutls-bin not installed, let exim generate the DH params
  48     rm -f "${paramfile}" "$tempgnutls"
  49   fi
  50 done
  51
  52 # vim:tabstop=2:expandtab:shiftwidth=2