diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-04-09 09:22:56 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-04-09 09:22:56 +0000 |
| commit | 360dba98ba678692e46482beae42a1c7bf1d4b33 (patch) | |
| tree | fa1db227a0a803c1183e9c4a119b385e1ca7f737 /debian/strongswan-starter.config | |
| parent | 02c055c1366d390f55b20801a40d9d94e72efd19 (diff) | |
| download | vyos-strongswan-360dba98ba678692e46482beae42a1c7bf1d4b33.tar.gz vyos-strongswan-360dba98ba678692e46482beae42a1c7bf1d4b33.zip | |
Sync postinst, rules, and debconf handling with openswan.
Diffstat (limited to 'debian/strongswan-starter.config')
| -rw-r--r-- | debian/strongswan-starter.config | 61 |
1 files changed, 30 insertions, 31 deletions
diff --git a/debian/strongswan-starter.config b/debian/strongswan-starter.config index eb5f2c2dd..cb9de0964 100644 --- a/debian/strongswan-starter.config +++ b/debian/strongswan-starter.config @@ -2,8 +2,6 @@ . /usr/share/debconf/confmodule -db_input medium strongswan/start_level || true - # disable for now, until we can deal with the don't-edit-conffiles situation #db_input high strongswan/ikev1 || true #db_input high strongswan/ikev2 || true @@ -12,36 +10,37 @@ db_input medium strongswan/restart || true db_input high strongswan/enable-oe || true -db_input high strongswan/create_rsa_key || true -db_go || true - -db_get strongswan/create_rsa_key +db_get strongswan/install_x509_certificate if [ "$RET" = "true" ]; then - # create a new certificate - db_input medium strongswan/rsa_key_length || true - db_input high strongswan/x509_self_signed || true - # we can't allow the country code to be empty - openssl will - # refuse to create a certificate this way - countrycode="" - while [ -z "$countrycode" ]; do - db_input medium strongswan/x509_country_code || true - db_go || true - db_get strongswan/x509_country_code - countrycode="$RET" - done - db_input medium strongswan/x509_state_name || true - db_input medium strongswan/x509_locality_name || true - db_input medium strongswan/x509_organization_name || true - db_input medium strongswan/x509_organizational_unit || true - db_input medium strongswan/x509_common_name || true - db_input medium strongswan/x509_email_address || true + db_input high strongswan/how_to_get_x509_certificate || true db_go || true -else - db_get strongswan/existing_x509_certificate - if [ "$RET" = "true" ]; then - # existing certificate - use it - db_input critical strongswan/existing_x509_certificate_filename || true - db_input critical strongswan/existing_x509_key_filename || true - db_go || true + + db_get strongswan/how_to_get_x509_certificate + if [ "$RET" = "create" ]; then + # create a new certificate + db_input medium strongswan/rsa_key_length || true + db_input high strongswan/x509_self_signed || true + # we can't allow the country code to be empty - openssl will + # refuse to create a certificate this way + countrycode="" + while [ -z "$countrycode" ]; do + db_input medium strongswan/x509_country_code || true + db_go || true + db_get strongswan/x509_country_code + countrycode="$RET" + done + db_input medium strongswan/x509_state_name || true + db_input medium strongswan/x509_locality_name || true + db_input medium strongswan/x509_organization_name || true + db_input medium strongswan/x509_organizational_unit || true + db_input medium strongswan/x509_common_name || true + db_input medium strongswan/x509_email_address || true + db_go || true + elif [ "$RET" = "import" ]; then + # existing certificate - use it + db_input critical strongswan/existing_x509_certificate_filename || true + db_input critical strongswan/existing_x509_key_filename || true + db_input critical strongswan/existing_x509_rootca_filename || true + db_go || true fi fi |