- Modularize: move stuff to sub-packages.

1 files changed, 47 insertions, 0 deletions

diff --git a/debian/strongswan-starter.config b/debian/strongswan-starter.config
new file mode 100644
index 000000000..eb5f2c2dd
--- /dev/null
+++ b/debian/strongswan-starter.config
@@ -0,0 +1,47 @@
+#!/bin/sh -e
+
+. /usr/share/debconf/confmodule
+
+db_input medium strongswan/start_level || true
+
+# disable for now, until we can deal with the don't-edit-conffiles situation
+#db_input high strongswan/ikev1 || true
+#db_input high strongswan/ikev2 || true
+
+db_input medium strongswan/restart || true
+
+db_input high strongswan/enable-oe || true
+
+db_input high strongswan/create_rsa_key || true
+db_go || true
+
+db_get strongswan/create_rsa_key
+if [ "$RET" = "true" ]; then
+    # create a new certificate
+    db_input medium strongswan/rsa_key_length || true
+    db_input high strongswan/x509_self_signed || true
+    # we can't allow the country code to be empty - openssl will 
+    # refuse to create a certificate this way
+    countrycode=""
+    while [ -z "$countrycode" ]; do
+       db_input medium strongswan/x509_country_code || true
+       db_go || true
+       db_get strongswan/x509_country_code
+       countrycode="$RET"
+    done
+    db_input medium strongswan/x509_state_name || true
+    db_input medium strongswan/x509_locality_name || true
+    db_input medium strongswan/x509_organization_name || true
+    db_input medium strongswan/x509_organizational_unit || true
+    db_input medium strongswan/x509_common_name || true
+    db_input medium strongswan/x509_email_address || true
+    db_go || true
+else
+    db_get strongswan/existing_x509_certificate
+    if [ "$RET" = "true" ]; then
+        # existing certificate - use it
+        db_input critical strongswan/existing_x509_certificate_filename || true
+        db_input critical strongswan/existing_x509_key_filename || true
+        db_go || true
+    fi
+fi