commit 7ba80db17d0fe53dfc0eff9ed4dec46312e853e7 Author: Ximin Luo <infinity0@torproject.org> Date: Tue Aug 5 23:23:05 2014 +0100 generate key in the initscript instead of post-install - this allows things to work easily even on pre-installed system images, such as liveCDs, c.f. debian bug #594175 --- facilitator/Makefile.am | 24 ++++++++---------------- facilitator/init.d/fp-reg-decryptd.in | 10 ++++++++++ 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/facilitator/Makefile.am b/facilitator/Makefile.am index c1cc6f1..a4e0d39 100644 --- a/facilitator/Makefile.am +++ b/facilitator/Makefile.am @@ -73,10 +73,10 @@ uninstall-local: # non-standard directories to ./configure or DESTDIR to make. pre-install: meta-install-sanity install-user -post-install: meta-install-sanity install-secrets install-symlinks install-daemon +post-install: meta-install-sanity install-symlinks install-daemon pre-remove: meta-install-sanity remove-daemon remove-symlinks post-remove: meta-install-sanity -pre-purge: pre-remove remove-secrets remove-daemon-data +pre-purge: pre-remove remove-daemon-data post-purge: post-remove remove-user meta-install-sanity: @@ -111,17 +111,6 @@ remove-user: userdel \ ${fpfacilitatoruser} ; } || true -install-secrets: - test -f ${pkgconfdir}/reg-daemon.key || { \ - install -m 600 /dev/null ${pkgconfdir}/reg-daemon.key && \ - openssl genrsa 2048 | tee ${pkgconfdir}/reg-daemon.key | \ - openssl rsa -pubout > ${pkgconfdir}/reg-daemon.pub; } - -remove-secrets: - for i in reg-daemon.key reg-daemon.pub; do \ - rm -f ${pkgconfdir}/$$i; \ - done - install-symlinks: for i in fp-reg.go app.yaml; do \ $(LN_S) -f ${appenginedir}/$$i ${appengineconfdir}/$$i; \ @@ -159,14 +148,17 @@ if DO_INITSCRIPTS endif remove-daemon-data: + for i in reg-daemon.key reg-daemon.pub; do \ + rm -f ${pkgconfdir}/$$i; \ + done if DO_INITSCRIPTS for i in ${initscript_names}; do \ rm -f ${localstatedir}/log/$$i.log* \ - rm -f ${localstatedir}/run/$$i.pid \ + rm -f ${localstatedir}/run/$$i.pid; \ done endif .PHONY: pre-install post-install pre-remove post-remove pre-purge post-purge -.PHONY: install-user install-secrets install-symlinks install-daemon -.PHONY: remove-user remove-secrets remove-symlinks remove-daemon +.PHONY: install-user install-symlinks install-daemon +.PHONY: remove-user remove-symlinks remove-daemon .PHONY: pylint diff --git a/facilitator/init.d/fp-reg-decryptd.in b/facilitator/init.d/fp-reg-decryptd.in index 464a6c6..9aa033b 100755 --- a/facilitator/init.d/fp-reg-decryptd.in +++ b/facilitator/init.d/fp-reg-decryptd.in @@ -49,6 +49,16 @@ do_start() # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started + + # Automatically generate a key if one doesn't exist + if [ ! -f "$CONFDIR/reg-daemon.key" ]; then + echo >&2 "$CONFDIR/reg-daemon.key does not exist; generating it" + # prevent race for non-root to open read file handle + install -m 600 /dev/null "$CONFDIR/reg-daemon.key" + openssl genrsa 2048 | tee "$CONFDIR/reg-daemon.key" | \ + openssl rsa -pubout > "$CONFDIR/reg-daemon.pub" + fi + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \