diff options
| author | Andreas Metzler <ametzler@debian.org> | 2005-07-30 12:49:56 +0000 |
|---|---|---|
| committer | Andreas Metzler <ametzler@debian.org> | 2005-07-30 12:49:56 +0000 |
| commit | f709eb23a86636c1a869c87eef0ca7f5b48c8b35 (patch) | |
| tree | 66e759f5144ac86880f8929093a1296891163fbc | |
| parent | ce1e1158657e2b9ec98efc1b6c2a16785c7c34e9 (diff) | |
| download | exim4-f709eb23a86636c1a869c87eef0ca7f5b48c8b35.tar.gz | |
Use certtool to re-generate gnutls-params
svn path=/exim/trunk/; revision=1212
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | debian/exim4-base.cron.daily | 14 | ||||
| -rw-r--r-- | debian/exim4-base.dirs | 1 | ||||
| -rw-r--r-- | debian/exim4-base.install | 2 | ||||
| -rwxr-xr-x | debian/rules | 3 |
5 files changed, 24 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index e73cebe..d0d8763 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,12 @@ exim4 (4.52-1.0) UNRELEASED; urgency=low Thanks to Aleix Badia i Bosch. (mh) Closes: #317429 * Update mk (Macedonian) translation. Thanks to Georgi Stanojevski. (mh) Closes: #320231 + * Use certtool from gnutls-bin in cron.daily to re-generate gnutls-params + instead of only removing the file and letting exim4 re-generate it at SMTP + time after receiving STARTTLS. The maximum runtime of certtool is limited + to 2*1800 seconds per default by using timeout.pl by Piotr Roszatycki + (checked and beautified by Marc 'HE' Brockschmidt). Add gnutls-bin to + exim4-base' Suggests. (am) Closes: #285371 -- Marc Haber <mh+debian-packages@zugschlus.de> Thu, 28 Jul 2005 07:51:12 +0200 diff --git a/debian/exim4-base.cron.daily b/debian/exim4-base.cron.daily index eee236d..e651466 100644 --- a/debian/exim4-base.cron.daily +++ b/debian/exim4-base.cron.daily @@ -27,4 +27,16 @@ if [ -x /usr/sbin/exim_tidydb ]; then --chuid Debian-exim:Debian-exim -- /var/spool/exim4 > /dev/null fi -rm -f /var/spool/exim4/gnutls-params +# regenerate /var/spool/exim4/gnutls-params +# As this can take _very_ long on machines with little entropy, we limit +# the maximum runtime to 2*$CERTTOOLTIMEOUT seconds and keep using the +# old file otherwise. +CERTTOOLTIMEOUT=1800 +if [ -e /var/spool/exim4/gnutls-params ] ; then + if [ -x /usr/bin/certtool ] ; then + start-stop-daemon --start --exec /usr/share/exim4/refresh_gnutls-params \ + --chuid Debian-exim:Debian-exim -- ${CERTTOOLTIMEOUT} + else + rm -f /var/spool/exim4/gnutls-params + fi +fi diff --git a/debian/exim4-base.dirs b/debian/exim4-base.dirs index a675d3f..a0945da 100644 --- a/debian/exim4-base.dirs +++ b/debian/exim4-base.dirs @@ -1,6 +1,7 @@ /usr/sbin /usr/bin /usr/share/man/man8 +/usr/share/exim4 /etc/cron.daily /etc/cron.d /etc/logrotate.d diff --git a/debian/exim4-base.install b/debian/exim4-base.install index 8e16f3e..76181f0 100644 --- a/debian/exim4-base.install +++ b/debian/exim4-base.install @@ -1 +1,3 @@ debian/script usr/share/bug/exim4-base +debian/timeout.pl usr/share/exim4 +debian/exim4_refresh_gnutls-params usr/share/exim4 diff --git a/debian/rules b/debian/rules index efd5e83..12cad16 100755 --- a/debian/rules +++ b/debian/rules @@ -196,7 +196,8 @@ cleanfiles: | xargs -0r rm -v pwd - chmod 755 $(DEBIAN)/exim-gencert + chmod 755 $(DEBIAN)/exim-gencert $(DEBIAN)/timeout.pl \ + $(DEBIAN)/exim4_refresh_gnutls-params ifeq ($(PO2DEBCONF),yes) # Compatibility with woody. echo 1 > debian/po/output |