Automated RPM config of imaps/pop3s during RPM install

Wed, 27 Mar 2002 13:32:32 -0800 

Here is a patch against the cyrus-imapd.spec file for the Red Hat
Linux RPMs cyrus-imapd-2.0.16-5rm.  This patch adds the creation and
use of a test SSL certificate automatically if openssl is also
installed.  Because under Red Hat 6.2 the imaps and pop3s service
names are not defined in /etc/services by default, these will also be
added if necessary.

With this patch, at least in my very limited testing (!), installing
cyrus-imapd frpm the RPM will allow connections to the imaps and pop3s
ports, and for STARTTLS to work on the standard IMAP port, with no
manual post-install configuration by the user at all related to
SSL/TLS.

Jonathan
------------------------------------------------------------------------

--- SPECS.orig/cyrus-imapd.spec Sun Jan 27 15:03:56 2002
+++ SPECS/cyrus-imapd.spec      Wed Mar 27 21:15:48 2002
@@ -1,6 +1,6 @@
 Name: cyrus-imapd
 Version: 2.0.16
-Release: 5rm
+Release: 5rm+ssl
 
 # In the following defines 1 means true or yes and 0 means false or no
 
@@ -603,6 +603,36 @@
 END {if(f){exit 0} exit 1}' %{_sysconfdir}/imapd.conf || \
 echo -e 'sievedir: /var/imap/sieve' >> %{_sysconfdir}/imapd.conf
 
+%triggerin -- openssl
+# Generate server key and certificate, and append lines to imapd.conf to use them
+umask 077
+CERT=/var/imap/server.pem
+CONF=/etc/imapd.conf
+
+if [ ! -f $CERT ] ; then
+     cat << EOF |openssl req -new -x509 -nodes -out $CERT -keyout $CERT -days 365
+--
+SomeState
+SomeCity
+SomeOrganization
+SomeOrganizationalUnit
+localhost.localdomain
[EMAIL PROTECTED]
+EOF
+    chown root.mail $CERT
+    chmod 0640      $CERT
+fi
+
+# Add entries to imapd.conf file to point to the new cert
+grep -sq ^tls_cert_file: $CONF || echo "tls_cert_file: $CERT" >>$CONF
+grep -sq ^tls_key_file: $CONF  || echo "tls_key_file: $CERT"  >>$CONF
+
+# Add imaps and pop3s services to /etc/services if necessary
+grep -sq "^pop3s[[:space:]]" /etc/services ||
+    echo -e "pop3s\t\t995/tcp\t\tpop-3s\tspop3\t# POP3 over SSL" >>/etc/services
+grep -sq "^imaps[[:space:]]" /etc/services ||
+    echo -e "imaps\t\t993/tcp\t\tsimap\t\t# IMAP over SSL" >>/etc/services
+
 %files
 %defattr(-,root,root)
 %config %{_sysconfdir}/cyrus.conf
@@ -698,6 +728,9 @@
 %attr(750,cyrus,mail) %{_localstatedir}/imap/sieve
 
 %changelog
+* Wed Mar 27 2002 Jonathan marsden <[EMAIL PROTECTED]>
+- Automatically generate and use a test SSL cert, if openssl is installed.
+
 * Sun Jan 27 2002 Ramiro Morales <[EMAIL PROTECTED]>
 - release 5rm
   README.RPM corrections

Reply via email to