Generate self-signed cert in /etc/ssl/private/kasmvnc.pem

I piggyback on ssl-cert package that's got ssl-cert group and the directory /etc/ssl/private, the group can read files from (but not list files there). Thus, by adding a user to ssl-cert group, they can read both ssl-cert certificates and the KasmVNC certificate.o Note: currently, KasmVNC only supports one file that must contain both private and public keys. For this reason, I didn't use the snakeoil certificate from ssl-cert, as it's split into two files.
2021-01-03 23:12:21 +13:00
parent a7e7deaf99
commit eaa5c24439
3 changed files with 16 additions and 1 deletions
--- a/debian/postinst
+++ b/debian/postinst
@@ -17,6 +17,16 @@ set -e
 # for details, see https://www.debian.org/doc/debian-policy/ or
 # the debian-policy package

+make_self_signed_certificate() {
+  local cert_file=/etc/ssl/private/kasmvnc.pem
+  [ -f "$cert_file" ] && return 0
+
+  openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$cert_file" \
+  -out "$cert_file" -subj \
+  "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
+  chgrp ssl-cert "$cert_file"
+  chmod g+r "$cert_file"
+}

 case "$1" in
    configure)
@@ -31,6 +41,8 @@ case "$1" in
          --slave "$mandir/man1/$generic_command.1.gz" "$generic_command.1.gz" \
            "$mandir/man1/$kasm_command.1.gz"
      done
+
+      make_self_signed_certificate
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)