From eaa5c244393cf8814b830d132f7458b0185cf117 Mon Sep 17 00:00:00 2001
From: Dmitry Maksyoma <ledestin@gmail.com>
Date: Sun, 3 Jan 2021 23:12:21 +1300
Subject: [PATCH] Generate self-signed cert in /etc/ssl/private/kasmvnc.pem

I piggyback on ssl-cert package that's got ssl-cert group and the
directory /etc/ssl/private, the group can read files from (but not list
files there). Thus, by adding a user to ssl-cert group, they can read
both ssl-cert certificates and the KasmVNC certificate.o

Note: currently, KasmVNC only supports one file that must contain both
private and public keys. For this reason, I didn't use the snakeoil
certificate from ssl-cert, as it's split into two files.
---
 debian/control               |  2 +-
 debian/postinst              | 12 ++++++++++++
 debian/{postrm.ex => postrm} |  3 +++
 3 files changed, 16 insertions(+), 1 deletion(-)
 rename debian/{postrm.ex => postrm} (94%)

diff --git a/debian/control b/debian/control
index e4580b7..e58a869 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Homepage: https://github.com/kasmtech/KasmVNC
 
 Package: kasmvncserver
 Architecture: amd64
-Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, python, xauth
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, ssl-cert, python, xauth
 Provides: vnc-server
 Description: virtual network computing server with web interface
  Lorem ipsum
diff --git a/debian/postinst b/debian/postinst
index 258c216..0c099e2 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -17,6 +17,16 @@ set -e
 # for details, see https://www.debian.org/doc/debian-policy/ or
 # the debian-policy package
 
+make_self_signed_certificate() {
+  local cert_file=/etc/ssl/private/kasmvnc.pem
+  [ -f "$cert_file" ] && return 0
+
+  openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$cert_file" \
+  -out "$cert_file" -subj \
+  "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
+  chgrp ssl-cert "$cert_file"
+  chmod g+r "$cert_file"
+}
 
 case "$1" in
     configure)
@@ -31,6 +41,8 @@ case "$1" in
           --slave "$mandir/man1/$generic_command.1.gz" "$generic_command.1.gz" \
             "$mandir/man1/$kasm_command.1.gz"
       done
+
+      make_self_signed_certificate
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/debian/postrm.ex b/debian/postrm
similarity index 94%
rename from debian/postrm.ex
rename to debian/postrm
index 9f9ec2c..7868e7a 100644
--- a/debian/postrm.ex
+++ b/debian/postrm
@@ -20,6 +20,9 @@ set -e
 
 
 case "$1" in
+    purge)
+      rm -r /etc/ssl/private/kasmvnc.pem
+    ;;
     purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
     ;;