Generate self-signed cert in /etc/ssl/private/kasmvnc.pem

I piggyback on ssl-cert package that's got ssl-cert group and the
directory /etc/ssl/private, the group can read files from (but not list
files there). Thus, by adding a user to ssl-cert group, they can read
both ssl-cert certificates and the KasmVNC certificate.o

Note: currently, KasmVNC only supports one file that must contain both
private and public keys. For this reason, I didn't use the snakeoil
certificate from ssl-cert, as it's split into two files.
This commit is contained in:
Dmitry Maksyoma 2021-01-03 23:12:21 +13:00
parent a7e7deaf99
commit eaa5c24439
3 changed files with 16 additions and 1 deletions

2
debian/control vendored
View File

@ -10,7 +10,7 @@ Homepage: https://github.com/kasmtech/KasmVNC
Package: kasmvncserver Package: kasmvncserver
Architecture: amd64 Architecture: amd64
Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, python, xauth Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, ssl-cert, python, xauth
Provides: vnc-server Provides: vnc-server
Description: virtual network computing server with web interface Description: virtual network computing server with web interface
Lorem ipsum Lorem ipsum

12
debian/postinst vendored
View File

@ -17,6 +17,16 @@ set -e
# for details, see https://www.debian.org/doc/debian-policy/ or # for details, see https://www.debian.org/doc/debian-policy/ or
# the debian-policy package # the debian-policy package
make_self_signed_certificate() {
local cert_file=/etc/ssl/private/kasmvnc.pem
[ -f "$cert_file" ] && return 0
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$cert_file" \
-out "$cert_file" -subj \
"/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
chgrp ssl-cert "$cert_file"
chmod g+r "$cert_file"
}
case "$1" in case "$1" in
configure) configure)
@ -31,6 +41,8 @@ case "$1" in
--slave "$mandir/man1/$generic_command.1.gz" "$generic_command.1.gz" \ --slave "$mandir/man1/$generic_command.1.gz" "$generic_command.1.gz" \
"$mandir/man1/$kasm_command.1.gz" "$mandir/man1/$kasm_command.1.gz"
done done
make_self_signed_certificate
;; ;;
abort-upgrade|abort-remove|abort-deconfigure) abort-upgrade|abort-remove|abort-deconfigure)

View File

@ -20,6 +20,9 @@ set -e
case "$1" in case "$1" in
purge)
rm -r /etc/ssl/private/kasmvnc.pem
;;
purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;; ;;