mirror of
https://github.com/kasmtech/KasmVNC.git
synced 2024-12-24 15:49:06 +01:00
Generate self-signed cert in /etc/ssl/private/kasmvnc.pem
I piggyback on ssl-cert package that's got ssl-cert group and the directory /etc/ssl/private, the group can read files from (but not list files there). Thus, by adding a user to ssl-cert group, they can read both ssl-cert certificates and the KasmVNC certificate.o Note: currently, KasmVNC only supports one file that must contain both private and public keys. For this reason, I didn't use the snakeoil certificate from ssl-cert, as it's split into two files.
This commit is contained in:
parent
a7e7deaf99
commit
eaa5c24439
2
debian/control
vendored
2
debian/control
vendored
@ -10,7 +10,7 @@ Homepage: https://github.com/kasmtech/KasmVNC
|
|||||||
|
|
||||||
Package: kasmvncserver
|
Package: kasmvncserver
|
||||||
Architecture: amd64
|
Architecture: amd64
|
||||||
Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, python, xauth
|
Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends}, ssl-cert, python, xauth
|
||||||
Provides: vnc-server
|
Provides: vnc-server
|
||||||
Description: virtual network computing server with web interface
|
Description: virtual network computing server with web interface
|
||||||
Lorem ipsum
|
Lorem ipsum
|
||||||
|
12
debian/postinst
vendored
12
debian/postinst
vendored
@ -17,6 +17,16 @@ set -e
|
|||||||
# for details, see https://www.debian.org/doc/debian-policy/ or
|
# for details, see https://www.debian.org/doc/debian-policy/ or
|
||||||
# the debian-policy package
|
# the debian-policy package
|
||||||
|
|
||||||
|
make_self_signed_certificate() {
|
||||||
|
local cert_file=/etc/ssl/private/kasmvnc.pem
|
||||||
|
[ -f "$cert_file" ] && return 0
|
||||||
|
|
||||||
|
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout "$cert_file" \
|
||||||
|
-out "$cert_file" -subj \
|
||||||
|
"/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
|
||||||
|
chgrp ssl-cert "$cert_file"
|
||||||
|
chmod g+r "$cert_file"
|
||||||
|
}
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
configure)
|
configure)
|
||||||
@ -31,6 +41,8 @@ case "$1" in
|
|||||||
--slave "$mandir/man1/$generic_command.1.gz" "$generic_command.1.gz" \
|
--slave "$mandir/man1/$generic_command.1.gz" "$generic_command.1.gz" \
|
||||||
"$mandir/man1/$kasm_command.1.gz"
|
"$mandir/man1/$kasm_command.1.gz"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
make_self_signed_certificate
|
||||||
;;
|
;;
|
||||||
|
|
||||||
abort-upgrade|abort-remove|abort-deconfigure)
|
abort-upgrade|abort-remove|abort-deconfigure)
|
||||||
|
3
debian/postrm.ex → debian/postrm
vendored
3
debian/postrm.ex → debian/postrm
vendored
@ -20,6 +20,9 @@ set -e
|
|||||||
|
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
|
purge)
|
||||||
|
rm -r /etc/ssl/private/kasmvnc.pem
|
||||||
|
;;
|
||||||
purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
|
purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
|
||||||
;;
|
;;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user