Verify HMAC of invirt-vnc token before unpickling anything.
[invirt/packages/invirt-vnc-server.git] / debian / invirt-vnc-server.postinst
old mode 100644 (file)
new mode 100755 (executable)
index c7e3d1f..f1919ae
@@ -20,9 +20,19 @@ set -e
 
 case "$1" in
     configure)
-       if [ -z "$2" ]; then
-           echo "Please be sure to copy vncproxy.crt and vncproxykey.pem into /usr/share/invirt-vnc-server/"
-       fi
+        mkdir -p /etc/invirt/vnc
+        if ! [ -e /etc/invirt/vnc/server.pem ]; then
+            openssl genrsa -out /etc/invirt/vnc/server.pem 1024 >/dev/null
+        fi
+        
+        if ! [ -e /etc/invirt/vnc/server.crt ]; then
+            openssl req -new -x509 -nodes -sha1 -days 730 -subj "/CN=$(hostname -f)" -key /etc/invirt/vnc/server.pem \
+                > /etc/invirt/vnc/server.crt
+        fi
+        
+        if ! [ -e /etc/invirt/vnc/token-key ]; then
+            openssl rand -base64 33 >/etc/invirt/vnc/token-key
+        fi
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)