Verify HMAC of invirt-vnc token before unpickling anything.
[invirt/packages/invirt-vnc-server.git] / debian / invirt-vnc-server.postinst
index ee266d9..f1919ae 100755 (executable)
@@ -20,12 +20,18 @@ set -e
 
 case "$1" in
     configure)
 
 case "$1" in
     configure)
-       if [ -z "$2" ]; then
-           echo "Please be sure to copy vncproxy.crt and vncproxykey.pem into /usr/share/invirt-vnc-server/"
-       fi
-        mkdir -p /etc/invirt/secrets
-        if ! [ -e /etc/invirt/secrets/vnc-key ]; then
-            openssl rand -base64 33 >/etc/invirt/secrets/vnc-key
+        mkdir -p /etc/invirt/vnc
+        if ! [ -e /etc/invirt/vnc/server.pem ]; then
+            openssl genrsa -out /etc/invirt/vnc/server.pem 1024 >/dev/null
+        fi
+        
+        if ! [ -e /etc/invirt/vnc/server.crt ]; then
+            openssl req -new -x509 -nodes -sha1 -days 730 -subj "/CN=$(hostname -f)" -key /etc/invirt/vnc/server.pem \
+                > /etc/invirt/vnc/server.crt
+        fi
+        
+        if ! [ -e /etc/invirt/vnc/token-key ]; then
+            openssl rand -base64 33 >/etc/invirt/vnc/token-key
         fi
     ;;
 
         fi
     ;;