commit 88a3c8cd2bb136c1ce5393ffe8ee607547ca901b
author Louis Maillard <louis.maillard@savoirfairelinux.com> Wed Jul 24 16:25:45 2024 -0400
committer Louis Maillard <louis.maillard@savoirfairelinux.com> Thu Jul 25 14:44:16 2024 -0400
tree 4bd6995bbb640c19ffe2dce65623621187243935
parent 45db776536a8be48aa245cd2c07c1512513f7ce6

packaging: disable postinst auto-setup

Disabled keys generation because it could lead to change of certificate
during an update => security issue.
Reconfiguration of yaml is disabled because user will now have to run
`dhtnet-crtmgr --interactive`, which create the file if needed.

Change-Id: I388ab1cebf75d248600f070be4eb108766bfe993

extras/packaging/gnu-linux/debian/postinst

diff --git a/extras/packaging/gnu-linux/debian/postinst b/extras/packaging/gnu-linux/debian/postinst
index d716e78..aeb8833 100644
--- a/extras/packaging/gnu-linux/debian/postinst
+++ b/extras/packaging/gnu-linux/debian/postinst
@@ -3,23 +3,21 @@
 
 umask 022
 
-create_server_keys() {
-    mkdir -p /etc/dhtnet/id
-    if [ ! -f /etc/dhtnet/id/id-server.crt ] && [ ! -f /etc/dhtnet/id/id-server.pem ]; then
-        echo "Generating server keys..."
-        dhtnet-crtmgr --setup -o /etc/dhtnet/
-        dhtnet-crtmgr -a -c /etc/dhtnet/id/id-server.crt -p /etc/dhtnet/id/id-server.pem
-        configure_yaml
-        disable_dnc_service
-    fi
+main() {
+    mkdir -p /etc/dhtnet
+    # disabled because is shouldn't create key on behalf of user:
+    # create_key_pair_if_not_exist()
+
+    # disabled because we now use systemd preset system to disabled by default:
+    # disable_dnc_service
     echo "===================="
-    echo "dnc server installed and configured."
-    echo "To configure it, edit /etc/dhtnet/dnc.yaml"
-    echo "To enable and start server, run:"
+    echo "dnc server installed."
+    echo "To configure your dnc client and/or server, run:"
+    echo "  dhtnet-crtmgr --interactive"
+    echo "Server configuration is in /etc/dhtnet/dnc.yaml"
+    echo "After configuration, enable and start server with:"
     echo "  systemctl enable dnc.service"
     echo "  systemctl start dnc.service"
-    echo "To configure your dnc client, run:"
-    echo "  dhtnet-crtmgr --interactive"
     echo "===================="
 }
 
@@ -31,58 +29,19 @@
 #     fi
 # }
 
-disable_dnc_service() {
-    systemctl stop dnc.service
-    systemctl disable dnc.service
-}
+# disable_dnc_service() {
+#     systemctl stop dnc.service
+#     systemctl disable dnc.service
+# }
 
-configure_yaml() {
-    if [ -f /etc/dhtnet/dnc.yaml ]; then
-        sed -i 's/^#certificate:.*$/certificate: \"\/etc\/dhtnet\/id\/id-server.crt\"/' /etc/dhtnet/dnc.yaml
-        sed -i 's/^#privateKey:.*$/privateKey: \"\/etc\/dhtnet\/id\/id-server.pem\"/' /etc/dhtnet/dnc.yaml
-    else
-        {
-            echo "# The bootstrap node serves as the entry point to the DHT network."
-            echo "# By default, bootstrap.jami.net is configured for the public DHT network and should be used for personal use only."
-            echo "# For production environments, it is recommended to set up your own bootstrap node to establish your own DHT network."
-            echo "# Documentation: https://docs.jami.net/en_US/user/lan-only.html#boostraping"
-            echo "bootstrap: \"bootstrap.jami.net\""
-            echo ""
-            echo "# TURN server is used as a fallback for connections if the NAT block all possible connections."
-            echo "# By default is turn.jami.net (which uses coturn) but can be any TURN."
-            echo "# Developer must set up their own TURN server."
-            echo "# Documentation: https://docs.jami.net/en_US/developer/going-further/setting-up-your-own-turn-server.html"
-            echo "turn_host: \"turn.jami.net\""
-            echo "turn_user: \"ring\""
-            echo "turn_pass: \"ring\""
-            echo "turn_realm: \"ring\""
-            echo ""
-            echo "# When verbose is set to true, the server logs all incoming connections"
-            echo "verbose: false"
-            echo ""
-            echo "# If true, will send request to use UPNP if available"
-            echo "enable_upnp: true"
-            echo ""
-            echo "# On server, identities are saved in /etc/dhtnet/id/"
-            echo "certificate: \"/etc/dhtnet/id/id-server.crt\""
-            echo "privateKey: \"/etc/dhtnet/id/id-server.pem\""
-            echo ""
-            echo "# When anonymous is set to true, the server accepts any connection without checking CA"
-            echo "# When anonymous is set to false, the server allows only connection which are issued by the same CA as the server"
-            echo "anonymous: false"
-            echo ""
-            echo "# List of authorized services"
-            echo "# Each service is defined by an IP and a port"
-            echo "authorized_services:"
-            echo "  - ip: \"127.0.0.1\""
-            echo "    port: 22"
-            echo "  # - ip: \"127.0.0.1\""
-            echo "  #   port: 80"
-            echo "  # - ip: \"127.0.0.1\""
-            echo "  #   port: 443"
-            echo ""
-        } > /etc/dhtnet/dnc.yaml
-    fi
-}
+# create_key_pair_if_not_exist() {
+#     mkdir -p /etc/dhtnet/id
+#     mkdir -p /etc/dhtnet/CA
+#     if [ ! -f /etc/dhtnet/id/id-server.crt ] && [ ! -f /etc/dhtnet/id/id-server.pem ]; then
+#         echo "Generating server keys..."
+#         dhtnet-crtmgr --setup -o /etc/dhtnet/
+#         dhtnet-crtmgr -a -c /etc/dhtnet/id/id-server.crt -p /etc/dhtnet/id/id-server.pem
+#     fi
+# }
 
-create_server_keys
+main

extras/packaging/gnu-linux/debian/rules

diff --git a/extras/packaging/gnu-linux/debian/rules b/extras/packaging/gnu-linux/debian/rules
index bb4a235..fc2266f 100755
--- a/extras/packaging/gnu-linux/debian/rules
+++ b/extras/packaging/gnu-linux/debian/rules
@@ -16,3 +16,4 @@
 	      -DCMAKE_LIBRARY_ARCHITECTURE="$(DEB_TARGET_MULTIARCH)" \
 		  -DBUILD_TESTING=OFF
 		  -DBUILD_BENCHMARKS=OFF
+		  -DDNC_SYSTEMD=ON