47 lines
1.6 KiB
Bash
Executable File
47 lines
1.6 KiB
Bash
Executable File
#!/bin/sh -e
|
|
|
|
. /usr/share/debconf/confmodule
|
|
|
|
# disable for now, until we can deal with the don't-edit-conffiles situation
|
|
#db_input high strongswan/ikev1 || true
|
|
#db_input high strongswan/ikev2 || true
|
|
|
|
db_input medium strongswan/restart || true
|
|
|
|
db_input high strongswan/enable-oe || true
|
|
|
|
db_get strongswan/install_x509_certificate
|
|
if [ "$RET" = "true" ]; then
|
|
db_input high strongswan/how_to_get_x509_certificate || true
|
|
db_go || true
|
|
|
|
db_get strongswan/how_to_get_x509_certificate
|
|
if [ "$RET" = "create" ]; then
|
|
# create a new certificate
|
|
db_input medium strongswan/rsa_key_length || true
|
|
db_input high strongswan/x509_self_signed || true
|
|
# we can't allow the country code to be empty - openssl will
|
|
# refuse to create a certificate this way
|
|
countrycode=""
|
|
while [ -z "$countrycode" ]; do
|
|
db_input medium strongswan/x509_country_code || true
|
|
db_go || true
|
|
db_get strongswan/x509_country_code
|
|
countrycode="$RET"
|
|
done
|
|
db_input medium strongswan/x509_state_name || true
|
|
db_input medium strongswan/x509_locality_name || true
|
|
db_input medium strongswan/x509_organization_name || true
|
|
db_input medium strongswan/x509_organizational_unit || true
|
|
db_input medium strongswan/x509_common_name || true
|
|
db_input medium strongswan/x509_email_address || true
|
|
db_go || true
|
|
elif [ "$RET" = "import" ]; then
|
|
# existing certificate - use it
|
|
db_input critical strongswan/existing_x509_certificate_filename || true
|
|
db_input critical strongswan/existing_x509_key_filename || true
|
|
db_input critical strongswan/existing_x509_rootca_filename || true
|
|
db_go || true
|
|
fi
|
|
fi
|