[tor-commits] [flashproxy/master] generate key in the initscript instead of post-install

[infinity0 at torproject.org]

commit 7ba80db17d0fe53dfc0eff9ed4dec46312e853e7
Author: Ximin Luo <infinity0 at torproject.org>
Date:   Tue Aug 5 23:23:05 2014 +0100

    generate key in the initscript instead of post-install
    - this allows things to work easily even on pre-installed system images, such as liveCDs, c.f. debian bug #594175
---
 facilitator/Makefile.am               |   24 ++++++++----------------
 facilitator/init.d/fp-reg-decryptd.in |   10 ++++++++++
 2 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/facilitator/Makefile.am b/facilitator/Makefile.am
index c1cc6f1..a4e0d39 100644
--- a/facilitator/Makefile.am
+++ b/facilitator/Makefile.am
@@ -73,10 +73,10 @@ uninstall-local:
 # non-standard directories to ./configure or DESTDIR to make.
 
 pre-install: meta-install-sanity install-user
-post-install: meta-install-sanity install-secrets install-symlinks install-daemon
+post-install: meta-install-sanity install-symlinks install-daemon
 pre-remove: meta-install-sanity remove-daemon remove-symlinks
 post-remove: meta-install-sanity
-pre-purge: pre-remove remove-secrets remove-daemon-data
+pre-purge: pre-remove remove-daemon-data
 post-purge: post-remove remove-user
 
 meta-install-sanity:
@@ -111,17 +111,6 @@ remove-user:
 	  userdel \
 	    ${fpfacilitatoruser} ; } || true
 
-install-secrets:
-	test -f ${pkgconfdir}/reg-daemon.key || { \
-	  install -m 600 /dev/null ${pkgconfdir}/reg-daemon.key && \
-	  openssl genrsa 2048 | tee ${pkgconfdir}/reg-daemon.key | \
-	  openssl rsa -pubout > ${pkgconfdir}/reg-daemon.pub; }
-
-remove-secrets:
-	for i in reg-daemon.key reg-daemon.pub; do \
-	  rm -f ${pkgconfdir}/$$i; \
-	done
-
 install-symlinks:
 	for i in fp-reg.go app.yaml; do \
 	  $(LN_S) -f ${appenginedir}/$$i ${appengineconfdir}/$$i; \
@@ -159,14 +148,17 @@ if DO_INITSCRIPTS
 endif
 
 remove-daemon-data:
+	for i in reg-daemon.key reg-daemon.pub; do \
+	  rm -f ${pkgconfdir}/$$i; \
+	done
 if DO_INITSCRIPTS
 	for i in ${initscript_names}; do \
 	  rm -f ${localstatedir}/log/$$i.log* \
-	  rm -f ${localstatedir}/run/$$i.pid \
+	  rm -f ${localstatedir}/run/$$i.pid; \
 	done
 endif
 
 .PHONY: pre-install post-install pre-remove post-remove pre-purge post-purge
-.PHONY: install-user install-secrets install-symlinks install-daemon
-.PHONY: remove-user remove-secrets remove-symlinks remove-daemon
+.PHONY: install-user install-symlinks install-daemon
+.PHONY: remove-user remove-symlinks remove-daemon
 .PHONY: pylint
diff --git a/facilitator/init.d/fp-reg-decryptd.in b/facilitator/init.d/fp-reg-decryptd.in
index 464a6c6..9aa033b 100755
--- a/facilitator/init.d/fp-reg-decryptd.in
+++ b/facilitator/init.d/fp-reg-decryptd.in
@@ -49,6 +49,16 @@ do_start()
 	#   0 if daemon has been started
 	#   1 if daemon was already running
 	#   2 if daemon could not be started
+
+	# Automatically generate a key if one doesn't exist
+	if [ ! -f "$CONFDIR/reg-daemon.key" ]; then
+		echo >&2 "$CONFDIR/reg-daemon.key does not exist; generating it"
+		# prevent race for non-root to open read file handle
+		install -m 600 /dev/null "$CONFDIR/reg-daemon.key"
+		openssl genrsa 2048 | tee "$CONFDIR/reg-daemon.key" | \
+		  openssl rsa -pubout > "$CONFDIR/reg-daemon.pub"
+	fi
+
 	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
 		|| return 1
 	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \