From: Roland Rosenfeld <roland@debian.org>
Date: Fri, 5 Jun 2020 13:57:30 +0000 (+0200)
Subject: Debian: Adapt TLS/SSL settings to Debian FHS.
X-Git-Tag: v_3_0_30~280^2
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/@default-cgi@/@default-cgi@send-stylesheet?a=commitdiff_plain;h=d00eab1f0e37803066de23235ec7737cc964f2c1;p=privoxy.git

Debian: Adapt TLS/SSL settings to Debian FHS.
Generate dirs with correct permissions for https-inspection.
---

diff --git a/debian/changelog b/debian/changelog
index c12d6729..8c7fc523 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,8 +7,10 @@ privoxy (3.0.29~gitdbcfeb-1) UNRELEASED; urgency=medium
   * d/copyright: use ./ prefix to upstream filenames, because orig.tar.gz
     is build with a ./ prefix.
   * Compile --with-mbedtls to allow https-inspection.
+  * Adapt TLS/SSL settings to Debian FHS.
+  * Generate dirs with correct permissions for https-inspection.
 
- -- Roland Rosenfeld <roland@debian.org>  Sat, 04 Apr 2020 14:46:51 +0200
+ -- Roland Rosenfeld <roland@debian.org>  Fri, 05 Jun 2020 18:13:53 +0200
 
 privoxy (3.0.28-3) unstable; urgency=medium
 
diff --git a/debian/dirs b/debian/dirs
index 5125740d..47d3b870 100644
--- a/debian/dirs
+++ b/debian/dirs
@@ -1,7 +1,9 @@
 etc/privoxy
+etc/privoxy/CA
 usr/bin
 usr/sbin
 usr/share/doc/privoxy
 usr/share/man/man1
 usr/share/privoxy
+var/lib/privoxy/certs
 var/log/privoxy
diff --git a/debian/patches/14_config.patch b/debian/patches/14_config.patch
index ae9ed8c6..05c39203 100644
--- a/debian/patches/14_config.patch
+++ b/debian/patches/14_config.patch
@@ -1,5 +1,5 @@
 From: Roland Rosenfeld <roland@debian.org>
-Date: Sat, 11 Feb 2006 21:27:14 +0100
+Date: Fri, 05 Jun 2020 15:51:09 +0200
 Subject: Several Debian specific changes to config file
 
 --- a/config
@@ -31,3 +31,30 @@ Subject: Several Debian specific changes to config file
  #
  #  2.5. actionsfile
  #  =================
+@@ -2474,7 +2474,7 @@ socket-timeout 300
+ #
+ #      ca-directory /usr/local/etc/privoxy/CA
+ #
+-#ca-directory /usr/local/etc/privoxy/CA
++#ca-directory /etc/privoxy/CA
+ #
+ #  7.2. ca-cert-file
+ #  ==================
+@@ -2615,7 +2615,7 @@ socket-timeout 300
+ #
+ #      certificate-directory /usr/local/var/privoxy/certs
+ #
+-#certificate-directory /usr/local/var/privoxy/certs
++#certificate-directory /var/lib/privoxy/certs
+ #
+ #  7.6. trusted-cas-file
+ #  ======================
+@@ -2648,7 +2648,7 @@ socket-timeout 300
+ #
+ #      trusted-cas-file trusted_cas_file.pem
+ #
+-#trusted-cas-file trustedCAs.pem
++#trusted-cas-file /etc/ssl/certs/ca-certificates.crt
+ #
+ #  8. WINDOWS GUI OPTIONS
+ #  =======================
diff --git a/debian/postinst b/debian/postinst
index 1d53d07b..a841de78 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -40,6 +40,8 @@ case "$1" in
 	chown privoxy $CONFDIR/user.action $CONFDIR/trust
 	[ -f $CONFDIR/match-all.action ] \
 	    && chown privoxy $CONFDIR/match-all.action
+	chown privoxy:adm /var/lib/privoxy/certs
+	chmod 700 /var/lib/privoxy/certs
 
 	db_get privoxy/listen-address || true
 	perl -le '