Debian: Adapt TLS/SSL settings to Debian FHS.

Generate dirs with correct permissions for https-inspection.

diff --git a/debian/changelog b/debian/changelog
index c12d672..8c7fc52 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,8 +7,10 @@ privoxy (3.0.29~gitdbcfeb-1) UNRELEASED; urgency=medium
   * d/copyright: use ./ prefix to upstream filenames, because orig.tar.gz
     is build with a ./ prefix.
   * Compile --with-mbedtls to allow https-inspection.
   * d/copyright: use ./ prefix to upstream filenames, because orig.tar.gz
     is build with a ./ prefix.
   * Compile --with-mbedtls to allow https-inspection.

+  * Adapt TLS/SSL settings to Debian FHS.
+  * Generate dirs with correct permissions for https-inspection.

 
 

- -- Roland Rosenfeld <roland@debian.org>  Sat, 04 Apr 2020 14:46:51 +0200
+ -- Roland Rosenfeld <roland@debian.org>  Fri, 05 Jun 2020 18:13:53 +0200

 
 privoxy (3.0.28-3) unstable; urgency=medium
 
 
 privoxy (3.0.28-3) unstable; urgency=medium
 

diff --git a/debian/dirs b/debian/dirs
index 5125740..47d3b87 100644 (file)
--- a/debian/dirs
+++ b/debian/dirs
@@ -1,7 +1,9 @@
 etc/privoxy
 etc/privoxy

+etc/privoxy/CA

 usr/bin
 usr/sbin
 usr/share/doc/privoxy
 usr/share/man/man1
 usr/share/privoxy
 usr/bin
 usr/sbin
 usr/share/doc/privoxy
 usr/share/man/man1
 usr/share/privoxy

+var/lib/privoxy/certs

 var/log/privoxy
 var/log/privoxy

diff --git a/debian/patches/14_config.patch b/debian/patches/14_config.patch
index ae9ed8c..05c3920 100644 (file)
--- a/debian/patches/14_config.patch
+++ b/debian/patches/14_config.patch
@@ -1,5 +1,5 @@
 From: Roland Rosenfeld <roland@debian.org>
 From: Roland Rosenfeld <roland@debian.org>

-Date: Sat, 11 Feb 2006 21:27:14 +0100
+Date: Fri, 05 Jun 2020 15:51:09 +0200

 Subject: Several Debian specific changes to config file
 
 --- a/config
 Subject: Several Debian specific changes to config file
 
 --- a/config


@@ -31,3 +31,30 @@ Subject: Several Debian specific changes to config file
  #
  #  2.5. actionsfile
  #  =================
  #
  #  2.5. actionsfile
  #  =================

+@@ -2474,7 +2474,7 @@ socket-timeout 300
+ #
+ #      ca-directory /usr/local/etc/privoxy/CA
+ #
+-#ca-directory /usr/local/etc/privoxy/CA
++#ca-directory /etc/privoxy/CA
+ #
+ #  7.2. ca-cert-file
+ #  ==================
+@@ -2615,7 +2615,7 @@ socket-timeout 300
+ #
+ #      certificate-directory /usr/local/var/privoxy/certs
+ #
+-#certificate-directory /usr/local/var/privoxy/certs
++#certificate-directory /var/lib/privoxy/certs
+ #
+ #  7.6. trusted-cas-file
+ #  ======================
+@@ -2648,7 +2648,7 @@ socket-timeout 300
+ #
+ #      trusted-cas-file trusted_cas_file.pem
+ #
+-#trusted-cas-file trustedCAs.pem
++#trusted-cas-file /etc/ssl/certs/ca-certificates.crt
+ #
+ #  8. WINDOWS GUI OPTIONS
+ #  =======================

diff --git a/debian/postinst b/debian/postinst
index 1d53d07..a841de7 100644 (file)
--- a/debian/postinst
+++ b/debian/postinst
@@ -40,6 +40,8 @@ case "$1" in
        chown privoxy $CONFDIR/user.action $CONFDIR/trust
        [ -f $CONFDIR/match-all.action ] \
            && chown privoxy $CONFDIR/match-all.action
        chown privoxy $CONFDIR/user.action $CONFDIR/trust
        [ -f $CONFDIR/match-all.action ] \
            && chown privoxy $CONFDIR/match-all.action

+       chown privoxy:adm /var/lib/privoxy/certs
+       chmod 700 /var/lib/privoxy/certs

 
        db_get privoxy/listen-address || true
        perl -le '
 
        db_get privoxy/listen-address || true
        perl -le '