postinst

#!/bin/sh

set -e

#
# Skip, if we are not in "configure" state
#
if [ "$1" != "configure" ]; then
        echo "I: Skipping configuration"
        exit 0
fi

if [ ! -f /etc/ssl/private/pure-ftpd-dhparams.pem ] ; then
  #
  # generate dhparams if they don't exist already
  #
  /etc/cron.weekly/sympl-ftp --verbose
fi

#
#  Remove existing PAMAuthentication setup,
#
find /etc/pure-ftpd/auth/ -lname "*/PAMAuthentication"  -exec rm -f \{\} \;
find /etc/pure-ftpd/auth/ -lname "*/UnixAuthentication" -exec rm -f \{\} \;

#
# Edit our defaults to set it to "standalone"
#
if [ -f /etc/default/pure-ftpd-common ] ; then
  sed -i -e 's/^STANDALONE_OR_INETD=.*$/STANDALONE_OR_INETD=standalone/' /etc/default/pure-ftpd-common
fi

#
# Disable any inetd service
#
if [ -f /etc/inetd.conf -a -x /usr/sbin/update-inetd ] ; then
  update-inetd --disable ftp
  # Don't really care if this errors.
  invoke-rc.d  openbsd-inetd restart || true
fi

##
# SSL cert generation now in sympl-common
##

#
#  Link in the certificate if we have one.
#
if [ ! -e /etc/ssl/private/pure-ftpd.pem ]; then
    ln -s /etc/ssl/ssl.combined /etc/ssl/private/pure-ftpd.pem
fi

#
# Adjust config to allow UIDs lower than 1000
#
echo '33' > /etc/pure-ftpd/conf/MinUID


if [ -e /etc/ssl/private/pure-ftpd.pem ] ; then
  #
  #  TLS should be enforced if we did the linking.
  #
  echo '2' > /etc/pure-ftpd/conf/TLS

  # Set the TLS cipher suite
  echo 'HIGH:!TLSv1' > /etc/pure-ftpd/conf/TLSCipherSuite

fi

#DEBHELPER#

#
# Add symlinks for the monit script
# 
monit_dir="/etc/sympl/monit.d"
mkdir -p "$monit_dir"

for i in pure-ftpd; do
  monit_script="/usr/share/sympl/monit/checks/$i"
  link_target="$monit_dir/$i"

  if [ -x "$monit_script" ] && [ ! -e "$link_target" ]; then
    echo "I: Adding symlink for Sympl Monit script for $i"
    ln -s "$monit_script" "$link_target" || true
  fi
done

invoke-rc.d pure-ftpd restart

exit 0