Updates postinst prosody (#2896)

* Creates conf.d in /etc/prosody if missing.

Fixes a problem installing prosody 0.10 when using prosody repositories.

* Cleanups certificates on purge.

There are various occasions where users purge packages and the new installations after that generate certificate which doesn't end up in the java trust store on the target machine.

* Generate jicofo user and component passwords if missing.

There are situations where if prosody is already installed, the order of configuring the packages is not in the correct order. In those situations jitsi-meet-prosody got configured before jicofo and the user password and the component secret are not available and we ask the user for that and later when jicofo is configured we generate new set of them. Now we will end up always generating them in jitsi-meet-prosody or jicofo and we will reuse them. See https://github.com/jitsi/jicofo/pull/283.

debian/jitsi-meet-prosody.postinst

@@ -50,17 +50,21 @@ case "$1" in
 
         db_get jicofo/jicofo-authpassword
         if [ -z "$RET" ] ; then
-            db_input critical jicofo/jicofo-authpassword || true
-            db_go
+            # if password is missing generate it, and store it
+            JICOFO_AUTH_PASSWORD=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'`
+            db_set jicofo/jicofo-authpassword "$JICOFO_AUTH_PASSWORD"
+        else
+            JICOFO_AUTH_PASSWORD="$RET"
         fi
-        JICOFO_AUTH_PASSWORD="$RET"
 
         db_get jicofo/jicofosecret
         if [ -z "$RET" ] ; then
-            db_input critical jicofo/jicofosecret || true
-            db_go
+            # if secret is missing generate it, and store it
+            JICOFO_SECRET=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'`
+            db_set jicofo/jicofosecret "$JICOFO_SECRET"
+        else
+            JICOFO_SECRET="$RET"
         fi
-        JICOFO_SECRET="$RET"
 
         JICOFO_AUTH_DOMAIN="auth.$JVB_HOSTNAME"
 
@@ -88,6 +92,7 @@ case "$1" in
         if [ ! -f $PROSODY_HOST_CONFIG ] && ! grep -q "VirtualHost \"$JVB_HOSTNAME\"" $PROSODY_CONFIG_OLD; then
             PROSODY_CONFIG_PRESENT="false"
             mkdir -p /etc/prosody/conf.avail/
+            mkdir -p /etc/prosody/conf.d/
             cp /usr/share/doc/jitsi-meet-prosody/prosody.cfg.lua-jvb.example $PROSODY_HOST_CONFIG
             sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $PROSODY_HOST_CONFIG
             sed -i "s/jitmeetSecret/$JVB_SECRET/g" $PROSODY_HOST_CONFIG
@@ -132,7 +137,9 @@ case "$1" in
             ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt $AUTH_CRT_FILE
             ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt /usr/local/share/ca-certificates/$JICOFO_AUTH_DOMAIN.crt
 
-            update-ca-certificates
+            # we need to force updating certificates, in some cases java trust
+            # store not get re-generated with latest changes
+            update-ca-certificates -f
 
             # don't fail on systems with custom config ($PROSODY_HOST_CONFIG is missing)
             if [ -f $PROSODY_HOST_CONFIG ]; then

debian/jitsi-meet-prosody.postrm

@@ -35,6 +35,14 @@ case "$1" in
         if [ -n "$RET" ]; then
             rm -f /etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua
             rm -f /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua
+
+            # clean up generated certificates
+            rm -f /etc/prosody/certs/$JVB_HOSTNAME.crt
+            rm -f /etc/prosody/certs/$JVB_HOSTNAME.key
+            rm -f /etc/prosody/certs/auth.$JVB_HOSTNAME.crt
+            rm -f /etc/prosody/certs/auth.$JVB_HOSTNAME.key
+            rm -rf /var/lib/prosody/auth.$JVB_HOSTNAME.*
+            rm -rf /var/lib/prosody/$JVB_HOSTNAME.*
         fi
 
         # Clear the debconf variable