#!/bin/sh

. /usr/share/debconf/confmodule

# Create the ssl-cert system group for snakeoil ownership:
if ! getent passwd ssl-cert >/dev/null; then
	addgroup --quiet --system ssl-cert
fi

# no need to perform any check. If the certificates are there
# it will exit 0.
make-ssl-cert generate-default-snakeoil

# Make sure the permissions on /etc/ssl/private are okay:
chgrp ssl-cert /etc/ssl/private
chmod g+x /etc/ssl/private

# If we're upgrading from an older version, fix the unreadable key:
if [ -n "$2" ]; then
	if dpkg --compare-versions "$2" lt 1.0.12; then
		chgrp ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key
		chmod g+r /etc/ssl/private/ssl-cert-snakeoil.key
	fi
fi

#DEBHELPER#
