From 35b201bcb2136f9f004452dfe5f26d358c1bb6c8 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank.brehm@profitbricks.com>
Date: Mon, 29 Feb 2016 11:49:42 +0100
Subject: [PATCH] Adding state for mkpostfixcert

---
 postfix/common.sls          | 10 ++++++++++
 postfix/files/mkpostfixcert | 40 +++++++++++++++++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 postfix/files/mkpostfixcert

diff --git a/postfix/common.sls b/postfix/common.sls
index 008132a..2e86e75 100644
--- a/postfix/common.sls
+++ b/postfix/common.sls
@@ -23,6 +23,16 @@ postfix:
     - require:
       - pkg: postfix
 
+/etc/postfix/mkpostfixcert:
+  file.managed:
+    - source: salt://postfix/files/mkpostfixcert
+    - user: root
+    - group: root
+    - mode: 744
+    - require:
+      - file: /etc/postfix
+    - backup: minion
+
 /etc/postfix/main.cf:
   file.managed:
     - source: salt://postfix/files/main.cf
diff --git a/postfix/files/mkpostfixcert b/postfix/files/mkpostfixcert
new file mode 100644
index 0000000..067735c
--- /dev/null
+++ b/postfix/files/mkpostfixcert
@@ -0,0 +1,40 @@
+#! /bin/sh
+#
+# This is a short script to quickly generate a self-signed X.509 key for
+# Postfix over SSL.  Normally this script would get called by an automatic
+# package installation routine.
+
+test -x /usr/bin/openssl || exit 0
+
+prefix="/usr"
+pemfile="/etc/postfix/postfix.pem"
+randfile="/etc/postfix/postfix.rand"
+conffile="/etc/postfix/postfix-cert.cnf"
+
+if [[ -f "${pemfile}" ]]; then
+  echo "${pemfile} already exists."
+  exit 1
+fi
+
+if [[ ! -f "${conffile}" [] ; then
+  echo "${conffile} does not exists!"
+  exit 2
+fi
+
+cp /dev/null "${pemfile}"
+chmod 600 "${pemfile}"
+chown root "${pemfile}"
+
+cleanup() {
+  rm -f "${pemfile}"
+  rm -f "${randfile}"
+  exit 1
+}
+
+dd if=/dev/urandom of="${randfile}" count=1 2>/dev/null
+/usr/bin/openssl req -new -x509 -days 3650 -nodes \
+        -config "${conffile}" -out "${pemfile}" -keyout "${pemfile}" || cleanup
+/usr/bin/openssl gendh -rand "${randfile}" 512 >> "${pemfile}" || cleanup
+/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in "${pemfile}" || cleanup
+rm -f "${randfile}"
+
-- 
2.39.5