packaging: disable postinst auto-setup

Disabled keys generation because it could lead to change of certificate
during an update => security issue.
Reconfiguration of yaml is disabled because user will now have to run
`dhtnet-crtmgr --interactive`, which create the file if needed.

Change-Id: I388ab1cebf75d248600f070be4eb108766bfe993

CMakeLists.txt

@@ -144,6 +144,15 @@ if (DNC_SYSTEMD AND BUILD_TOOLS AND NOT MSVC)
         set(SYSTEMD_UNIT_INSTALL_DIR ${DNC_SYSTEMD_UNIT_FILE_LOCATION})
     endif()
 
+    if (NOT DEFINED DNC_SYSTEMD_PRESET_FILE_LOCATION OR NOT DNC_SYSTEMD_PRESET_FILE_LOCATION)
+        execute_process(COMMAND ${PKG_CONFIG_EXECUTABLE} systemd --variable=systemdsystempresetdir
+                        OUTPUT_VARIABLE SYSTEMD_PRESET_INSTALL_DIR)
+        message("-- Using Systemd preset installation directory by pkg-config: " ${SYSTEMD_PRESET_INSTALL_DIR})
+    else()
+        message("-- Using Systemd preset installation directory requested: " ${DNC_SYSTEMD_PRESET_FILE_LOCATION})
+        set(SYSTEMD_PRESET_INSTALL_DIR ${DNC_SYSTEMD_PRESET_FILE_LOCATION})
+    endif()
+
     configure_file (
         tools/dnc/systemd/dnc.service.in
         systemd/dnc.service
@@ -153,6 +162,11 @@ if (DNC_SYSTEMD AND BUILD_TOOLS AND NOT MSVC)
         string(REGEX REPLACE "[ \t\n]+" "" SYSTEMD_UNIT_INSTALL_DIR "${SYSTEMD_UNIT_INSTALL_DIR}")
         set (systemdunitdir "${SYSTEMD_UNIT_INSTALL_DIR}")
         install (FILES ${CMAKE_CURRENT_BINARY_DIR}/systemd/dnc.service DESTINATION ${systemdunitdir})
+
+        string(REGEX REPLACE "[ \t\n]+" "" SYSTEMD_PRESET_INSTALL_DIR "${SYSTEMD_PRESET_INSTALL_DIR}")
+        set (systemdpresetdir "${SYSTEMD_PRESET_INSTALL_DIR}")
+        install (FILES tools/dnc/systemd/dhtnet-dnc.preset DESTINATION ${systemdpresetdir})
+
         install (FILES tools/dnc/dnc.yaml DESTINATION ${sysconfdir}/dhtnet/)
     else()
         message(WARNING "Systemd unit installation directory not found. The systemd unit won't be installed.")

extras/packaging/gnu-linux/debian/postinst

@@ -3,23 +3,21 @@ set -e
 
 umask 022
 
-create_server_keys() {
-    mkdir -p /etc/dhtnet/id
-    if [ ! -f /etc/dhtnet/id/id-server.crt ] && [ ! -f /etc/dhtnet/id/id-server.pem ]; then
-        echo "Generating server keys..."
-        dhtnet-crtmgr --setup -o /etc/dhtnet/
-        dhtnet-crtmgr -a -c /etc/dhtnet/id/id-server.crt -p /etc/dhtnet/id/id-server.pem
-        configure_yaml
-        disable_dnc_service
-    fi
+main() {
+    mkdir -p /etc/dhtnet
+    # disabled because is shouldn't create key on behalf of user:
+    # create_key_pair_if_not_exist()
+
+    # disabled because we now use systemd preset system to disabled by default:
+    # disable_dnc_service
     echo "===================="
-    echo "dnc server installed and configured."
-    echo "To configure it, edit /etc/dhtnet/dnc.yaml"
-    echo "To enable and start server, run:"
+    echo "dnc server installed."
+    echo "To configure your dnc client and/or server, run:"
+    echo "  dhtnet-crtmgr --interactive"
+    echo "Server configuration is in /etc/dhtnet/dnc.yaml"
+    echo "After configuration, enable and start server with:"
     echo "  systemctl enable dnc.service"
     echo "  systemctl start dnc.service"
-    echo "To configure your dnc client, run:"
-    echo "  dhtnet-crtmgr --interactive"
     echo "===================="
 }
 
@@ -31,58 +29,19 @@ create_server_keys() {
 #     fi
 # }
 
-disable_dnc_service() {
-    systemctl stop dnc.service
-    systemctl disable dnc.service
-}
+# disable_dnc_service() {
+#     systemctl stop dnc.service
+#     systemctl disable dnc.service
+# }
 
-configure_yaml() {
-    if [ -f /etc/dhtnet/dnc.yaml ]; then
-        sed -i 's/^#certificate:.*$/certificate: \"\/etc\/dhtnet\/id\/id-server.crt\"/' /etc/dhtnet/dnc.yaml
-        sed -i 's/^#privateKey:.*$/privateKey: \"\/etc\/dhtnet\/id\/id-server.pem\"/' /etc/dhtnet/dnc.yaml
-    else
-        {
-            echo "# The bootstrap node serves as the entry point to the DHT network."
-            echo "# By default, bootstrap.jami.net is configured for the public DHT network and should be used for personal use only."
-            echo "# For production environments, it is recommended to set up your own bootstrap node to establish your own DHT network."
-            echo "# Documentation: https://docs.jami.net/en_US/user/lan-only.html#boostraping"
-            echo "bootstrap: \"bootstrap.jami.net\""
-            echo ""
-            echo "# TURN server is used as a fallback for connections if the NAT block all possible connections."
-            echo "# By default is turn.jami.net (which uses coturn) but can be any TURN."
-            echo "# Developer must set up their own TURN server."
-            echo "# Documentation: https://docs.jami.net/en_US/developer/going-further/setting-up-your-own-turn-server.html"
-            echo "turn_host: \"turn.jami.net\""
-            echo "turn_user: \"ring\""
-            echo "turn_pass: \"ring\""
-            echo "turn_realm: \"ring\""
-            echo ""
-            echo "# When verbose is set to true, the server logs all incoming connections"
-            echo "verbose: false"
-            echo ""
-            echo "# If true, will send request to use UPNP if available"
-            echo "enable_upnp: true"
-            echo ""
-            echo "# On server, identities are saved in /etc/dhtnet/id/"
-            echo "certificate: \"/etc/dhtnet/id/id-server.crt\""
-            echo "privateKey: \"/etc/dhtnet/id/id-server.pem\""
-            echo ""
-            echo "# When anonymous is set to true, the server accepts any connection without checking CA"
-            echo "# When anonymous is set to false, the server allows only connection which are issued by the same CA as the server"
-            echo "anonymous: false"
-            echo ""
-            echo "# List of authorized services"
-            echo "# Each service is defined by an IP and a port"
-            echo "authorized_services:"
-            echo "  - ip: \"127.0.0.1\""
-            echo "    port: 22"
-            echo "  # - ip: \"127.0.0.1\""
-            echo "  #   port: 80"
-            echo "  # - ip: \"127.0.0.1\""
-            echo "  #   port: 443"
-            echo ""
-        } > /etc/dhtnet/dnc.yaml
-    fi
-}
+# create_key_pair_if_not_exist() {
+#     mkdir -p /etc/dhtnet/id
+#     mkdir -p /etc/dhtnet/CA
+#     if [ ! -f /etc/dhtnet/id/id-server.crt ] && [ ! -f /etc/dhtnet/id/id-server.pem ]; then
+#         echo "Generating server keys..."
+#         dhtnet-crtmgr --setup -o /etc/dhtnet/
+#         dhtnet-crtmgr -a -c /etc/dhtnet/id/id-server.crt -p /etc/dhtnet/id/id-server.pem
+#     fi
+# }
 
-create_server_keys
+main

extras/packaging/gnu-linux/debian/rules

@@ -16,3 +16,4 @@ override_dh_auto_configure:
 	      -DCMAKE_LIBRARY_ARCHITECTURE="$(DEB_TARGET_MULTIARCH)" \
 		  -DBUILD_TESTING=OFF
 		  -DBUILD_BENCHMARKS=OFF
+		  -DDNC_SYSTEMD=ON

tools/dnc/systemd/dhtnet-dnc.preset

@@ -0,0 +1 @@
+disable dnc.service