/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk
505.1.13 by Teddy Hogeborn
Miscellaneous fixes prompted by lintian:
1
#!/bin/sh
187.1.1 by Teddy Hogeborn
* debian/mandos.postinst: New. Create mandos user and group.
2
# This script can be called in the following ways:
3
#
4
# After the package was installed:
5
#       <postinst> configure <old-version>
6
#
7
#
8
# If prerm fails during upgrade or fails on failed upgrade:
9
#       <old-postinst> abort-upgrade <new-version>
10
#
11
# If prerm fails during deconfiguration of a package:
12
#       <postinst> abort-deconfigure in-favour <new-package> <version>
13
#                  removing <old-package> <version>
14
#
15
# If prerm fails during replacement due to conflict:
16
#       <postinst> abort-remove in-favour <new-package> <version>
17
967 by Teddy Hogeborn
Show debconf note about new TLS key IDs
18
. /usr/share/debconf/confmodule
19
505.1.13 by Teddy Hogeborn
Miscellaneous fixes prompted by lintian:
20
set -e
21
187.1.1 by Teddy Hogeborn
* debian/mandos.postinst: New. Create mandos user and group.
22
case "$1" in
23
    configure)
238 by Teddy Hogeborn
First version of a somewhat complete D-Bus server interface. Also
24
	# Rename old "mandos" user and group
347 by Teddy Hogeborn
* debian/mandos.postinst (configure): Don't look for user and group
25
	if dpkg --compare-versions "$2" lt "1.0.3-1"; then
26
	    case "`getent passwd mandos`" in
27
		*:Mandos\ password\ system,,,:/nonexistent:/bin/false)
28
		    usermod --login _mandos mandos
29
		    groupmod --new-name _mandos mandos
1158 by Teddy Hogeborn
Debian package: Only reload dbus daemon if necessary
30
		    # Reload D-Bus daemon to be aware of the _mandos
31
		    # user & group
32
		    if [ -x /etc/init.d/dbus ]; then
33
			invoke-rc.d dbus force-reload || :
34
		    fi
347 by Teddy Hogeborn
* debian/mandos.postinst (configure): Don't look for user and group
35
		    ;;
36
	    esac
37
	fi
238 by Teddy Hogeborn
First version of a somewhat complete D-Bus server interface. Also
38
	# Create new user and group
39
	if ! getent passwd _mandos >/dev/null; then
40
	    adduser --system --force-badname --quiet \
41
		--home /nonexistent --no-create-home --group \
42
		--disabled-password --gecos "Mandos password system" \
43
		_mandos
1158 by Teddy Hogeborn
Debian package: Only reload dbus daemon if necessary
44
	    # Reload D-Bus daemon to be aware of the _mandos user &
45
	    # group
46
	    if [ -x /etc/init.d/dbus ]; then
47
		invoke-rc.d dbus force-reload || :
48
	    fi
825 by Teddy Hogeborn
Server bug fix: Include CAP_SETGID so it does not run as root
49
	elif dpkg --compare-versions "$2" eq 1.7.4-1 \
50
		|| dpkg --compare-versions "$2" eq "1.7.4-1~bpo8+1"
51
	then
52
	    start=no
53
	    if ! [ -f /var/lib/mandos/clients.pickle ]; then
54
		invoke-rc.d mandos stop
55
		start=yes
56
	    fi
57
	    chown _mandos:_mandos /var/lib/mandos/clients.pickle \
58
		  2>/dev/null || :
59
	    if [ "$start" = yes ]; then
60
		invoke-rc.d mandos start
61
	    fi
187.1.1 by Teddy Hogeborn
* debian/mandos.postinst: New. Create mandos user and group.
62
	fi
837 by Teddy Hogeborn
Server: Make persistent state directory mode u=rwx,go=
63
	if ! dpkg-statoverride --list "/var/lib/mandos" >/dev/null \
64
	     2>&1; then
65
	    chown _mandos:_mandos /var/lib/mandos
66
	    chmod u=rwx,go= /var/lib/mandos
67
	fi
967 by Teddy Hogeborn
Show debconf note about new TLS key IDs
68
971 by Teddy Hogeborn
Bug fix: Only create TLS key with certtool, and read correct key file
69
	if dpkg --compare-versions "$2" eq "1.8.0-1" \
70
		|| dpkg --compare-versions "$2" eq "1.8.0-1~bpo9+1"; then
71
	    if grep --quiet --regexp='^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$' /etc/mandos/clients.conf; then
72
		sed --in-place \
73
		    --expression='/^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$/d' \
74
		    /etc/mandos/clients.conf
75
		invoke-rc.d mandos restart
76
		db_version 2.0
77
		db_fset mandos/removed_bad_key_ids seen false
78
		db_reset mandos/removed_bad_key_ids
79
		db_input critical mandos/removed_bad_key_ids || true
80
		db_go
81
		db_stop
82
	    fi
83
	fi
84
967 by Teddy Hogeborn
Show debconf note about new TLS key IDs
85
	gnutls_version=$(dpkg-query --showformat='${Version}' \
86
				    --show libgnutls30 \
87
				    2>/dev/null || :)
88
	if [ -n "$gnutls_version" ] \
89
	       && dpkg --compare-versions $gnutls_version ge 3.6.6; then
90
	    db_version 2.0
91
	    db_input critical mandos/key_id || true
92
	    db_go
93
	    db_stop
94
	fi
187.1.1 by Teddy Hogeborn
* debian/mandos.postinst: New. Create mandos user and group.
95
	;;
518.2.2 by Teddy Hogeborn
Directory with persistent state can now be changed with the "statedir"
96
    
187.1.1 by Teddy Hogeborn
* debian/mandos.postinst: New. Create mandos user and group.
97
    abort-upgrade|abort-deconfigure|abort-remove)
98
	;;
518.2.2 by Teddy Hogeborn
Directory with persistent state can now be changed with the "statedir"
99
    
187.1.1 by Teddy Hogeborn
* debian/mandos.postinst: New. Create mandos user and group.
100
    *)
275 by Teddy Hogeborn
* debian/mandos-client.postinst: Converted to Bourne shell. Also
101
	echo "$0 called with unknown argument '$1'" 1>&2
187.1.1 by Teddy Hogeborn
* debian/mandos.postinst: New. Create mandos user and group.
102
	exit 1
103
	;;
104
esac
105
650 by Teddy Hogeborn
Fix Debian package bug with avahi-daemon 0.6.31-2 or older.
106
# Avahi version 0.6.31-2 and older provides "avahi" (instead of
107
# "avahi-daemon") in its /etc/init.d script header.  To make
108
# insserv(8) happy, we edit our /etc/init.d script header to contain
109
# the correct string before the code added by dh_installinit calls
690 by Teddy Hogeborn
Fix typo in code comment.
110
# update.rc-d, which calls insserv.
650 by Teddy Hogeborn
Fix Debian package bug with avahi-daemon 0.6.31-2 or older.
111
avahi_version="`dpkg-query --showformat='${Version}' --show avahi-daemon`"
112
if dpkg --compare-versions "$avahi_version" le 0.6.31-2; then
113
    sed --in-place --expression='/^### BEGIN INIT INFO$/,/^### END INIT INFO$/s/^\(# Required-\(Stop\|Start\):.*avahi\)-daemon\>/\1/g' /etc/init.d/mandos
114
fi
115
187.1.1 by Teddy Hogeborn
* debian/mandos.postinst: New. Create mandos user and group.
116
#DEBHELPER#
117
118
exit 0