diff options
author | Florian Dold <florian@dold.me> | 2021-08-28 18:27:45 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-08-28 18:27:45 +0200 |
commit | ec6b80f070a235cdd60b0d8904f64969cf53569c (patch) | |
tree | fa77a417a055ebc8f8022566b008aa7f287fe6be | |
parent | 830bc7ab2debe5822504e4690237c8ba77a0259e (diff) | |
download | gnunet-ec6b80f070a235cdd60b0d8904f64969cf53569c.tar.gz gnunet-ec6b80f070a235cdd60b0d8904f64969cf53569c.zip |
debian: more fixes and formatting
-rw-r--r-- | debian/gnunet.config | 6 | ||||
-rw-r--r-- | debian/gnunet.postinst | 348 | ||||
-rw-r--r-- | debian/gnunet.postrm | 66 |
3 files changed, 201 insertions, 219 deletions
diff --git a/debian/gnunet.config b/debian/gnunet.config index 6daa6818e..ebb94c56f 100644 --- a/debian/gnunet.config +++ b/debian/gnunet.config | |||
@@ -4,12 +4,6 @@ set -e | |||
4 | 4 | ||
5 | . /usr/share/debconf/confmodule | 5 | . /usr/share/debconf/confmodule |
6 | 6 | ||
7 | db_input low gnunet-systempeer/username || true | ||
8 | db_go | ||
9 | |||
10 | db_input low gnunet-systempeer/groupname || true | ||
11 | db_go | ||
12 | |||
13 | db_input medium gnunet-systempeer/autostart || true | 7 | db_input medium gnunet-systempeer/autostart || true |
14 | db_go | 8 | db_go |
15 | 9 | ||
diff --git a/debian/gnunet.postinst b/debian/gnunet.postinst index bde8b1462..d5ee9188d 100644 --- a/debian/gnunet.postinst +++ b/debian/gnunet.postinst | |||
@@ -9,13 +9,13 @@ set -e | |||
9 | # in /etc/nsswitch.conf to automatically enable nss-gns support; do not change | 9 | # in /etc/nsswitch.conf to automatically enable nss-gns support; do not change |
10 | # the configuration if the "hosts" line already references some gns lookups | 10 | # the configuration if the "hosts" line already references some gns lookups |
11 | insert_gns() { | 11 | insert_gns() { |
12 | echo -n "Checking NSS setup..." | 12 | echo -n "Checking NSS setup..." |
13 | # abort if /etc/nsswitch.conf does not exist | 13 | # abort if /etc/nsswitch.conf does not exist |
14 | if ! [ -e /etc/nsswitch.conf ]; then | 14 | if ! [ -e /etc/nsswitch.conf ]; then |
15 | echo "Could not find /etc/nsswitch.conf." | 15 | echo "Could not find /etc/nsswitch.conf." |
16 | return 1 | 16 | return 1 |
17 | fi | 17 | fi |
18 | perl -i -pe ' | 18 | perl -i -pe ' |
19 | sub insert { | 19 | sub insert { |
20 | # this also splits on tab | 20 | # this also splits on tab |
21 | my @bits=split(" ", shift); | 21 | my @bits=split(" ", shift); |
@@ -35,180 +35,172 @@ insert_gns() { | |||
35 | } | 35 | } |
36 | s/^(hosts:\s+)(.*)/$1.insert($2)/e; | 36 | s/^(hosts:\s+)(.*)/$1.insert($2)/e; |
37 | ' /etc/nsswitch.conf | 37 | ' /etc/nsswitch.conf |
38 | echo " done." | 38 | echo " done." |
39 | } | 39 | } |
40 | 40 | ||
41 | case "${1}" in | 41 | case "${1}" in |
42 | configure) | 42 | configure) |
43 | db_version 2.0 | 43 | db_version 2.0 |
44 | 44 | ||
45 | _USERNAME="gnunet" | 45 | _USERNAME="gnunet" |
46 | _GROUPNAME="gnunet" | 46 | _GROUPNAME="gnunet" |
47 | 47 | ||
48 | db_get gnunet-systempeer/autostart | 48 | db_get gnunet-systempeer/autostart |
49 | _AUTOSTART="${RET}" # boolean | 49 | _AUTOSTART="${RET}" # boolean |
50 | 50 | ||
51 | db_get gnunet-dns/libnsswitch | 51 | db_get gnunet-dns/libnsswitch |
52 | _LIBNSSWITCH="${RET}" # boolean | 52 | _LIBNSSWITCH="${RET}" # boolean |
53 | 53 | ||
54 | db_get gnunet-user/proxy | 54 | db_get gnunet-user/proxy |
55 | _PROXY="${RET}" # boolean | 55 | _PROXY="${RET}" # boolean |
56 | 56 | ||
57 | db_stop | 57 | db_stop |
58 | 58 | ||
59 | CONFIG_FILE="/etc/default/gnunet" | 59 | CONFIG_FILE="/etc/default/gnunet" |
60 | 60 | ||
61 | # Read default values | 61 | # Read default values |
62 | GNUNET_HOME="/var/lib/gnunet" | 62 | GNUNET_HOME="/var/lib/gnunet" |
63 | eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]') | 63 | eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]') |
64 | 64 | ||
65 | # Creating gnunet group if needed | 65 | # Creating gnunet group if needed |
66 | if ! getent group ${_GROUPNAME} > /dev/null | 66 | if ! getent group ${_GROUPNAME} >/dev/null; then |
67 | then | 67 | echo -n "Creating new GNUnet group ${_GROUPNAME}:" |
68 | echo -n "Creating new GNUnet group ${_GROUPNAME}:" | 68 | addgroup --quiet --system ${_GROUPNAME} |
69 | addgroup --quiet --system ${_GROUPNAME} | 69 | echo " done." |
70 | echo " done." | 70 | fi |
71 | fi | 71 | |
72 | 72 | # Creating gnunet user if needed | |
73 | # Creating gnunet user if needed | 73 | if ! getent passwd ${_USERNAME} >/dev/null; then |
74 | if ! getent passwd ${_USERNAME} > /dev/null | 74 | echo -n "Creating new GNUnet user ${_USERNAME}:" |
75 | then | 75 | adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME} |
76 | echo -n "Creating new GNUnet user ${_USERNAME}:" | 76 | echo " done." |
77 | adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME} | 77 | fi |
78 | echo " done." | 78 | |
79 | fi | 79 | # Add a special secured group |
80 | 80 | GNUNETDNS_GROUP="gnunetdns" | |
81 | # Add a special secured group | 81 | |
82 | GNUNETDNS_GROUP="gnunetdns" | 82 | # Creating gnunetdns group if needed |
83 | 83 | if ! getent group ${GNUNETDNS_GROUP} >/dev/null; then | |
84 | # Creating gnunetdns group if needed | 84 | echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:" |
85 | if ! getent group ${GNUNETDNS_GROUP} > /dev/null | 85 | addgroup --quiet --system ${GNUNETDNS_GROUP} |
86 | then | 86 | echo " done." |
87 | echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:" | 87 | fi |
88 | addgroup --quiet --system ${GNUNETDNS_GROUP} | 88 | |
89 | echo " done." | 89 | # Copy the libnss_gns files to the libnss directory |
90 | fi | 90 | if ${_LIBNSSWITCH}; then |
91 | 91 | echo "Editing /etc/nsswitch.conf to use GNS before DNS" | |
92 | # Copy the libnss_gns files to the libnss directory | 92 | # $2 equals the currently installed version if it exists |
93 | if ${_LIBNSSWITCH} | 93 | if [ -z "$2" ]; then |
94 | then | 94 | # first install: setup the recommended configuration (unless |
95 | echo "Editing /etc/nsswitch.conf to use GNS before DNS" | 95 | # nsswitch.conf already contains mdns entries) |
96 | # $2 equals the currently installed version if it exists | 96 | insert_gns |
97 | if [ -z "$2" ]; then | 97 | if [ "$?" -gt 0 ]; then |
98 | # first install: setup the recommended configuration (unless | 98 | echo "nsswitch does not exist on this system" |
99 | # nsswitch.conf already contains mdns entries) | 99 | fi |
100 | insert_gns | 100 | fi |
101 | if [ "$?" -gt 0 ]; then | 101 | echo " done." |
102 | echo "nsswitch does not exist on this system" | 102 | fi |
103 | fi | 103 | |
104 | fi | 104 | # # Change the proxy settings for Firefox and Chromium if desired |
105 | echo " done." | 105 | # if ${_PROXY} |
106 | fi | 106 | # then |
107 | 107 | # mkdir -p /etc/X11/xinit/xinitrc.d/ | |
108 | # # Change the proxy settings for Firefox and Chromium if desired | 108 | #cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF" |
109 | # if ${_PROXY} | 109 | ##!/bin/bash |
110 | # then | 110 | #systemctl --user daemon-reload |
111 | # mkdir -p /etc/X11/xinit/xinitrc.d/ | 111 | #systemctl --user start gnunet-user |
112 | #cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF" | 112 | #systemctl --user enable gnunet-user |
113 | ##!/bin/bash | 113 | #user=$(whoami) |
114 | #systemctl --user daemon-reload | 114 | #gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES') |
115 | #systemctl --user start gnunet-user | 115 | # |
116 | #systemctl --user enable gnunet-user | 116 | ## Enable GNS proxy for new users informed by /etc/skel. |
117 | #user=$(whoami) | 117 | #if [ "$gnunet_proxy" ]; then |
118 | #gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES') | 118 | # |
119 | # | 119 | # # Calculate user specific port |
120 | ## Enable GNS proxy for new users informed by /etc/skel. | 120 | # port=$((8000+$(id -u $user))) |
121 | #if [ "$gnunet_proxy" ]; then | 121 | # |
122 | # | 122 | # gnunet-config -c $HOME/.config/gnunet.conf \ |
123 | # # Calculate user specific port | 123 | # --section=gns-proxy \ |
124 | # port=$((8000+$(id -u $user))) | 124 | # --option=OPTIONS \ |
125 | # | 125 | # --value="-p $port" |
126 | # gnunet-config -c $HOME/.config/gnunet.conf \ | 126 | # |
127 | # --section=gns-proxy \ | 127 | # # Firefox |
128 | # --option=OPTIONS \ | 128 | # defaultprofile=$(ls $HOME/.mozilla/firefox/*.default) |
129 | # --value="-p $port" | 129 | # if [ ! "$defaultprofile" ];then |
130 | # | 130 | # timeout 3s firefox --headless # dirty: create profile if not existent |
131 | # # Firefox | 131 | # fi |
132 | # defaultprofile=$(ls $HOME/.mozilla/firefox/*.default) | 132 | # for ffprofile in $HOME/.mozilla/firefox/*.*/; do |
133 | # if [ ! "$defaultprofile" ];then | 133 | # js=$ffprofile/user.js |
134 | # timeout 3s firefox --headless # dirty: create profile if not existent | 134 | # if [ -f "$js" ]; then |
135 | # fi | 135 | # sed -i '/Preferences for using the GNU Name System/d' "$js" |
136 | # for ffprofile in $HOME/.mozilla/firefox/*.*/; do | 136 | # sed -i '/network.proxy.socks/d' "$js" |
137 | # js=$ffprofile/user.js | 137 | # sed -i '/network.proxy.socks_port/d' "$js" |
138 | # if [ -f "$js" ]; then | 138 | # sed -i '/network.proxy.socks_remote_dns/d' "$js" |
139 | # sed -i '/Preferences for using the GNU Name System/d' "$js" | 139 | # sed -i '/network.proxy.type/d' "$js" |
140 | # sed -i '/network.proxy.socks/d' "$js" | 140 | # fi |
141 | # sed -i '/network.proxy.socks_port/d' "$js" | 141 | # echo "// Preferences for using the GNU Name System" >> "$js" |
142 | # sed -i '/network.proxy.socks_remote_dns/d' "$js" | 142 | # echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js" |
143 | # sed -i '/network.proxy.type/d' "$js" | 143 | # echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js" |
144 | # fi | 144 | # echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js" |
145 | # echo "// Preferences for using the GNU Name System" >> "$js" | 145 | # echo "user_pref(\"network.proxy.type\", 1);" >> "$js" |
146 | # echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js" | 146 | # done |
147 | # echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js" | 147 | # |
148 | # echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js" | 148 | # # Chromium |
149 | # echo "user_pref(\"network.proxy.type\", 1);" >> "$js" | 149 | # profile="$HOME/.profile" |
150 | # done | 150 | # if [ -f "$profile" ]; then |
151 | # | 151 | # sed -i '/CHROMIUM_USER_FLAGS/d' "$profile" |
152 | # # Chromium | 152 | # fi |
153 | # profile="$HOME/.profile" | 153 | # echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \ |
154 | # if [ -f "$profile" ]; then | 154 | # >> "$profile" |
155 | # sed -i '/CHROMIUM_USER_FLAGS/d' "$profile" | 155 | #fi |
156 | # fi | 156 | # |
157 | # echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \ | 157 | ## Create/Renew GNS certificate authority (CA) per user. |
158 | # >> "$profile" | 158 | #gnunet-gns-proxy-setup-ca |
159 | #fi | 159 | #EOF |
160 | # | 160 | # fi |
161 | ## Create/Renew GNS certificate authority (CA) per user. | 161 | |
162 | #gnunet-gns-proxy-setup-ca | 162 | # Update files and directories permissions. |
163 | #EOF | 163 | # Assuming default values, this *should* not be changed. |
164 | # fi | 164 | echo -n "Updating files and directories permissions:" |
165 | 165 | # Secure access to the data directory | |
166 | # Update files and directories permissions. | 166 | chmod 0700 "${GNUNET_HOME}" || true |
167 | # Assuming default values, this *should* not be changed. | 167 | # Restrict access on setuid binaries |
168 | echo -n "Updating files and directories permissions:" | 168 | for file in /usr/bin/gnunet-helper-exit \ |
169 | # Secure access to the data directory | 169 | /usr/bin/gnunet-helper-nat-client \ |
170 | chmod 0700 "${GNUNET_HOME}" || true | 170 | /usr/bin/gnunet-helper-nat-server \ |
171 | # Restrict access on setuid binaries | 171 | /usr/bin/gnunet-helper-transport-bluetooth \ |
172 | for file in /usr/bin/gnunet-helper-exit \ | 172 | /usr/bin/gnunet-helper-transport-wlan \ |
173 | /usr/bin/gnunet-helper-nat-client \ | 173 | /usr/bin/gnunet-helper-vpn; do |
174 | /usr/bin/gnunet-helper-nat-server \ | 174 | # only do something when no setting exists |
175 | /usr/bin/gnunet-helper-transport-bluetooth \ | 175 | if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]; then |
176 | /usr/bin/gnunet-helper-transport-wlan \ | 176 | chown root:${_GROUPNAME} $file |
177 | /usr/bin/gnunet-helper-vpn | 177 | chmod 4750 $file |
178 | do | 178 | fi |
179 | # only do something when no setting exists | 179 | done |
180 | if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ] | 180 | if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 && |
181 | then | 181 | [ -e /usr/bin/gnunet-helper-dns ]; then |
182 | chown root:${_GROUPNAME} $file | 182 | chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns |
183 | chmod 4750 $file | 183 | chmod 4750 /usr/bin/gnunet-helper-dns |
184 | fi | 184 | fi |
185 | done | 185 | if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 && |
186 | if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \ | 186 | [ -e /usr/bin/gnunet-service-dns ]; then |
187 | && [ -e /usr/bin/gnunet-helper-dns ] | 187 | chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns |
188 | then | 188 | chmod 2750 /usr/bin/gnunet-service-dns |
189 | chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns | 189 | fi |
190 | chmod 4750 /usr/bin/gnunet-helper-dns | 190 | echo " done." |
191 | fi | 191 | |
192 | if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \ | 192 | echo "All done." |
193 | && [ -e /usr/bin/gnunet-service-dns ] | 193 | |
194 | then | 194 | ;; |
195 | chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns | 195 | |
196 | chmod 2750 /usr/bin/gnunet-service-dns | 196 | abort-upgrade | abort-remove | abort-deconfigure) ;; |
197 | fi | 197 | |
198 | echo " done." | 198 | \ |
199 | 199 | \ | |
200 | echo "All done." | 200 | *) |
201 | 201 | echo "postinst called with unknown argument \`${1}'" >&2 | |
202 | ;; | 202 | exit 1 |
203 | 203 | ;; | |
204 | abort-upgrade|abort-remove|abort-deconfigure) | ||
205 | |||
206 | ;; | ||
207 | |||
208 | *) | ||
209 | echo "postinst called with unknown argument \`${1}'" >&2 | ||
210 | exit 1 | ||
211 | ;; | ||
212 | esac | 204 | esac |
213 | 205 | ||
214 | #DEBHELPER# | 206 | #DEBHELPER# |
diff --git a/debian/gnunet.postrm b/debian/gnunet.postrm index 4b60c570a..592fe04a1 100644 --- a/debian/gnunet.postrm +++ b/debian/gnunet.postrm | |||
@@ -3,11 +3,11 @@ | |||
3 | set -e | 3 | set -e |
4 | 4 | ||
5 | remove_gns() { | 5 | remove_gns() { |
6 | # abort if /etc/nsswitch.conf does not exist | 6 | # abort if /etc/nsswitch.conf does not exist |
7 | if ! [ -e /etc/nsswitch.conf ]; then | 7 | if ! [ -e /etc/nsswitch.conf ]; then |
8 | return | 8 | return |
9 | fi | 9 | fi |
10 | perl -i -pe ' | 10 | perl -i -pe ' |
11 | my @remove=( | 11 | my @remove=( |
12 | "gns [NOTFOUND=return]", | 12 | "gns [NOTFOUND=return]", |
13 | ); | 13 | ); |
@@ -25,45 +25,41 @@ remove_gns() { | |||
25 | _USERNAME="gnunet" | 25 | _USERNAME="gnunet" |
26 | _GROUPNAME="gnunet" | 26 | _GROUPNAME="gnunet" |
27 | GNUNETDNS_GROUP="gnunetdns" | 27 | GNUNETDNS_GROUP="gnunetdns" |
28 | if [ -e /usr/share/debconf/confmodule ] | 28 | if [ -e /usr/share/debconf/confmodule ]; then |
29 | then | 29 | . /usr/share/debconf/confmodule |
30 | . /usr/share/debconf/confmodule | 30 | db_version 2.0 |
31 | db_version 2.0 | ||
32 | 31 | ||
33 | db_get gnunet-dns/libnsswitch | 32 | db_get gnunet-dns/libnsswitch |
34 | _LIBNSSWITCH="${RET}" | 33 | _LIBNSSWITCH="${RET}" |
35 | fi | 34 | fi |
36 | 35 | ||
37 | |||
38 | case "${1}" in | 36 | case "${1}" in |
39 | purge) | 37 | purge) |
40 | if $_LIBNSSWITCH | 38 | if $_LIBNSSWITCH; then |
41 | then | 39 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 |
42 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 | 40 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 |
43 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 | 41 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 |
44 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 | 42 | remove_gns |
45 | remove_gns | 43 | fi |
46 | fi | ||
47 | 44 | ||
48 | rm -rf /var/log/gnunet.log /var/lib/gnunet /etc/default/gnunet | 45 | rm -rf /var/log/gnunet.log /var/lib/gnunet /etc/default/gnunet |
49 | ;; | 46 | ;; |
50 | 47 | ||
51 | remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) | 48 | remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) |
52 | 49 | ||
53 | if $_LIBNSSWITCH | 50 | if $_LIBNSSWITCH; then |
54 | then | 51 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 |
55 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 | 52 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 |
56 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 | 53 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 |
57 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 | 54 | remove_gns |
58 | remove_gns | 55 | fi |
59 | fi | ||
60 | 56 | ||
61 | ;; | 57 | ;; |
62 | 58 | ||
63 | *) | 59 | *) |
64 | echo "postrm called with unknown argument \`${1}'" >&2 | 60 | echo "postrm called with unknown argument \`${1}'" >&2 |
65 | exit 1 | 61 | exit 1 |
66 | ;; | 62 | ;; |
67 | esac | 63 | esac |
68 | 64 | ||
69 | #DEBHELPER# | 65 | #DEBHELPER# |