import Debian build rules, split off libgnunet

author: Christian Grothoff <christian@grothoff.org> 2020-12-28 11:19:30 +0100
committer: Christian Grothoff <christian@grothoff.org> 2020-12-28 11:19:30 +0100
commit: e9d73b0a901d7dfe1fd219aecc960747e7c49483 (patch)
tree: 94f835cf56a1feb453a1f65534e28334c6e258f8 /debian/gnunet.postinst
parent: debba1a49a46ba963553da222ade563d6d67932b (diff)
download: gnunet-e9d73b0a901d7dfe1fd219aecc960747e7c49483.tar.gz
gnunet-e9d73b0a901d7dfe1fd219aecc960747e7c49483.zip
1 files changed, 309 insertions, 0 deletions
diff --git a/debian/gnunet.postinst b/debian/gnunet.postinst
new file mode 100644
index 000000000..902b93fd7
--- /dev/null
+++ b/debian/gnunet.postinst
@@ -0,0 +1,309 @@
+#!/bin/bash
+set -e
+. /usr/share/debconf/confmodule
+# This is taken from the package libnss-mdns and edited to do the same thing
+# but for GNS insteand of mdns. try to insert gns entries to the "hosts" line
+# in /etc/nsswitch.conf to automatically enable nss-gns support; do not change
+# the configuration if the "hosts" line already references some gns lookups
+insert_gns() {
+        echo -n "Checking NSS setup..."
+        # abort if /etc/nsswitch.conf does not exist
+        if ! [ -e /etc/nsswitch.conf ]; then
+                echo "Could not find /etc/nsswitch.conf."
+                return 1
+        fi
+        perl -i -pe '
+                sub insert {
+                        # this also splits on tab
+                        my @bits=split(" ", shift);
+                        # do not break configuration if the "hosts" line already references gns
+                        if (grep { $_ eq "gns"} @bits) {
+                                return join " ", @bits;
+                        }
+                        # change "dns" or "resolve", whichever comes first, into
+                        # "gns [NOTFOUND=return] dns"
+                        foreach my $bit (@bits) {
+                                if ($bit eq "dns") {
+                                        $bit = "gns [NOTFOUND=return] $bit";
+                                        last;
+                                }
+                        }
+                        return join " ", @bits;
+                }
+                s/^(hosts:\s+)(.*)/$1.insert($2)/e;
+        ' /etc/nsswitch.conf
+        echo " done."
+}
+case "${1}" in
+        configure)
+                db_version 2.0
+                db_get gnunet-systempeer/username
+                _USERNAME="${RET:-gnunet}"
+                db_get gnunet-systempeer/groupname
+                _GROUPNAME="${RET:-gnunet}"
+                db_get gnunet-systempeer/autostart
+                _AUTOSTART="${RET}" # boolean
+                db_get gnunet-dns/libnsswitch
+                _LIBNSSWITCH="${RET}" # boolean
+                db_get gnunet-user/proxy
+                _PROXY="${RET}" # boolean
+                db_stop
+                CONFIG_FILE="/etc/default/gnunet"
+                # Read default values
+                GNUNET_HOME="/var/lib/gnunet"
+                eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]')
+                # Creating gnunet group if needed
+                if ! getent group ${_GROUPNAME} > /dev/null
+                then
+                        echo -n "Creating new GNUnet group ${_GROUPNAME}:"
+                        addgroup --quiet --system ${_GROUPNAME}
+                        echo " done."
+                fi
+                # Creating gnunet user if needed
+                if ! getent passwd ${_USERNAME} > /dev/null
+                then
+                        echo -n "Creating new GNUnet user ${_USERNAME}:"
+                        adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME}
+                        echo " done."
+                fi
+                # Add a special secured group
+                GNUNETDNS_GROUP="gnunetdns"
+                # Creating gnunetdns group if needed
+                if ! getent group ${GNUNETDNS_GROUP} > /dev/null
+                then
+                        echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:"
+                        addgroup --quiet --system ${GNUNETDNS_GROUP}
+                        echo " done."
+                fi
+                # Copy the libnss_gns files to the libnss directory
+                if ${_LIBNSSWITCH}
+                then
+                        echo "Editing /etc/nsswitch.conf to use GNS before DNS"
+                        # $2 equals the currently installed version if it exists
+                        if [ -z "$2" ]; then
+                                # first install: setup the recommended configuration (unless
+                                # nsswitch.conf already contains mdns entries)
+                                insert_gns
+                                if [ "$?" -gt 0 ]; then
+                                        echo "nsswitch does not exist on this system"
+                                fi
+                        fi
+                        echo " done."
+                fi      
+                # Install GNUnet configuration for all users provided non exists
+                userlist=$(awk -F ':' '$3>=1000 && $3<2000 {print $1}' /etc/passwd)
+                users=($userlist)
+                homedirlist=$(awk -F ':' '$3>=1000 && $3<2000 {print $6}' /etc/passwd)
+                homedirs=($homedirlist)
+                for (( i=0; i<${#users[@]}; i++ )); do
+                    usermod -aG gnunet ${users[$i]}
+                    if [ -n "$i" ]  && [ -d "${homedirs[$i]}" ]; then
+                        mkdir -p ${homedirs[$i]}/.config/systemd/user/
+                        cat > "${homedirs[$i]}/.config/systemd/user/gnunet-user.service" << EOF
+# Copyright (C) 2019 GNUnet e.V.
+#
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved.  This file is offered as-is,
+# without any warranty.
+[Unit]
+Description=Service that runs a GNUnet for the user gnunet
+After=network.target
+[Service]
+Type=forking
+ExecStart=/usr/bin/gnunet-arm -s -c ${homedirs[$i]}/.config/gnunet.conf
+ExecStop=/usr/bin/gnunet-arm -e -c ${homedirs[$i]}/.config/gnunet.conf
+[Install]
+WantedBy=multi-user.target
+EOF
+                        chown "${users[$i]}":"${users[$i]}" "${homedirs[$i]}/.config/systemd/user/gnunet-user.service"
+                        if [ ! -f "${homedirs[$i]}/.config/gnunet.conf" ]; then
+                                mkdir -p ${homedirs[$i]}/.config/
+                                cp /etc/skel/.config/gnunet.conf "${homedirs[$i]}/.config/gnunet.conf"
+                                chmod 644 "${homedirs[$i]}/.config/gnunet.conf"
+                                chown "${users[$i]}":"${users[$i]}" "${homedirs[$i]}/.config/gnunet.conf"
+                        fi
+                    fi
+                    port=$((8000+$(id -u "${users[$i]}")))
+                    gnunet-config -c "${homedirs[$i]}/.config/gnunet.conf" \
+                         --rewrite \
+                         --section=gns-proxy \
+                         --option=IMMEDIATE_START \
+                         --value=YES
+                    gnunet-config -c "${homedirs[$i]}/.config/gnunet.conf" \
+                         --rewrite \
+                         --section=gns-proxy \
+                         --option=OPTIONS \
+                         --value="-p $port"
+                done
+                # Change the proxy settings for Firefox and Chromium if desired
+                if ${_PROXY}
+                then
+                    mkdir -p /etc/X11/xinit/xinitrc.d/
+cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF"
+#!/bin/bash
+systemctl --user daemon-reload
+systemctl --user start gnunet-user
+systemctl --user enable gnunet-user
+user=$(whoami)
+gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES')
+# Enable GNS proxy for new users informed by /etc/skel.
+if [ "$gnunet_proxy" ]; then
+        # Calculate user specific port
+        port=$((8000+$(id -u $user)))
+        gnunet-config -c $HOME/.config/gnunet.conf \
+                --rewrite \
+                --section=gns-proxy \
+                --option=OPTIONS \
+                --value="-p $port"
+        # Firefox
+        defaultprofile=$(ls $HOME/.mozilla/firefox/*.default)
+        if [ ! "$defaultprofile" ];then
+                timeout 3s firefox --headless # dirty: create profile if not existent
+        fi
+        for ffprofile in $HOME/.mozilla/firefox/*.*/; do
+                js=$ffprofile/user.js
+                if [ -f "$js" ]; then
+                        sed -i '/Preferences for using the GNU Name System/d' "$js"
+                        sed -i '/network.proxy.socks/d' "$js"
+                        sed -i '/network.proxy.socks_port/d' "$js"
+                        sed -i '/network.proxy.socks_remote_dns/d' "$js"
+                        sed -i '/network.proxy.type/d' "$js"
+                fi
+                echo "// Preferences for using the GNU Name System" >> "$js"
+                echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js"
+                echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js"
+                echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js"
+                echo "user_pref(\"network.proxy.type\", 1);" >> "$js"
+        done
+        # Chromium
+        profile="$HOME/.profile"
+        if [ -f "$profile" ]; then
+                sed -i '/CHROMIUM_USER_FLAGS/d' "$profile"
+        fi
+        echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \
+                >> "$profile"
+fi
+# Create/Renew GNS certificate authority (CA) per user.
+gnunet-gns-proxy-setup-ca
+EOF
+                fi
+                
+                # Update files and directories permissions.
+                # Assuming default values, this *should* not be changed.
+                echo -n "Updating files and directories permissions:"
+                chown -R ${_USERNAME}:${_GROUPNAME} /var/log/gnunetd
+                chown -R ${_USERNAME}:${_GROUPNAME} ${GNUNET_HOME}
+                # Secure access to the data directory
+                chmod 0700 "${GNUNET_HOME}" || true
+                # Restrict access on setuid binaries
+                for file in /usr/bin/gnunet-helper-exit \
+                        /usr/bin/gnunet-helper-nat-client \
+                        /usr/bin/gnunet-helper-nat-server \
+                        /usr/bin/gnunet-helper-transport-bluetooth \
+                        /usr/bin/gnunet-helper-transport-wlan \
+                        /usr/bin/gnunet-helper-vpn
+                do
+                        # only do something when no setting exists
+                        if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]
+                        then
+                                chown root:${_GROUPNAME} $file
+                                chmod 4750 $file
+                        fi
+                done
+                if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \
+                        && [ -e /usr/bin/gnunet-helper-dns ]
+                then
+                        chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
+                        chmod 4750 /usr/bin/gnunet-helper-dns
+                fi
+                if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \
+                        && [ -e /usr/bin/gnunet-service-dns ]
+                then
+                        chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
+                        chmod 2750 /usr/bin/gnunet-service-dns
+                fi
+                echo  " done."
+                # Writing new values to configuration file
+                echo -n "Writing new configuration file:"
+                CONFIG_NEW=$(tempfile)
+cat > "${CONFIG_NEW}" <<EOF
+# This file controls the behaviour of the GNUnet init script.
+# It will be parsed as a shell script.
+# please do not edit by hand, use 'dpkg-reconfigure gnunet-systempeer'.
+GNUNET_USER=${_USERNAME}
+GNUNET_GROUP=${_GROUPNAME}
+GNUNET_AUTOSTART="${_AUTOSTART}"
+EOF
+cat > "/etc/systemd/system/gnunet.service" <<EOF
+[Unit]
+Description=A framework for secure peer-to-peer networking
+[Service]
+EnvironmentFile=/etc/default/gnunet
+User=${_USERNAME}
+Type=forking
+ExecStart=/usr/bin/gnunet-arm -s -c /etc/gnunet.conf
+ExecStop=/usr/bin/gnunet-arm -e -c /etc/gnunet.conf
+[Install]
+WantedBy=multi-user.target
+EOF
+                cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
+                echo " done."
+                # Cleaning
+                rm -f "${CONFIG_NEW}"
+                echo "All done."
+                ;;
+        abort-upgrade|abort-remove|abort-deconfigure)
+                ;;
+        *)
+                echo "postinst called with unknown argument \`${1}'" >&2
+                exit 1
+                ;;
+esac
+#DEBHELPER#
+exit 0
author	Christian Grothoff <christian@grothoff.org>	2020-12-28 11:19:30 +0100
committer	Christian Grothoff <christian@grothoff.org>	2020-12-28 11:19:30 +0100
commit	e9d73b0a901d7dfe1fd219aecc960747e7c49483 (patch)
tree	94f835cf56a1feb453a1f65534e28334c6e258f8 /debian/gnunet.postinst
parent	debba1a49a46ba963553da222ade563d6d67932b (diff)
download	gnunet-e9d73b0a901d7dfe1fd219aecc960747e7c49483.tar.gz gnunet-e9d73b0a901d7dfe1fd219aecc960747e7c49483.zip

diff --git a/debian/gnunet.postinst b/debian/gnunet.postinst new file mode 100644 index 000000000..902b93fd7 --- /dev/null +++ b/debian/gnunet.postinst
@@ -0,0 +1,309 @@
	1	#!/bin/bash
	2
	3	set -e
	4
	5	. /usr/share/debconf/confmodule
	6
	7	# This is taken from the package libnss-mdns and edited to do the same thing
	8	# but for GNS insteand of mdns. try to insert gns entries to the "hosts" line
	9	# in /etc/nsswitch.conf to automatically enable nss-gns support; do not change
	10	# the configuration if the "hosts" line already references some gns lookups
	11	insert_gns() {
	12	echo -n "Checking NSS setup..."
	13	# abort if /etc/nsswitch.conf does not exist
	14	if ! [ -e /etc/nsswitch.conf ]; then
	15	echo "Could not find /etc/nsswitch.conf."
	16	return 1
	17	fi
	18	perl -i -pe '
	19	sub insert {
	20	# this also splits on tab
	21	my @bits=split(" ", shift);
	22	# do not break configuration if the "hosts" line already references gns
	23	if (grep { $_ eq "gns"} @bits) {
	24	return join " ", @bits;
	25	}
	26	# change "dns" or "resolve", whichever comes first, into
	27	# "gns [NOTFOUND=return] dns"
	28	foreach my $bit (@bits) {
	29	if ($bit eq "dns") {
	30	$bit = "gns [NOTFOUND=return] $bit";
	31	last;
	32	}
	33	}
	34	return join " ", @bits;
	35	}
	36	s/^(hosts:\s+)(.*)/$1.insert($2)/e;
	37	' /etc/nsswitch.conf
	38	echo " done."
	39	}
	40
	41	case "${1}" in
	42	configure)
	43	db_version 2.0
	44
	45	db_get gnunet-systempeer/username
	46	_USERNAME="${RET:-gnunet}"
	47
	48	db_get gnunet-systempeer/groupname
	49	_GROUPNAME="${RET:-gnunet}"
	50
	51	db_get gnunet-systempeer/autostart
	52	_AUTOSTART="${RET}" # boolean
	53
	54	db_get gnunet-dns/libnsswitch
	55	_LIBNSSWITCH="${RET}" # boolean
	56
	57	db_get gnunet-user/proxy
	58	_PROXY="${RET}" # boolean
	59
	60	db_stop
	61
	62	CONFIG_FILE="/etc/default/gnunet"
	63
	64	# Read default values
	65	GNUNET_HOME="/var/lib/gnunet"
	66	eval $(grep GNUNET_HOME /etc/gnunet.conf \| tr -d '[:blank:]')
	67
	68	# Creating gnunet group if needed
	69	if ! getent group ${_GROUPNAME} > /dev/null
	70	then
	71	echo -n "Creating new GNUnet group ${_GROUPNAME}:"
	72	addgroup --quiet --system ${_GROUPNAME}
	73	echo " done."
	74	fi
	75
	76	# Creating gnunet user if needed
	77	if ! getent passwd ${_USERNAME} > /dev/null
	78	then
	79	echo -n "Creating new GNUnet user ${_USERNAME}:"
	80	adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME}
	81	echo " done."
	82	fi
	83
	84	# Add a special secured group
	85	GNUNETDNS_GROUP="gnunetdns"
	86
	87	# Creating gnunetdns group if needed
	88	if ! getent group ${GNUNETDNS_GROUP} > /dev/null
	89	then
	90	echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:"
	91	addgroup --quiet --system ${GNUNETDNS_GROUP}
	92	echo " done."
	93	fi
	94
	95	# Copy the libnss_gns files to the libnss directory
	96	if ${_LIBNSSWITCH}
	97	then
	98	echo "Editing /etc/nsswitch.conf to use GNS before DNS"
	99	# $2 equals the currently installed version if it exists
	100	if [ -z "$2" ]; then
	101	# first install: setup the recommended configuration (unless
	102	# nsswitch.conf already contains mdns entries)
	103	insert_gns
	104	if [ "$?" -gt 0 ]; then
	105	echo "nsswitch does not exist on this system"
	106	fi
	107	fi
	108	echo " done."
	109	fi
	110
	111	# Install GNUnet configuration for all users provided non exists
	112	userlist=$(awk -F ':' '$3>=1000 && $3<2000 {print $1}' /etc/passwd)
	113	users=($userlist)
	114	homedirlist=$(awk -F ':' '$3>=1000 && $3<2000 {print $6}' /etc/passwd)
	115	homedirs=($homedirlist)
	116
	117	for (( i=0; i<${#users[@]}; i++ )); do
	118	usermod -aG gnunet ${users[$i]}
	119	if [ -n "$i" ] && [ -d "${homedirs[$i]}" ]; then
	120	mkdir -p ${homedirs[$i]}/.config/systemd/user/
	121
	122	cat > "${homedirs[$i]}/.config/systemd/user/gnunet-user.service" << EOF
	123	# Copyright (C) 2019 GNUnet e.V.
	124	#
	125	# Copying and distribution of this file, with or without modification,
	126	# are permitted in any medium without royalty provided the copyright
	127	# notice and this notice are preserved. This file is offered as-is,
	128	# without any warranty.
	129
	130	[Unit]
	131	Description=Service that runs a GNUnet for the user gnunet
	132	After=network.target
	133
	134	[Service]
	135	Type=forking
	136	ExecStart=/usr/bin/gnunet-arm -s -c ${homedirs[$i]}/.config/gnunet.conf
	137	ExecStop=/usr/bin/gnunet-arm -e -c ${homedirs[$i]}/.config/gnunet.conf
	138
	139	[Install]
	140	WantedBy=multi-user.target
	141	EOF
	142
	143	chown "${users[$i]}":"${users[$i]}" "${homedirs[$i]}/.config/systemd/user/gnunet-user.service"
	144	if [ ! -f "${homedirs[$i]}/.config/gnunet.conf" ]; then
	145	mkdir -p ${homedirs[$i]}/.config/
	146	cp /etc/skel/.config/gnunet.conf "${homedirs[$i]}/.config/gnunet.conf"
	147	chmod 644 "${homedirs[$i]}/.config/gnunet.conf"
	148	chown "${users[$i]}":"${users[$i]}" "${homedirs[$i]}/.config/gnunet.conf"
	149	fi
	150	fi
	151	port=$((8000+$(id -u "${users[$i]}")))
	152	gnunet-config -c "${homedirs[$i]}/.config/gnunet.conf" \
	153	--rewrite \
	154	--section=gns-proxy \
	155	--option=IMMEDIATE_START \
	156	--value=YES
	157	gnunet-config -c "${homedirs[$i]}/.config/gnunet.conf" \
	158	--rewrite \
	159	--section=gns-proxy \
	160	--option=OPTIONS \
	161	--value="-p $port"
	162	done
	163
	164	# Change the proxy settings for Firefox and Chromium if desired
	165	if ${_PROXY}
	166	then
	167	mkdir -p /etc/X11/xinit/xinitrc.d/
	168	cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF"
	169	#!/bin/bash
	170	systemctl --user daemon-reload
	171	systemctl --user start gnunet-user
	172	systemctl --user enable gnunet-user
	173	user=$(whoami)
	174	gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy \| grep 'IMMEDIATE_START = YES')
	175
	176	# Enable GNS proxy for new users informed by /etc/skel.
	177	if [ "$gnunet_proxy" ]; then
	178
	179	# Calculate user specific port
	180	port=$((8000+$(id -u $user)))
	181
	182	gnunet-config -c $HOME/.config/gnunet.conf \
	183	--rewrite \
	184	--section=gns-proxy \
	185	--option=OPTIONS \
	186	--value="-p $port"
	187
	188	# Firefox
	189	defaultprofile=$(ls $HOME/.mozilla/firefox/*.default)
	190	if [ ! "$defaultprofile" ];then
	191	timeout 3s firefox --headless # dirty: create profile if not existent
	192	fi
	193	for ffprofile in $HOME/.mozilla/firefox/./; do
	194	js=$ffprofile/user.js
	195	if [ -f "$js" ]; then
	196	sed -i '/Preferences for using the GNU Name System/d' "$js"
	197	sed -i '/network.proxy.socks/d' "$js"
	198	sed -i '/network.proxy.socks_port/d' "$js"
	199	sed -i '/network.proxy.socks_remote_dns/d' "$js"
	200	sed -i '/network.proxy.type/d' "$js"
	201	fi
	202	echo "// Preferences for using the GNU Name System" >> "$js"
	203	echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js"
	204	echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js"
	205	echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js"
	206	echo "user_pref(\"network.proxy.type\", 1);" >> "$js"
	207	done
	208
	209	# Chromium
	210	profile="$HOME/.profile"
	211	if [ -f "$profile" ]; then
	212	sed -i '/CHROMIUM_USER_FLAGS/d' "$profile"
	213	fi
	214	echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \
	215	>> "$profile"
	216	fi
	217
	218	# Create/Renew GNS certificate authority (CA) per user.
	219	gnunet-gns-proxy-setup-ca
	220	EOF
	221	fi
	222
	223	# Update files and directories permissions.
	224	# Assuming default values, this should not be changed.
	225	echo -n "Updating files and directories permissions:"
	226	chown -R ${_USERNAME}:${_GROUPNAME} /var/log/gnunetd
	227	chown -R ${_USERNAME}:${_GROUPNAME} ${GNUNET_HOME}
	228	# Secure access to the data directory
	229	chmod 0700 "${GNUNET_HOME}" \|\| true
	230	# Restrict access on setuid binaries
	231	for file in /usr/bin/gnunet-helper-exit \
	232	/usr/bin/gnunet-helper-nat-client \
	233	/usr/bin/gnunet-helper-nat-server \
	234	/usr/bin/gnunet-helper-transport-bluetooth \
	235	/usr/bin/gnunet-helper-transport-wlan \
	236	/usr/bin/gnunet-helper-vpn
	237	do
	238	# only do something when no setting exists
	239	if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]
	240	then
	241	chown root:${_GROUPNAME} $file
	242	chmod 4750 $file
	243	fi
	244	done
	245	if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \
	246	&& [ -e /usr/bin/gnunet-helper-dns ]
	247	then
	248	chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
	249	chmod 4750 /usr/bin/gnunet-helper-dns
	250	fi
	251	if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \
	252	&& [ -e /usr/bin/gnunet-service-dns ]
	253	then
	254	chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
	255	chmod 2750 /usr/bin/gnunet-service-dns
	256	fi
	257	echo " done."
	258
	259	# Writing new values to configuration file
	260	echo -n "Writing new configuration file:"
	261	CONFIG_NEW=$(tempfile)
	262
	263	cat > "${CONFIG_NEW}" <<EOF
	264	# This file controls the behaviour of the GNUnet init script.
	265	# It will be parsed as a shell script.
	266	# please do not edit by hand, use 'dpkg-reconfigure gnunet-systempeer'.
	267
	268	GNUNET_USER=${_USERNAME}
	269	GNUNET_GROUP=${_GROUPNAME}
	270	GNUNET_AUTOSTART="${_AUTOSTART}"
	271	EOF
	272
	273	cat > "/etc/systemd/system/gnunet.service" <<EOF
	274	[Unit]
	275	Description=A framework for secure peer-to-peer networking
	276
	277	[Service]
	278	EnvironmentFile=/etc/default/gnunet
	279	User=${_USERNAME}
	280	Type=forking
	281	ExecStart=/usr/bin/gnunet-arm -s -c /etc/gnunet.conf
	282	ExecStop=/usr/bin/gnunet-arm -e -c /etc/gnunet.conf
	283
	284	[Install]
	285	WantedBy=multi-user.target
	286	EOF
	287
	288	cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
	289	echo " done."
	290
	291	# Cleaning
	292	rm -f "${CONFIG_NEW}"
	293	echo "All done."
	294
	295	;;
	296
	297	abort-upgrade\|abort-remove\|abort-deconfigure)
	298
	299	;;
	300
	301	*)
	302	echo "postinst called with unknown argument \`${1}'" >&2
	303	exit 1
	304	;;
	305	esac
	306
	307	#DEBHELPER#
	308
	309	exit 0