summaryrefslogtreecommitdiff
path: root/debian/gnunet.postinst
diff options
context:
space:
mode:
Diffstat (limited to 'debian/gnunet.postinst')
-rw-r--r--debian/gnunet.postinst348
1 files changed, 170 insertions, 178 deletions
diff --git a/debian/gnunet.postinst b/debian/gnunet.postinst
index bde8b1462..d5ee9188d 100644
--- a/debian/gnunet.postinst
+++ b/debian/gnunet.postinst
@@ -9,13 +9,13 @@ set -e
# in /etc/nsswitch.conf to automatically enable nss-gns support; do not change
# the configuration if the "hosts" line already references some gns lookups
insert_gns() {
- echo -n "Checking NSS setup..."
- # abort if /etc/nsswitch.conf does not exist
- if ! [ -e /etc/nsswitch.conf ]; then
- echo "Could not find /etc/nsswitch.conf."
- return 1
- fi
- perl -i -pe '
+ echo -n "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return 1
+ fi
+ perl -i -pe '
sub insert {
# this also splits on tab
my @bits=split(" ", shift);
@@ -35,180 +35,172 @@ insert_gns() {
}
s/^(hosts:\s+)(.*)/$1.insert($2)/e;
' /etc/nsswitch.conf
- echo " done."
+ echo " done."
}
case "${1}" in
- configure)
- db_version 2.0
-
- _USERNAME="gnunet"
- _GROUPNAME="gnunet"
-
- db_get gnunet-systempeer/autostart
- _AUTOSTART="${RET}" # boolean
-
- db_get gnunet-dns/libnsswitch
- _LIBNSSWITCH="${RET}" # boolean
-
- db_get gnunet-user/proxy
- _PROXY="${RET}" # boolean
-
- db_stop
-
- CONFIG_FILE="/etc/default/gnunet"
-
- # Read default values
- GNUNET_HOME="/var/lib/gnunet"
- eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]')
-
- # Creating gnunet group if needed
- if ! getent group ${_GROUPNAME} > /dev/null
- then
- echo -n "Creating new GNUnet group ${_GROUPNAME}:"
- addgroup --quiet --system ${_GROUPNAME}
- echo " done."
- fi
-
- # Creating gnunet user if needed
- if ! getent passwd ${_USERNAME} > /dev/null
- then
- echo -n "Creating new GNUnet user ${_USERNAME}:"
- adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME}
- echo " done."
- fi
-
- # Add a special secured group
- GNUNETDNS_GROUP="gnunetdns"
-
- # Creating gnunetdns group if needed
- if ! getent group ${GNUNETDNS_GROUP} > /dev/null
- then
- echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:"
- addgroup --quiet --system ${GNUNETDNS_GROUP}
- echo " done."
- fi
-
- # Copy the libnss_gns files to the libnss directory
- if ${_LIBNSSWITCH}
- then
- echo "Editing /etc/nsswitch.conf to use GNS before DNS"
- # $2 equals the currently installed version if it exists
- if [ -z "$2" ]; then
- # first install: setup the recommended configuration (unless
- # nsswitch.conf already contains mdns entries)
- insert_gns
- if [ "$?" -gt 0 ]; then
- echo "nsswitch does not exist on this system"
- fi
- fi
- echo " done."
- fi
-
-# # Change the proxy settings for Firefox and Chromium if desired
-# if ${_PROXY}
-# then
-# mkdir -p /etc/X11/xinit/xinitrc.d/
-#cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF"
-##!/bin/bash
-#systemctl --user daemon-reload
-#systemctl --user start gnunet-user
-#systemctl --user enable gnunet-user
-#user=$(whoami)
-#gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES')
-#
-## Enable GNS proxy for new users informed by /etc/skel.
-#if [ "$gnunet_proxy" ]; then
-#
-# # Calculate user specific port
-# port=$((8000+$(id -u $user)))
-#
-# gnunet-config -c $HOME/.config/gnunet.conf \
-# --section=gns-proxy \
-# --option=OPTIONS \
-# --value="-p $port"
-#
-# # Firefox
-# defaultprofile=$(ls $HOME/.mozilla/firefox/*.default)
-# if [ ! "$defaultprofile" ];then
-# timeout 3s firefox --headless # dirty: create profile if not existent
-# fi
-# for ffprofile in $HOME/.mozilla/firefox/*.*/; do
-# js=$ffprofile/user.js
-# if [ -f "$js" ]; then
-# sed -i '/Preferences for using the GNU Name System/d' "$js"
-# sed -i '/network.proxy.socks/d' "$js"
-# sed -i '/network.proxy.socks_port/d' "$js"
-# sed -i '/network.proxy.socks_remote_dns/d' "$js"
-# sed -i '/network.proxy.type/d' "$js"
-# fi
-# echo "// Preferences for using the GNU Name System" >> "$js"
-# echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js"
-# echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js"
-# echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js"
-# echo "user_pref(\"network.proxy.type\", 1);" >> "$js"
-# done
-#
-# # Chromium
-# profile="$HOME/.profile"
-# if [ -f "$profile" ]; then
-# sed -i '/CHROMIUM_USER_FLAGS/d' "$profile"
-# fi
-# echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \
-# >> "$profile"
-#fi
-#
-## Create/Renew GNS certificate authority (CA) per user.
-#gnunet-gns-proxy-setup-ca
-#EOF
-# fi
-
- # Update files and directories permissions.
- # Assuming default values, this *should* not be changed.
- echo -n "Updating files and directories permissions:"
- # Secure access to the data directory
- chmod 0700 "${GNUNET_HOME}" || true
- # Restrict access on setuid binaries
- for file in /usr/bin/gnunet-helper-exit \
- /usr/bin/gnunet-helper-nat-client \
- /usr/bin/gnunet-helper-nat-server \
- /usr/bin/gnunet-helper-transport-bluetooth \
- /usr/bin/gnunet-helper-transport-wlan \
- /usr/bin/gnunet-helper-vpn
- do
- # only do something when no setting exists
- if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]
- then
- chown root:${_GROUPNAME} $file
- chmod 4750 $file
- fi
- done
- if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \
- && [ -e /usr/bin/gnunet-helper-dns ]
- then
- chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
- chmod 4750 /usr/bin/gnunet-helper-dns
- fi
- if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \
- && [ -e /usr/bin/gnunet-service-dns ]
- then
- chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
- chmod 2750 /usr/bin/gnunet-service-dns
- fi
- echo " done."
-
- echo "All done."
-
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
-
- ;;
-
- *)
- echo "postinst called with unknown argument \`${1}'" >&2
- exit 1
- ;;
+configure)
+ db_version 2.0
+
+ _USERNAME="gnunet"
+ _GROUPNAME="gnunet"
+
+ db_get gnunet-systempeer/autostart
+ _AUTOSTART="${RET}" # boolean
+
+ db_get gnunet-dns/libnsswitch
+ _LIBNSSWITCH="${RET}" # boolean
+
+ db_get gnunet-user/proxy
+ _PROXY="${RET}" # boolean
+
+ db_stop
+
+ CONFIG_FILE="/etc/default/gnunet"
+
+ # Read default values
+ GNUNET_HOME="/var/lib/gnunet"
+ eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]')
+
+ # Creating gnunet group if needed
+ if ! getent group ${_GROUPNAME} >/dev/null; then
+ echo -n "Creating new GNUnet group ${_GROUPNAME}:"
+ addgroup --quiet --system ${_GROUPNAME}
+ echo " done."
+ fi
+
+ # Creating gnunet user if needed
+ if ! getent passwd ${_USERNAME} >/dev/null; then
+ echo -n "Creating new GNUnet user ${_USERNAME}:"
+ adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME}
+ echo " done."
+ fi
+
+ # Add a special secured group
+ GNUNETDNS_GROUP="gnunetdns"
+
+ # Creating gnunetdns group if needed
+ if ! getent group ${GNUNETDNS_GROUP} >/dev/null; then
+ echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:"
+ addgroup --quiet --system ${GNUNETDNS_GROUP}
+ echo " done."
+ fi
+
+ # Copy the libnss_gns files to the libnss directory
+ if ${_LIBNSSWITCH}; then
+ echo "Editing /etc/nsswitch.conf to use GNS before DNS"
+ # $2 equals the currently installed version if it exists
+ if [ -z "$2" ]; then
+ # first install: setup the recommended configuration (unless
+ # nsswitch.conf already contains mdns entries)
+ insert_gns
+ if [ "$?" -gt 0 ]; then
+ echo "nsswitch does not exist on this system"
+ fi
+ fi
+ echo " done."
+ fi
+
+ # # Change the proxy settings for Firefox and Chromium if desired
+ # if ${_PROXY}
+ # then
+ # mkdir -p /etc/X11/xinit/xinitrc.d/
+ #cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF"
+ ##!/bin/bash
+ #systemctl --user daemon-reload
+ #systemctl --user start gnunet-user
+ #systemctl --user enable gnunet-user
+ #user=$(whoami)
+ #gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES')
+ #
+ ## Enable GNS proxy for new users informed by /etc/skel.
+ #if [ "$gnunet_proxy" ]; then
+ #
+ # # Calculate user specific port
+ # port=$((8000+$(id -u $user)))
+ #
+ # gnunet-config -c $HOME/.config/gnunet.conf \
+ # --section=gns-proxy \
+ # --option=OPTIONS \
+ # --value="-p $port"
+ #
+ # # Firefox
+ # defaultprofile=$(ls $HOME/.mozilla/firefox/*.default)
+ # if [ ! "$defaultprofile" ];then
+ # timeout 3s firefox --headless # dirty: create profile if not existent
+ # fi
+ # for ffprofile in $HOME/.mozilla/firefox/*.*/; do
+ # js=$ffprofile/user.js
+ # if [ -f "$js" ]; then
+ # sed -i '/Preferences for using the GNU Name System/d' "$js"
+ # sed -i '/network.proxy.socks/d' "$js"
+ # sed -i '/network.proxy.socks_port/d' "$js"
+ # sed -i '/network.proxy.socks_remote_dns/d' "$js"
+ # sed -i '/network.proxy.type/d' "$js"
+ # fi
+ # echo "// Preferences for using the GNU Name System" >> "$js"
+ # echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js"
+ # echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js"
+ # echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js"
+ # echo "user_pref(\"network.proxy.type\", 1);" >> "$js"
+ # done
+ #
+ # # Chromium
+ # profile="$HOME/.profile"
+ # if [ -f "$profile" ]; then
+ # sed -i '/CHROMIUM_USER_FLAGS/d' "$profile"
+ # fi
+ # echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \
+ # >> "$profile"
+ #fi
+ #
+ ## Create/Renew GNS certificate authority (CA) per user.
+ #gnunet-gns-proxy-setup-ca
+ #EOF
+ # fi
+
+ # Update files and directories permissions.
+ # Assuming default values, this *should* not be changed.
+ echo -n "Updating files and directories permissions:"
+ # Secure access to the data directory
+ chmod 0700 "${GNUNET_HOME}" || true
+ # Restrict access on setuid binaries
+ for file in /usr/bin/gnunet-helper-exit \
+ /usr/bin/gnunet-helper-nat-client \
+ /usr/bin/gnunet-helper-nat-server \
+ /usr/bin/gnunet-helper-transport-bluetooth \
+ /usr/bin/gnunet-helper-transport-wlan \
+ /usr/bin/gnunet-helper-vpn; do
+ # only do something when no setting exists
+ if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]; then
+ chown root:${_GROUPNAME} $file
+ chmod 4750 $file
+ fi
+ done
+ if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 &&
+ [ -e /usr/bin/gnunet-helper-dns ]; then
+ chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
+ chmod 4750 /usr/bin/gnunet-helper-dns
+ fi
+ if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 &&
+ [ -e /usr/bin/gnunet-service-dns ]; then
+ chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
+ chmod 2750 /usr/bin/gnunet-service-dns
+ fi
+ echo " done."
+
+ echo "All done."
+
+ ;;
+
+abort-upgrade | abort-remove | abort-deconfigure) ;;
+
+\
+ \
+ *)
+ echo "postinst called with unknown argument \`${1}'" >&2
+ exit 1
+ ;;
esac
#DEBHELPER#