aboutsummaryrefslogtreecommitdiff
path: root/debian/gnunet.postinst
diff options
context:
space:
mode:
Diffstat (limited to 'debian/gnunet.postinst')
-rw-r--r--debian/gnunet.postinst348
1 files changed, 170 insertions, 178 deletions
diff --git a/debian/gnunet.postinst b/debian/gnunet.postinst
index bde8b1462..d5ee9188d 100644
--- a/debian/gnunet.postinst
+++ b/debian/gnunet.postinst
@@ -9,13 +9,13 @@ set -e
9# in /etc/nsswitch.conf to automatically enable nss-gns support; do not change 9# in /etc/nsswitch.conf to automatically enable nss-gns support; do not change
10# the configuration if the "hosts" line already references some gns lookups 10# the configuration if the "hosts" line already references some gns lookups
11insert_gns() { 11insert_gns() {
12 echo -n "Checking NSS setup..." 12 echo -n "Checking NSS setup..."
13 # abort if /etc/nsswitch.conf does not exist 13 # abort if /etc/nsswitch.conf does not exist
14 if ! [ -e /etc/nsswitch.conf ]; then 14 if ! [ -e /etc/nsswitch.conf ]; then
15 echo "Could not find /etc/nsswitch.conf." 15 echo "Could not find /etc/nsswitch.conf."
16 return 1 16 return 1
17 fi 17 fi
18 perl -i -pe ' 18 perl -i -pe '
19 sub insert { 19 sub insert {
20 # this also splits on tab 20 # this also splits on tab
21 my @bits=split(" ", shift); 21 my @bits=split(" ", shift);
@@ -35,180 +35,172 @@ insert_gns() {
35 } 35 }
36 s/^(hosts:\s+)(.*)/$1.insert($2)/e; 36 s/^(hosts:\s+)(.*)/$1.insert($2)/e;
37 ' /etc/nsswitch.conf 37 ' /etc/nsswitch.conf
38 echo " done." 38 echo " done."
39} 39}
40 40
41case "${1}" in 41case "${1}" in
42 configure) 42configure)
43 db_version 2.0 43 db_version 2.0
44 44
45 _USERNAME="gnunet" 45 _USERNAME="gnunet"
46 _GROUPNAME="gnunet" 46 _GROUPNAME="gnunet"
47 47
48 db_get gnunet-systempeer/autostart 48 db_get gnunet-systempeer/autostart
49 _AUTOSTART="${RET}" # boolean 49 _AUTOSTART="${RET}" # boolean
50 50
51 db_get gnunet-dns/libnsswitch 51 db_get gnunet-dns/libnsswitch
52 _LIBNSSWITCH="${RET}" # boolean 52 _LIBNSSWITCH="${RET}" # boolean
53 53
54 db_get gnunet-user/proxy 54 db_get gnunet-user/proxy
55 _PROXY="${RET}" # boolean 55 _PROXY="${RET}" # boolean
56 56
57 db_stop 57 db_stop
58 58
59 CONFIG_FILE="/etc/default/gnunet" 59 CONFIG_FILE="/etc/default/gnunet"
60 60
61 # Read default values 61 # Read default values
62 GNUNET_HOME="/var/lib/gnunet" 62 GNUNET_HOME="/var/lib/gnunet"
63 eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]') 63 eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]')
64 64
65 # Creating gnunet group if needed 65 # Creating gnunet group if needed
66 if ! getent group ${_GROUPNAME} > /dev/null 66 if ! getent group ${_GROUPNAME} >/dev/null; then
67 then 67 echo -n "Creating new GNUnet group ${_GROUPNAME}:"
68 echo -n "Creating new GNUnet group ${_GROUPNAME}:" 68 addgroup --quiet --system ${_GROUPNAME}
69 addgroup --quiet --system ${_GROUPNAME} 69 echo " done."
70 echo " done." 70 fi
71 fi 71
72 72 # Creating gnunet user if needed
73 # Creating gnunet user if needed 73 if ! getent passwd ${_USERNAME} >/dev/null; then
74 if ! getent passwd ${_USERNAME} > /dev/null 74 echo -n "Creating new GNUnet user ${_USERNAME}:"
75 then 75 adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME}
76 echo -n "Creating new GNUnet user ${_USERNAME}:" 76 echo " done."
77 adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME} 77 fi
78 echo " done." 78
79 fi 79 # Add a special secured group
80 80 GNUNETDNS_GROUP="gnunetdns"
81 # Add a special secured group 81
82 GNUNETDNS_GROUP="gnunetdns" 82 # Creating gnunetdns group if needed
83 83 if ! getent group ${GNUNETDNS_GROUP} >/dev/null; then
84 # Creating gnunetdns group if needed 84 echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:"
85 if ! getent group ${GNUNETDNS_GROUP} > /dev/null 85 addgroup --quiet --system ${GNUNETDNS_GROUP}
86 then 86 echo " done."
87 echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:" 87 fi
88 addgroup --quiet --system ${GNUNETDNS_GROUP} 88
89 echo " done." 89 # Copy the libnss_gns files to the libnss directory
90 fi 90 if ${_LIBNSSWITCH}; then
91 91 echo "Editing /etc/nsswitch.conf to use GNS before DNS"
92 # Copy the libnss_gns files to the libnss directory 92 # $2 equals the currently installed version if it exists
93 if ${_LIBNSSWITCH} 93 if [ -z "$2" ]; then
94 then 94 # first install: setup the recommended configuration (unless
95 echo "Editing /etc/nsswitch.conf to use GNS before DNS" 95 # nsswitch.conf already contains mdns entries)
96 # $2 equals the currently installed version if it exists 96 insert_gns
97 if [ -z "$2" ]; then 97 if [ "$?" -gt 0 ]; then
98 # first install: setup the recommended configuration (unless 98 echo "nsswitch does not exist on this system"
99 # nsswitch.conf already contains mdns entries) 99 fi
100 insert_gns 100 fi
101 if [ "$?" -gt 0 ]; then 101 echo " done."
102 echo "nsswitch does not exist on this system" 102 fi
103 fi 103
104 fi 104 # # Change the proxy settings for Firefox and Chromium if desired
105 echo " done." 105 # if ${_PROXY}
106 fi 106 # then
107 107 # mkdir -p /etc/X11/xinit/xinitrc.d/
108# # Change the proxy settings for Firefox and Chromium if desired 108 #cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF"
109# if ${_PROXY} 109 ##!/bin/bash
110# then 110 #systemctl --user daemon-reload
111# mkdir -p /etc/X11/xinit/xinitrc.d/ 111 #systemctl --user start gnunet-user
112#cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF" 112 #systemctl --user enable gnunet-user
113##!/bin/bash 113 #user=$(whoami)
114#systemctl --user daemon-reload 114 #gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES')
115#systemctl --user start gnunet-user 115 #
116#systemctl --user enable gnunet-user 116 ## Enable GNS proxy for new users informed by /etc/skel.
117#user=$(whoami) 117 #if [ "$gnunet_proxy" ]; then
118#gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES') 118 #
119# 119 # # Calculate user specific port
120## Enable GNS proxy for new users informed by /etc/skel. 120 # port=$((8000+$(id -u $user)))
121#if [ "$gnunet_proxy" ]; then 121 #
122# 122 # gnunet-config -c $HOME/.config/gnunet.conf \
123# # Calculate user specific port 123 # --section=gns-proxy \
124# port=$((8000+$(id -u $user))) 124 # --option=OPTIONS \
125# 125 # --value="-p $port"
126# gnunet-config -c $HOME/.config/gnunet.conf \ 126 #
127# --section=gns-proxy \ 127 # # Firefox
128# --option=OPTIONS \ 128 # defaultprofile=$(ls $HOME/.mozilla/firefox/*.default)
129# --value="-p $port" 129 # if [ ! "$defaultprofile" ];then
130# 130 # timeout 3s firefox --headless # dirty: create profile if not existent
131# # Firefox 131 # fi
132# defaultprofile=$(ls $HOME/.mozilla/firefox/*.default) 132 # for ffprofile in $HOME/.mozilla/firefox/*.*/; do
133# if [ ! "$defaultprofile" ];then 133 # js=$ffprofile/user.js
134# timeout 3s firefox --headless # dirty: create profile if not existent 134 # if [ -f "$js" ]; then
135# fi 135 # sed -i '/Preferences for using the GNU Name System/d' "$js"
136# for ffprofile in $HOME/.mozilla/firefox/*.*/; do 136 # sed -i '/network.proxy.socks/d' "$js"
137# js=$ffprofile/user.js 137 # sed -i '/network.proxy.socks_port/d' "$js"
138# if [ -f "$js" ]; then 138 # sed -i '/network.proxy.socks_remote_dns/d' "$js"
139# sed -i '/Preferences for using the GNU Name System/d' "$js" 139 # sed -i '/network.proxy.type/d' "$js"
140# sed -i '/network.proxy.socks/d' "$js" 140 # fi
141# sed -i '/network.proxy.socks_port/d' "$js" 141 # echo "// Preferences for using the GNU Name System" >> "$js"
142# sed -i '/network.proxy.socks_remote_dns/d' "$js" 142 # echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js"
143# sed -i '/network.proxy.type/d' "$js" 143 # echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js"
144# fi 144 # echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js"
145# echo "// Preferences for using the GNU Name System" >> "$js" 145 # echo "user_pref(\"network.proxy.type\", 1);" >> "$js"
146# echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js" 146 # done
147# echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js" 147 #
148# echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js" 148 # # Chromium
149# echo "user_pref(\"network.proxy.type\", 1);" >> "$js" 149 # profile="$HOME/.profile"
150# done 150 # if [ -f "$profile" ]; then
151# 151 # sed -i '/CHROMIUM_USER_FLAGS/d' "$profile"
152# # Chromium 152 # fi
153# profile="$HOME/.profile" 153 # echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \
154# if [ -f "$profile" ]; then 154 # >> "$profile"
155# sed -i '/CHROMIUM_USER_FLAGS/d' "$profile" 155 #fi
156# fi 156 #
157# echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \ 157 ## Create/Renew GNS certificate authority (CA) per user.
158# >> "$profile" 158 #gnunet-gns-proxy-setup-ca
159#fi 159 #EOF
160# 160 # fi
161## Create/Renew GNS certificate authority (CA) per user. 161
162#gnunet-gns-proxy-setup-ca 162 # Update files and directories permissions.
163#EOF 163 # Assuming default values, this *should* not be changed.
164# fi 164 echo -n "Updating files and directories permissions:"
165 165 # Secure access to the data directory
166 # Update files and directories permissions. 166 chmod 0700 "${GNUNET_HOME}" || true
167 # Assuming default values, this *should* not be changed. 167 # Restrict access on setuid binaries
168 echo -n "Updating files and directories permissions:" 168 for file in /usr/bin/gnunet-helper-exit \
169 # Secure access to the data directory 169 /usr/bin/gnunet-helper-nat-client \
170 chmod 0700 "${GNUNET_HOME}" || true 170 /usr/bin/gnunet-helper-nat-server \
171 # Restrict access on setuid binaries 171 /usr/bin/gnunet-helper-transport-bluetooth \
172 for file in /usr/bin/gnunet-helper-exit \ 172 /usr/bin/gnunet-helper-transport-wlan \
173 /usr/bin/gnunet-helper-nat-client \ 173 /usr/bin/gnunet-helper-vpn; do
174 /usr/bin/gnunet-helper-nat-server \ 174 # only do something when no setting exists
175 /usr/bin/gnunet-helper-transport-bluetooth \ 175 if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]; then
176 /usr/bin/gnunet-helper-transport-wlan \ 176 chown root:${_GROUPNAME} $file
177 /usr/bin/gnunet-helper-vpn 177 chmod 4750 $file
178 do 178 fi
179 # only do something when no setting exists 179 done
180 if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ] 180 if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 &&
181 then 181 [ -e /usr/bin/gnunet-helper-dns ]; then
182 chown root:${_GROUPNAME} $file 182 chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
183 chmod 4750 $file 183 chmod 4750 /usr/bin/gnunet-helper-dns
184 fi 184 fi
185 done 185 if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 &&
186 if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \ 186 [ -e /usr/bin/gnunet-service-dns ]; then
187 && [ -e /usr/bin/gnunet-helper-dns ] 187 chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
188 then 188 chmod 2750 /usr/bin/gnunet-service-dns
189 chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns 189 fi
190 chmod 4750 /usr/bin/gnunet-helper-dns 190 echo " done."
191 fi 191
192 if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \ 192 echo "All done."
193 && [ -e /usr/bin/gnunet-service-dns ] 193
194 then 194 ;;
195 chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns 195
196 chmod 2750 /usr/bin/gnunet-service-dns 196abort-upgrade | abort-remove | abort-deconfigure) ;;
197 fi 197
198 echo " done." 198\
199 199 \
200 echo "All done." 200 *)
201 201 echo "postinst called with unknown argument \`${1}'" >&2
202 ;; 202 exit 1
203 203 ;;
204 abort-upgrade|abort-remove|abort-deconfigure)
205
206 ;;
207
208 *)
209 echo "postinst called with unknown argument \`${1}'" >&2
210 exit 1
211 ;;
212esac 204esac
213 205
214#DEBHELPER# 206#DEBHELPER#