diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 87 | ||||
-rw-r--r-- | debian/control | 2 | ||||
-rw-r--r-- | debian/gnunet.config | 6 | ||||
-rw-r--r-- | debian/gnunet.dirs | 1 | ||||
-rw-r--r-- | debian/gnunet.install | 6 | ||||
-rw-r--r-- | debian/gnunet.postinst | 435 | ||||
-rw-r--r-- | debian/gnunet.postrm | 118 | ||||
-rw-r--r-- | debian/gnunet.service | 12 | ||||
-rw-r--r-- | debian/gnunet.templates | 25 | ||||
-rwxr-xr-x | debian/rules | 7 |
10 files changed, 312 insertions, 387 deletions
diff --git a/debian/changelog b/debian/changelog index a078f81c5..b330ee4ee 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,90 @@ | |||
1 | gnunet (0.15.3) unstable; urgency=low | ||
2 | |||
3 | * New upstream release, bumping version. | ||
4 | |||
5 | -- Christian Grothoff <grothoff@gnu.org> Sat, 28 Aug 2021 21:14:18 +0200 | ||
6 | |||
7 | gnunet (0.15.2) unstable; urgency=low | ||
8 | |||
9 | * New upstream release, bumping version. | ||
10 | * Fixes linker issues. Very strange that Debian insists on explicit indirect dependencies for plugins. | ||
11 | |||
12 | -- Christian Grothoff <grothoff@gnu.org> Tue, 24 Aug 2021 21:14:18 +0200 | ||
13 | |||
14 | gnunet (0.15.1) unstable; urgency=low | ||
15 | |||
16 | * New upstream release, bumping version. | ||
17 | |||
18 | -- Christian Grothoff <grothoff@gnu.org> Mon, 23 Aug 2021 21:14:18 +0200 | ||
19 | |||
20 | gnunet (0.15.0) unstable; urgency=low | ||
21 | |||
22 | * New upstream release, bumping version. | ||
23 | |||
24 | -- Florian Dold <florian@dold.me> Sun, 08 Aug 2021 21:14:18 +0200 | ||
25 | |||
26 | gnunet (0.14.1-13) unstable; urgency=low | ||
27 | |||
28 | * Minor upstream fixes. | ||
29 | |||
30 | -- Florian Dold <florian@dold.me> Fri, 06 Aug 2021 11:56:29 +0200 | ||
31 | |||
32 | gnunet (0.14.1-12) unstable; urgency=low | ||
33 | |||
34 | * Lower debhelper compatibility level to 12. | ||
35 | * Do not inject user units in postinst for now. | ||
36 | * Tweaks to packaging. | ||
37 | |||
38 | -- Florian Dold <florian@dold.me> Sat, 31 Jul 2021 20:04:42 +0200 | ||
39 | |||
40 | gnunet (0.14.1-11) unstable; urgency=low | ||
41 | |||
42 | * Make configuration parsing more permissive. | ||
43 | |||
44 | -- Florian Dold <florian@dold.me> Sat, 31 Jul 2021 20:04:42 +0200 | ||
45 | |||
46 | gnunet (0.14.1-10) unstable; urgency=low | ||
47 | |||
48 | * Do not remove users/groups in postrm. | ||
49 | |||
50 | -- Florian Dold <florian@dold.me> Sat, 31 Jul 2021 16:46:13 +0200 | ||
51 | |||
52 | gnunet (0.14.1-9) unstable; urgency=low | ||
53 | |||
54 | * Fix some bugs in configuration file parsing. | ||
55 | |||
56 | -- Florian Dold <florian@dold.me> Sat, 31 Jul 2021 16:08:19 +0200 | ||
57 | |||
58 | gnunet (0.14.1-8) unstable; urgency=low | ||
59 | |||
60 | * Allow configuration entry point to fall back to /etc/. | ||
61 | |||
62 | -- Florian Dold <florian@dold.me> Thu, 29 Jul 2021 15:03:08 +0200 | ||
63 | |||
64 | gnunet (0.14.1-7) unstable; urgency=low | ||
65 | |||
66 | * Implement new configuration directives and diagnostics. | ||
67 | |||
68 | -- Florian Dold <florian@dold.me> Wed, 28 Jul 2021 21:23:36 +0200 | ||
69 | |||
70 | gnunet (0.14.1-6) unstable; urgency=low | ||
71 | |||
72 | * Fix path resolution of inlined config files. | ||
73 | |||
74 | -- Florian Dold <florian@dold.me> Mon, 26 Jul 2021 19:35:45 +0200 | ||
75 | |||
76 | gnunet (0.14.1-5) unstable; urgency=low | ||
77 | |||
78 | * New JSON construction helpers. | ||
79 | |||
80 | -- Florian Dold <florian@dold.me> Mon, 26 Jul 2021 17:49:20 +0200 | ||
81 | |||
82 | gnunet (0.14.1-4) unstable; urgency=low | ||
83 | |||
84 | * New absolute/relative time helpers. | ||
85 | |||
86 | -- Florian Dold <florian@dold.me> Mon, 26 Jul 2021 15:44:44 +0200 | ||
87 | |||
1 | gnunet (0.14.1-3) unstable; urgency=low | 88 | gnunet (0.14.1-3) unstable; urgency=low |
2 | 89 | ||
3 | * Allow decoding larger JSON objects than 1 kb. | 90 | * Allow decoding larger JSON objects than 1 kb. |
diff --git a/debian/control b/debian/control index 01b549286..57acc6e1e 100644 --- a/debian/control +++ b/debian/control | |||
@@ -6,7 +6,7 @@ Build-Depends: | |||
6 | autoconf (>=2.59), | 6 | autoconf (>=2.59), |
7 | automake (>=1.11.1), | 7 | automake (>=1.11.1), |
8 | autopoint, | 8 | autopoint, |
9 | debhelper-compat (= 13), | 9 | debhelper-compat (= 12), |
10 | gettext, | 10 | gettext, |
11 | iptables, | 11 | iptables, |
12 | libbluetooth-dev, | 12 | libbluetooth-dev, |
diff --git a/debian/gnunet.config b/debian/gnunet.config index 6daa6818e..ebb94c56f 100644 --- a/debian/gnunet.config +++ b/debian/gnunet.config | |||
@@ -4,12 +4,6 @@ set -e | |||
4 | 4 | ||
5 | . /usr/share/debconf/confmodule | 5 | . /usr/share/debconf/confmodule |
6 | 6 | ||
7 | db_input low gnunet-systempeer/username || true | ||
8 | db_go | ||
9 | |||
10 | db_input low gnunet-systempeer/groupname || true | ||
11 | db_go | ||
12 | |||
13 | db_input medium gnunet-systempeer/autostart || true | 7 | db_input medium gnunet-systempeer/autostart || true |
14 | db_go | 8 | db_go |
15 | 9 | ||
diff --git a/debian/gnunet.dirs b/debian/gnunet.dirs index 1e2a7d4c0..e6da73664 100644 --- a/debian/gnunet.dirs +++ b/debian/gnunet.dirs | |||
@@ -1,2 +1 @@ | |||
1 | var/lib/gnunet | var/lib/gnunet | |
2 | var/log/gnunetd | ||
diff --git a/debian/gnunet.install b/debian/gnunet.install index 0de11b4c2..a19f47cc8 100644 --- a/debian/gnunet.install +++ b/debian/gnunet.install | |||
@@ -1,13 +1,9 @@ | |||
1 | etc/gnunet.conf | 1 | etc/gnunet.conf |
2 | usr/bin/ | 2 | usr/bin/ |
3 | usr/libexec/gnunet-cmds-helper | ||
3 | usr/lib/*/gnunet/ | 4 | usr/lib/*/gnunet/ |
4 | usr/lib/*/*.so.* | 5 | usr/lib/*/*.so.* |
5 | usr/share/man/ | 6 | usr/share/man/ |
6 | usr/share/info/ | 7 | usr/share/info/ |
7 | usr/share/doc/gnunet/ | 8 | usr/share/doc/gnunet/ |
8 | usr/share/gnunet/ | 9 | usr/share/gnunet/ |
9 | debian/etc/skel/.config/ etc/skel/ | ||
10 | debian/etc/skel/.config/gnunet.conf etc/skel/.config/ | ||
11 | debian/etc/skel/.config/systemd etc/skel/.config/ | ||
12 | debian/etc/skel/.config/systemd/gnunet-user-gns-proxy.service etc/skel/.config/systemd/ | ||
13 | debian/etc/skel/.config/systemd/gnunet-userpeer.service etc/skel/.config/systemd/ | ||
diff --git a/debian/gnunet.postinst b/debian/gnunet.postinst index b6317f5be..fe36500c0 100644 --- a/debian/gnunet.postinst +++ b/debian/gnunet.postinst | |||
@@ -9,13 +9,13 @@ set -e | |||
9 | # in /etc/nsswitch.conf to automatically enable nss-gns support; do not change | 9 | # in /etc/nsswitch.conf to automatically enable nss-gns support; do not change |
10 | # the configuration if the "hosts" line already references some gns lookups | 10 | # the configuration if the "hosts" line already references some gns lookups |
11 | insert_gns() { | 11 | insert_gns() { |
12 | echo -n "Checking NSS setup..." | 12 | echo -n "Checking NSS setup..." |
13 | # abort if /etc/nsswitch.conf does not exist | 13 | # abort if /etc/nsswitch.conf does not exist |
14 | if ! [ -e /etc/nsswitch.conf ]; then | 14 | if ! [ -e /etc/nsswitch.conf ]; then |
15 | echo "Could not find /etc/nsswitch.conf." | 15 | echo "Could not find /etc/nsswitch.conf." |
16 | return 1 | 16 | return 1 |
17 | fi | 17 | fi |
18 | perl -i -pe ' | 18 | perl -i -pe ' |
19 | sub insert { | 19 | sub insert { |
20 | # this also splits on tab | 20 | # this also splits on tab |
21 | my @bits=split(" ", shift); | 21 | my @bits=split(" ", shift); |
@@ -35,270 +35,169 @@ insert_gns() { | |||
35 | } | 35 | } |
36 | s/^(hosts:\s+)(.*)/$1.insert($2)/e; | 36 | s/^(hosts:\s+)(.*)/$1.insert($2)/e; |
37 | ' /etc/nsswitch.conf | 37 | ' /etc/nsswitch.conf |
38 | echo " done." | 38 | echo " done." |
39 | } | 39 | } |
40 | 40 | ||
41 | case "${1}" in | 41 | case "${1}" in |
42 | configure) | 42 | configure) |
43 | db_version 2.0 | 43 | db_version 2.0 |
44 | 44 | ||
45 | db_get gnunet-systempeer/username | 45 | _USERNAME="gnunet" |
46 | _USERNAME="${RET:-gnunet}" | 46 | _GROUPNAME="gnunet" |
47 | 47 | ||
48 | db_get gnunet-systempeer/groupname | 48 | db_get gnunet-systempeer/autostart |
49 | _GROUPNAME="${RET:-gnunet}" | 49 | _AUTOSTART="${RET}" # boolean |
50 | 50 | ||
51 | db_get gnunet-systempeer/autostart | 51 | db_get gnunet-dns/libnsswitch |
52 | _AUTOSTART="${RET}" # boolean | 52 | _LIBNSSWITCH="${RET}" # boolean |
53 | 53 | ||
54 | db_get gnunet-dns/libnsswitch | 54 | db_get gnunet-user/proxy |
55 | _LIBNSSWITCH="${RET}" # boolean | 55 | _PROXY="${RET}" # boolean |
56 | 56 | ||
57 | db_get gnunet-user/proxy | 57 | db_stop |
58 | _PROXY="${RET}" # boolean | 58 | |
59 | 59 | # Read default values | |
60 | db_stop | 60 | GNUNET_HOME="/var/lib/gnunet" |
61 | 61 | ||
62 | CONFIG_FILE="/etc/default/gnunet" | 62 | # Creating gnunet group if needed |
63 | 63 | if ! getent group ${_GROUPNAME} >/dev/null; then | |
64 | # Read default values | 64 | echo -n "Creating new GNUnet group ${_GROUPNAME}:" |
65 | GNUNET_HOME="/var/lib/gnunet" | 65 | addgroup --quiet --system ${_GROUPNAME} |
66 | eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]') | 66 | echo " done." |
67 | 67 | fi | |
68 | # Creating gnunet group if needed | 68 | |
69 | if ! getent group ${_GROUPNAME} > /dev/null | 69 | # Creating gnunet user if needed |
70 | then | 70 | if ! getent passwd ${_USERNAME} >/dev/null; then |
71 | echo -n "Creating new GNUnet group ${_GROUPNAME}:" | 71 | echo -n "Creating new GNUnet user ${_USERNAME}:" |
72 | addgroup --quiet --system ${_GROUPNAME} | 72 | adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME} |
73 | echo " done." | 73 | echo " done." |
74 | fi | 74 | fi |
75 | 75 | ||
76 | # Creating gnunet user if needed | 76 | # Add a special secured group |
77 | if ! getent passwd ${_USERNAME} > /dev/null | 77 | GNUNETDNS_GROUP="gnunetdns" |
78 | then | 78 | |
79 | echo -n "Creating new GNUnet user ${_USERNAME}:" | 79 | # Creating gnunetdns group if needed |
80 | adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME} | 80 | if ! getent group ${GNUNETDNS_GROUP} >/dev/null; then |
81 | echo " done." | 81 | echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:" |
82 | fi | 82 | addgroup --quiet --system ${GNUNETDNS_GROUP} |
83 | 83 | echo " done." | |
84 | # Add a special secured group | 84 | fi |
85 | GNUNETDNS_GROUP="gnunetdns" | 85 | |
86 | 86 | # Copy the libnss_gns files to the libnss directory | |
87 | # Creating gnunetdns group if needed | 87 | if ${_LIBNSSWITCH}; then |
88 | if ! getent group ${GNUNETDNS_GROUP} > /dev/null | 88 | echo "Editing /etc/nsswitch.conf to use GNS before DNS" |
89 | then | 89 | # $2 equals the currently installed version if it exists |
90 | echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:" | 90 | if [ -z "$2" ]; then |
91 | addgroup --quiet --system ${GNUNETDNS_GROUP} | 91 | # first install: setup the recommended configuration (unless |
92 | echo " done." | 92 | # nsswitch.conf already contains mdns entries) |
93 | fi | 93 | insert_gns |
94 | 94 | if [ "$?" -gt 0 ]; then | |
95 | # Copy the libnss_gns files to the libnss directory | 95 | echo "nsswitch does not exist on this system" |
96 | if ${_LIBNSSWITCH} | 96 | fi |
97 | then | 97 | fi |
98 | echo "Editing /etc/nsswitch.conf to use GNS before DNS" | 98 | echo " done." |
99 | # $2 equals the currently installed version if it exists | 99 | fi |
100 | if [ -z "$2" ]; then | 100 | |
101 | # first install: setup the recommended configuration (unless | 101 | # # Change the proxy settings for Firefox and Chromium if desired |
102 | # nsswitch.conf already contains mdns entries) | 102 | # if ${_PROXY} |
103 | insert_gns | 103 | # then |
104 | if [ "$?" -gt 0 ]; then | 104 | # mkdir -p /etc/X11/xinit/xinitrc.d/ |
105 | echo "nsswitch does not exist on this system" | 105 | #cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF" |
106 | fi | 106 | ##!/bin/bash |
107 | fi | 107 | #systemctl --user daemon-reload |
108 | echo " done." | 108 | #systemctl --user start gnunet-user |
109 | fi | 109 | #systemctl --user enable gnunet-user |
110 | 110 | #user=$(whoami) | |
111 | # Install GNUnet configuration for all users provided non exists | 111 | #gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES') |
112 | userlist=$(awk -F ':' '$3>=1000 && $3<2000 {print $1}' /etc/passwd) | 112 | # |
113 | users=($userlist) | 113 | ## Enable GNS proxy for new users informed by /etc/skel. |
114 | homedirlist=$(awk -F ':' '$3>=1000 && $3<2000 {print $6}' /etc/passwd) | 114 | #if [ "$gnunet_proxy" ]; then |
115 | homedirs=($homedirlist) | 115 | # |
116 | 116 | # # Calculate user specific port | |
117 | for (( i=0; i<${#users[@]}; i++ )); do | 117 | # port=$((8000+$(id -u $user))) |
118 | usermod -aG gnunet ${users[$i]} | 118 | # |
119 | if [ -n "$i" ] && [ -d "${homedirs[$i]}" ]; then | 119 | # gnunet-config -c $HOME/.config/gnunet.conf \ |
120 | mkdir -p ${homedirs[$i]}/.config/systemd/user/ | 120 | # --section=gns-proxy \ |
121 | 121 | # --option=OPTIONS \ | |
122 | cat > "${homedirs[$i]}/.config/systemd/user/gnunet-user.service" << EOF | 122 | # --value="-p $port" |
123 | # Copyright (C) 2019 GNUnet e.V. | 123 | # |
124 | # | 124 | # # Firefox |
125 | # Copying and distribution of this file, with or without modification, | 125 | # defaultprofile=$(ls $HOME/.mozilla/firefox/*.default) |
126 | # are permitted in any medium without royalty provided the copyright | 126 | # if [ ! "$defaultprofile" ];then |
127 | # notice and this notice are preserved. This file is offered as-is, | 127 | # timeout 3s firefox --headless # dirty: create profile if not existent |
128 | # without any warranty. | 128 | # fi |
129 | 129 | # for ffprofile in $HOME/.mozilla/firefox/*.*/; do | |
130 | [Unit] | 130 | # js=$ffprofile/user.js |
131 | Description=Service that runs a GNUnet for the user gnunet | 131 | # if [ -f "$js" ]; then |
132 | After=network.target | 132 | # sed -i '/Preferences for using the GNU Name System/d' "$js" |
133 | 133 | # sed -i '/network.proxy.socks/d' "$js" | |
134 | [Service] | 134 | # sed -i '/network.proxy.socks_port/d' "$js" |
135 | Type=forking | 135 | # sed -i '/network.proxy.socks_remote_dns/d' "$js" |
136 | ExecStart=/usr/bin/gnunet-arm -s -c ${homedirs[$i]}/.config/gnunet.conf | 136 | # sed -i '/network.proxy.type/d' "$js" |
137 | ExecStop=/usr/bin/gnunet-arm -e -c ${homedirs[$i]}/.config/gnunet.conf | 137 | # fi |
138 | 138 | # echo "// Preferences for using the GNU Name System" >> "$js" | |
139 | [Install] | 139 | # echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js" |
140 | WantedBy=multi-user.target | 140 | # echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js" |
141 | EOF | 141 | # echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js" |
142 | 142 | # echo "user_pref(\"network.proxy.type\", 1);" >> "$js" | |
143 | chown "${users[$i]}":"${users[$i]}" "${homedirs[$i]}/.config/systemd/user/gnunet-user.service" | 143 | # done |
144 | if [ ! -f "${homedirs[$i]}/.config/gnunet.conf" ]; then | 144 | # |
145 | mkdir -p ${homedirs[$i]}/.config/ | 145 | # # Chromium |
146 | cp /etc/skel/.config/gnunet.conf "${homedirs[$i]}/.config/gnunet.conf" | 146 | # profile="$HOME/.profile" |
147 | chmod 644 "${homedirs[$i]}/.config/gnunet.conf" | 147 | # if [ -f "$profile" ]; then |
148 | fi | 148 | # sed -i '/CHROMIUM_USER_FLAGS/d' "$profile" |
149 | fi | 149 | # fi |
150 | port=$((8000+$(id -u "${users[$i]}"))) | 150 | # echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \ |
151 | gnunet-config -c "${homedirs[$i]}/.config/gnunet.conf" \ | 151 | # >> "$profile" |
152 | --section=gns-proxy \ | 152 | #fi |
153 | --option=IMMEDIATE_START \ | 153 | # |
154 | --value=YES | 154 | ## Create/Renew GNS certificate authority (CA) per user. |
155 | gnunet-config -c "${homedirs[$i]}/.config/gnunet.conf" \ | 155 | #gnunet-gns-proxy-setup-ca |
156 | --section=gns-proxy \ | 156 | #EOF |
157 | --option=OPTIONS \ | 157 | # fi |
158 | --value="-p $port" | 158 | |
159 | chown "${users[$i]}":"${users[$i]}" "${homedirs[$i]}/.config/gnunet.conf" | 159 | # Update files and directories permissions. |
160 | done | 160 | # Assuming default values, this *should* not be changed. |
161 | 161 | echo -n "Updating files and directories permissions:" | |
162 | # Change the proxy settings for Firefox and Chromium if desired | 162 | # Secure access to the data directory |
163 | if ${_PROXY} | 163 | chmod 0700 "${GNUNET_HOME}" || true |
164 | then | 164 | # Restrict access on setuid binaries |
165 | mkdir -p /etc/X11/xinit/xinitrc.d/ | 165 | for file in /usr/bin/gnunet-helper-exit \ |
166 | cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF" | 166 | /usr/bin/gnunet-helper-nat-client \ |
167 | #!/bin/bash | 167 | /usr/bin/gnunet-helper-nat-server \ |
168 | systemctl --user daemon-reload | 168 | /usr/bin/gnunet-helper-transport-bluetooth \ |
169 | systemctl --user start gnunet-user | 169 | /usr/bin/gnunet-helper-transport-wlan \ |
170 | systemctl --user enable gnunet-user | 170 | /usr/bin/gnunet-helper-vpn; do |
171 | user=$(whoami) | 171 | # only do something when no setting exists |
172 | gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES') | 172 | if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]; then |
173 | 173 | chown root:${_GROUPNAME} $file | |
174 | # Enable GNS proxy for new users informed by /etc/skel. | 174 | chmod 4750 $file |
175 | if [ "$gnunet_proxy" ]; then | 175 | fi |
176 | 176 | done | |
177 | # Calculate user specific port | 177 | if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 && |
178 | port=$((8000+$(id -u $user))) | 178 | [ -e /usr/bin/gnunet-helper-dns ]; then |
179 | 179 | chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns | |
180 | gnunet-config -c $HOME/.config/gnunet.conf \ | 180 | chmod 4750 /usr/bin/gnunet-helper-dns |
181 | --section=gns-proxy \ | 181 | fi |
182 | --option=OPTIONS \ | 182 | if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 && |
183 | --value="-p $port" | 183 | [ -e /usr/bin/gnunet-service-dns ]; then |
184 | 184 | chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns | |
185 | # Firefox | 185 | chmod 2750 /usr/bin/gnunet-service-dns |
186 | defaultprofile=$(ls $HOME/.mozilla/firefox/*.default) | 186 | fi |
187 | if [ ! "$defaultprofile" ];then | 187 | echo " done." |
188 | timeout 3s firefox --headless # dirty: create profile if not existent | 188 | |
189 | fi | 189 | echo "All done." |
190 | for ffprofile in $HOME/.mozilla/firefox/*.*/; do | 190 | |
191 | js=$ffprofile/user.js | 191 | ;; |
192 | if [ -f "$js" ]; then | 192 | |
193 | sed -i '/Preferences for using the GNU Name System/d' "$js" | 193 | abort-upgrade | abort-remove | abort-deconfigure) ;; |
194 | sed -i '/network.proxy.socks/d' "$js" | 194 | |
195 | sed -i '/network.proxy.socks_port/d' "$js" | 195 | \ |
196 | sed -i '/network.proxy.socks_remote_dns/d' "$js" | 196 | \ |
197 | sed -i '/network.proxy.type/d' "$js" | 197 | *) |
198 | fi | 198 | echo "postinst called with unknown argument \`${1}'" >&2 |
199 | echo "// Preferences for using the GNU Name System" >> "$js" | 199 | exit 1 |
200 | echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js" | 200 | ;; |
201 | echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js" | ||
202 | echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js" | ||
203 | echo "user_pref(\"network.proxy.type\", 1);" >> "$js" | ||
204 | done | ||
205 | |||
206 | # Chromium | ||
207 | profile="$HOME/.profile" | ||
208 | if [ -f "$profile" ]; then | ||
209 | sed -i '/CHROMIUM_USER_FLAGS/d' "$profile" | ||
210 | fi | ||
211 | echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \ | ||
212 | >> "$profile" | ||
213 | fi | ||
214 | |||
215 | # Create/Renew GNS certificate authority (CA) per user. | ||
216 | gnunet-gns-proxy-setup-ca | ||
217 | EOF | ||
218 | fi | ||
219 | |||
220 | # Update files and directories permissions. | ||
221 | # Assuming default values, this *should* not be changed. | ||
222 | echo -n "Updating files and directories permissions:" | ||
223 | chown -R ${_USERNAME}:${_GROUPNAME} /var/log/gnunetd | ||
224 | chown -R ${_USERNAME}:${_GROUPNAME} ${GNUNET_HOME} | ||
225 | # Secure access to the data directory | ||
226 | chmod 0700 "${GNUNET_HOME}" || true | ||
227 | # Restrict access on setuid binaries | ||
228 | for file in /usr/bin/gnunet-helper-exit \ | ||
229 | /usr/bin/gnunet-helper-nat-client \ | ||
230 | /usr/bin/gnunet-helper-nat-server \ | ||
231 | /usr/bin/gnunet-helper-transport-bluetooth \ | ||
232 | /usr/bin/gnunet-helper-transport-wlan \ | ||
233 | /usr/bin/gnunet-helper-vpn | ||
234 | do | ||
235 | # only do something when no setting exists | ||
236 | if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ] | ||
237 | then | ||
238 | chown root:${_GROUPNAME} $file | ||
239 | chmod 4750 $file | ||
240 | fi | ||
241 | done | ||
242 | if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \ | ||
243 | && [ -e /usr/bin/gnunet-helper-dns ] | ||
244 | then | ||
245 | chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns | ||
246 | chmod 4750 /usr/bin/gnunet-helper-dns | ||
247 | fi | ||
248 | if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \ | ||
249 | && [ -e /usr/bin/gnunet-service-dns ] | ||
250 | then | ||
251 | chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns | ||
252 | chmod 2750 /usr/bin/gnunet-service-dns | ||
253 | fi | ||
254 | echo " done." | ||
255 | |||
256 | # Writing new values to configuration file | ||
257 | echo -n "Writing new configuration file:" | ||
258 | CONFIG_NEW=$(tempfile) | ||
259 | |||
260 | cat > "${CONFIG_NEW}" <<EOF | ||
261 | # This file controls the behaviour of the GNUnet init script. | ||
262 | # It will be parsed as a shell script. | ||
263 | # please do not edit by hand, use 'dpkg-reconfigure gnunet-systempeer'. | ||
264 | |||
265 | GNUNET_USER=${_USERNAME} | ||
266 | GNUNET_GROUP=${_GROUPNAME} | ||
267 | GNUNET_AUTOSTART="${_AUTOSTART}" | ||
268 | EOF | ||
269 | |||
270 | cat > "/etc/systemd/system/gnunet.service" <<EOF | ||
271 | [Unit] | ||
272 | Description=A framework for secure peer-to-peer networking | ||
273 | |||
274 | [Service] | ||
275 | EnvironmentFile=/etc/default/gnunet | ||
276 | User=${_USERNAME} | ||
277 | Type=forking | ||
278 | ExecStart=/usr/bin/gnunet-arm -s -c /etc/gnunet.conf | ||
279 | ExecStop=/usr/bin/gnunet-arm -e -c /etc/gnunet.conf | ||
280 | |||
281 | [Install] | ||
282 | WantedBy=multi-user.target | ||
283 | EOF | ||
284 | |||
285 | cp -f "${CONFIG_NEW}" "${CONFIG_FILE}" | ||
286 | echo " done." | ||
287 | |||
288 | # Cleaning | ||
289 | rm -f "${CONFIG_NEW}" | ||
290 | echo "All done." | ||
291 | |||
292 | ;; | ||
293 | |||
294 | abort-upgrade|abort-remove|abort-deconfigure) | ||
295 | |||
296 | ;; | ||
297 | |||
298 | *) | ||
299 | echo "postinst called with unknown argument \`${1}'" >&2 | ||
300 | exit 1 | ||
301 | ;; | ||
302 | esac | 201 | esac |
303 | 202 | ||
304 | #DEBHELPER# | 203 | #DEBHELPER# |
diff --git a/debian/gnunet.postrm b/debian/gnunet.postrm index 2c3887202..592fe04a1 100644 --- a/debian/gnunet.postrm +++ b/debian/gnunet.postrm | |||
@@ -2,25 +2,12 @@ | |||
2 | 2 | ||
3 | set -e | 3 | set -e |
4 | 4 | ||
5 | pathfind() { | ||
6 | OLDIFS="$IFS" | ||
7 | IFS=: | ||
8 | for p in $PATH; do | ||
9 | if [ -x "$p/$*" ]; then | ||
10 | IFS="$OLDIFS" | ||
11 | return 0 | ||
12 | fi | ||
13 | done | ||
14 | IFS="$OLDIFS" | ||
15 | return 1 | ||
16 | } | ||
17 | |||
18 | remove_gns() { | 5 | remove_gns() { |
19 | # abort if /etc/nsswitch.conf does not exist | 6 | # abort if /etc/nsswitch.conf does not exist |
20 | if ! [ -e /etc/nsswitch.conf ]; then | 7 | if ! [ -e /etc/nsswitch.conf ]; then |
21 | return | 8 | return |
22 | fi | 9 | fi |
23 | perl -i -pe ' | 10 | perl -i -pe ' |
24 | my @remove=( | 11 | my @remove=( |
25 | "gns [NOTFOUND=return]", | 12 | "gns [NOTFOUND=return]", |
26 | ); | 13 | ); |
@@ -35,67 +22,44 @@ remove_gns() { | |||
35 | ' /etc/nsswitch.conf | 22 | ' /etc/nsswitch.conf |
36 | } | 23 | } |
37 | 24 | ||
25 | _USERNAME="gnunet" | ||
26 | _GROUPNAME="gnunet" | ||
27 | GNUNETDNS_GROUP="gnunetdns" | ||
28 | if [ -e /usr/share/debconf/confmodule ]; then | ||
29 | . /usr/share/debconf/confmodule | ||
30 | db_version 2.0 | ||
38 | 31 | ||
39 | case "${1}" in | 32 | db_get gnunet-dns/libnsswitch |
40 | purge) | 33 | _LIBNSSWITCH="${RET}" |
41 | if [ -e /usr/share/debconf/confmodule ] | 34 | fi |
42 | then | ||
43 | . /usr/share/debconf/confmodule | ||
44 | db_version 2.0 | ||
45 | |||
46 | db_get gnunet-systempeer/username | ||
47 | _USERNAME="${RET:-gnunet}" | ||
48 | |||
49 | db_get gnunet-systempeer/groupname | ||
50 | _GROUPNAME="${RET:-gnunet}" | ||
51 | |||
52 | db_get gnunet-dns/libnsswitch | ||
53 | _LIBNSSWITCH="${RET}" | ||
54 | else | ||
55 | _USERNAME="gnunet" | ||
56 | _GROUPNAME="gnunet" | ||
57 | fi | ||
58 | |||
59 | GNUNETDNS_GROUP="gnunetdns" | ||
60 | |||
61 | if $_LIBNSSWITCH | ||
62 | then | ||
63 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 | ||
64 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 | ||
65 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 | ||
66 | remove_gns | ||
67 | fi | ||
68 | 35 | ||
69 | if pathfind deluser | 36 | case "${1}" in |
70 | then | 37 | purge) |
71 | deluser --quiet --system ${_USERNAME} || true | 38 | if $_LIBNSSWITCH; then |
72 | fi | 39 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 |
73 | 40 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 | |
74 | if pathfind delgroup | 41 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 |
75 | then | 42 | remove_gns |
76 | delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true | 43 | fi |
77 | delgroup --quiet --system --only-if-empty ${GNUNETDNS_GROUP} || true | 44 | |
78 | fi | 45 | rm -rf /var/log/gnunet.log /var/lib/gnunet /etc/default/gnunet |
79 | 46 | ;; | |
80 | rm -rf /var/log/gnunet.log /var/lib/gnunet /etc/default/gnunet | 47 | |
81 | ;; | 48 | remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) |
82 | 49 | ||
83 | remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) | 50 | if $_LIBNSSWITCH; then |
84 | 51 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 | |
85 | if $_LIBNSSWITCH | 52 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 |
86 | then | 53 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 |
87 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 | 54 | remove_gns |
88 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 | 55 | fi |
89 | rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 | 56 | |
90 | remove_gns | 57 | ;; |
91 | fi | 58 | |
92 | 59 | *) | |
93 | ;; | 60 | echo "postrm called with unknown argument \`${1}'" >&2 |
94 | 61 | exit 1 | |
95 | *) | 62 | ;; |
96 | echo "postrm called with unknown argument \`${1}'" >&2 | ||
97 | exit 1 | ||
98 | ;; | ||
99 | esac | 63 | esac |
100 | 64 | ||
101 | #DEBHELPER# | 65 | #DEBHELPER# |
diff --git a/debian/gnunet.service b/debian/gnunet.service index 4b650e5ff..b538802c4 100644 --- a/debian/gnunet.service +++ b/debian/gnunet.service | |||
@@ -1,12 +1,12 @@ | |||
1 | [Unit] | 1 | [Unit] |
2 | Description=A framework for secure peer-to-peer networking | 2 | Description=GNUnet system service |
3 | After=network.target | ||
3 | 4 | ||
4 | [Service] | 5 | [Service] |
5 | EnvironmentFile=/etc/default/gnunet | 6 | Type=simple |
6 | User=${GNUNET_USER} | 7 | User=gnunet |
7 | Type=forking | 8 | ExecStart=/usr/lib/gnunet/libexec/gnunet-service-arm -c /etc/gnunet.conf |
8 | ExecStart=/usr/bin/gnunet-arm -s -c /etc/gnunet.conf | 9 | StateDirectory=gnunet |
9 | ExecStop=/usr/bin/gnunet-arm -e -c /etc/gnunet.conf | ||
10 | 10 | ||
11 | [Install] | 11 | [Install] |
12 | WantedBy=multi-user.target | 12 | WantedBy=multi-user.target |
diff --git a/debian/gnunet.templates b/debian/gnunet.templates index 074fb41fe..df74f77f0 100644 --- a/debian/gnunet.templates +++ b/debian/gnunet.templates | |||
@@ -1,25 +1,6 @@ | |||
1 | Template: gnunet-systempeer/username | ||
2 | Type: string | ||
3 | Default: gnunet | ||
4 | _Description: GNUnet user: | ||
5 | Please choose the user that the GNUnet server process will run as. | ||
6 | . | ||
7 | This should be a dedicated account. If the specified account does not | ||
8 | already exist, it will automatically be created, with no login shell. | ||
9 | |||
10 | Template: gnunet-systempeer/groupname | ||
11 | Type: string | ||
12 | Default: gnunet | ||
13 | _Description: GNUnet group: | ||
14 | Please choose the group that the GNUnet peer process will run as. | ||
15 | . | ||
16 | This should be a dedicated group, not one that already owns data. | ||
17 | Only the members of this group will have access to GNUnet data, and | ||
18 | be allowed to start and stop the GNUnet server. | ||
19 | |||
20 | Template: gnunet-systempeer/autostart | 1 | Template: gnunet-systempeer/autostart |
21 | Type: boolean | 2 | Type: boolean |
22 | Default: true | 3 | Default: false |
23 | _Description: Should the GNUnet server be launched on boot? | 4 | _Description: Should the GNUnet server be launched on boot? |
24 | If you choose this option, a GNUnet peer will be launched each time | 5 | If you choose this option, a GNUnet peer will be launched each time |
25 | the system is started. Otherwise, you will need to launch | 6 | the system is started. Otherwise, you will need to launch |
@@ -27,7 +8,7 @@ _Description: Should the GNUnet server be launched on boot? | |||
27 | 8 | ||
28 | Template: gnunet-dns/libnsswitch | 9 | Template: gnunet-dns/libnsswitch |
29 | Type: boolean | 10 | Type: boolean |
30 | Default: true | 11 | Default: false |
31 | _Description: Should GNS be hooked into the system resolution process? | 12 | _Description: Should GNS be hooked into the system resolution process? |
32 | If you choose this option, GNS will be hooked into the system | 13 | If you choose this option, GNS will be hooked into the system |
33 | resolution process. Records that can be resolved using GNS are | 14 | resolution process. Records that can be resolved using GNS are |
@@ -37,7 +18,7 @@ _Description: Should GNS be hooked into the system resolution process? | |||
37 | 18 | ||
38 | Template: gnunet-user/proxy | 19 | Template: gnunet-user/proxy |
39 | Type: boolean | 20 | Type: boolean |
40 | Default: true | 21 | Default: false |
41 | _Description: Use the GNU Name System in Firefox/Chromium by default?" | 22 | _Description: Use the GNU Name System in Firefox/Chromium by default?" |
42 | If you choose this option the proxy settings for Firefox and Chromium will be | 23 | If you choose this option the proxy settings for Firefox and Chromium will be |
43 | adjusted to use a user local running gnunet-gns-proxy to delegate DNS requests | 24 | adjusted to use a user local running gnunet-gns-proxy to delegate DNS requests |
diff --git a/debian/rules b/debian/rules index 69f44aa80..136100584 100755 --- a/debian/rules +++ b/debian/rules | |||
@@ -35,6 +35,9 @@ override_dh_auto_install-arch: | |||
35 | 35 | ||
36 | override_dh_auto_install-indep: | 36 | override_dh_auto_install-indep: |
37 | 37 | ||
38 | override_dh_installsystemd: | ||
39 | dh_installsystemd -pgnunet --no-start --no-enable gnunet.service | ||
40 | |||
38 | execute_after_dh_auto_install: | 41 | execute_after_dh_auto_install: |
39 | dh_link -plibgnunet-dev \ | 42 | dh_link -plibgnunet-dev \ |
40 | usr/lib/$(DEB_HOST_MULTIARCH)/gnunet/nss/libnss_gns.so.2 usr/lib/$(DEB_HOST_MULTIARCH)/libnss_gns.so \ | 43 | usr/lib/$(DEB_HOST_MULTIARCH)/gnunet/nss/libnss_gns.so.2 usr/lib/$(DEB_HOST_MULTIARCH)/libnss_gns.so \ |
@@ -46,7 +49,9 @@ override_dh_auto_clean: | |||
46 | rm -rf contrib/gnunet_janitor.py contrib/gnunet_pyexpect.py libltdl/ \ | 49 | rm -rf contrib/gnunet_janitor.py contrib/gnunet_pyexpect.py libltdl/ \ |
47 | src/integration-tests/*.py | 50 | src/integration-tests/*.py |
48 | 51 | ||
49 | # Remove files already present in libgnunet from main gnunet package | 52 | # Remove files already present in libgnunet from main gnunet package and libgnunet-dev package |
50 | override_dh_install: | 53 | override_dh_install: |
51 | dh_install | 54 | dh_install |
52 | cd debian/libgnunet; find . -type f,l -exec rm -f ../gnunet/{} \; | 55 | cd debian/libgnunet; find . -type f,l -exec rm -f ../gnunet/{} \; |
56 | cd debian/libgnunet; find . -type f,l -exec rm -f ../libgnunet-dev/{} \; | ||
57 | cd debian/gnunet; find . -type f,l -exec rm -f ../libgnunet-dev/{} \; | ||