From ec6b80f070a235cdd60b0d8904f64969cf53569c Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Sat, 28 Aug 2021 18:27:45 +0200 Subject: debian: more fixes and formatting --- debian/gnunet.config | 6 - debian/gnunet.postinst | 348 ++++++++++++++++++++++++------------------------- debian/gnunet.postrm | 66 +++++----- 3 files changed, 201 insertions(+), 219 deletions(-) diff --git a/debian/gnunet.config b/debian/gnunet.config index 6daa6818e..ebb94c56f 100644 --- a/debian/gnunet.config +++ b/debian/gnunet.config @@ -4,12 +4,6 @@ set -e . /usr/share/debconf/confmodule -db_input low gnunet-systempeer/username || true -db_go - -db_input low gnunet-systempeer/groupname || true -db_go - db_input medium gnunet-systempeer/autostart || true db_go diff --git a/debian/gnunet.postinst b/debian/gnunet.postinst index bde8b1462..d5ee9188d 100644 --- a/debian/gnunet.postinst +++ b/debian/gnunet.postinst @@ -9,13 +9,13 @@ set -e # in /etc/nsswitch.conf to automatically enable nss-gns support; do not change # the configuration if the "hosts" line already references some gns lookups insert_gns() { - echo -n "Checking NSS setup..." - # abort if /etc/nsswitch.conf does not exist - if ! [ -e /etc/nsswitch.conf ]; then - echo "Could not find /etc/nsswitch.conf." - return 1 - fi - perl -i -pe ' + echo -n "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + echo "Could not find /etc/nsswitch.conf." + return 1 + fi + perl -i -pe ' sub insert { # this also splits on tab my @bits=split(" ", shift); @@ -35,180 +35,172 @@ insert_gns() { } s/^(hosts:\s+)(.*)/$1.insert($2)/e; ' /etc/nsswitch.conf - echo " done." + echo " done." } case "${1}" in - configure) - db_version 2.0 - - _USERNAME="gnunet" - _GROUPNAME="gnunet" - - db_get gnunet-systempeer/autostart - _AUTOSTART="${RET}" # boolean - - db_get gnunet-dns/libnsswitch - _LIBNSSWITCH="${RET}" # boolean - - db_get gnunet-user/proxy - _PROXY="${RET}" # boolean - - db_stop - - CONFIG_FILE="/etc/default/gnunet" - - # Read default values - GNUNET_HOME="/var/lib/gnunet" - eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]') - - # Creating gnunet group if needed - if ! getent group ${_GROUPNAME} > /dev/null - then - echo -n "Creating new GNUnet group ${_GROUPNAME}:" - addgroup --quiet --system ${_GROUPNAME} - echo " done." - fi - - # Creating gnunet user if needed - if ! getent passwd ${_USERNAME} > /dev/null - then - echo -n "Creating new GNUnet user ${_USERNAME}:" - adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME} - echo " done." - fi - - # Add a special secured group - GNUNETDNS_GROUP="gnunetdns" - - # Creating gnunetdns group if needed - if ! getent group ${GNUNETDNS_GROUP} > /dev/null - then - echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:" - addgroup --quiet --system ${GNUNETDNS_GROUP} - echo " done." - fi - - # Copy the libnss_gns files to the libnss directory - if ${_LIBNSSWITCH} - then - echo "Editing /etc/nsswitch.conf to use GNS before DNS" - # $2 equals the currently installed version if it exists - if [ -z "$2" ]; then - # first install: setup the recommended configuration (unless - # nsswitch.conf already contains mdns entries) - insert_gns - if [ "$?" -gt 0 ]; then - echo "nsswitch does not exist on this system" - fi - fi - echo " done." - fi - -# # Change the proxy settings for Firefox and Chromium if desired -# if ${_PROXY} -# then -# mkdir -p /etc/X11/xinit/xinitrc.d/ -#cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF" -##!/bin/bash -#systemctl --user daemon-reload -#systemctl --user start gnunet-user -#systemctl --user enable gnunet-user -#user=$(whoami) -#gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES') -# -## Enable GNS proxy for new users informed by /etc/skel. -#if [ "$gnunet_proxy" ]; then -# -# # Calculate user specific port -# port=$((8000+$(id -u $user))) -# -# gnunet-config -c $HOME/.config/gnunet.conf \ -# --section=gns-proxy \ -# --option=OPTIONS \ -# --value="-p $port" -# -# # Firefox -# defaultprofile=$(ls $HOME/.mozilla/firefox/*.default) -# if [ ! "$defaultprofile" ];then -# timeout 3s firefox --headless # dirty: create profile if not existent -# fi -# for ffprofile in $HOME/.mozilla/firefox/*.*/; do -# js=$ffprofile/user.js -# if [ -f "$js" ]; then -# sed -i '/Preferences for using the GNU Name System/d' "$js" -# sed -i '/network.proxy.socks/d' "$js" -# sed -i '/network.proxy.socks_port/d' "$js" -# sed -i '/network.proxy.socks_remote_dns/d' "$js" -# sed -i '/network.proxy.type/d' "$js" -# fi -# echo "// Preferences for using the GNU Name System" >> "$js" -# echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js" -# echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js" -# echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js" -# echo "user_pref(\"network.proxy.type\", 1);" >> "$js" -# done -# -# # Chromium -# profile="$HOME/.profile" -# if [ -f "$profile" ]; then -# sed -i '/CHROMIUM_USER_FLAGS/d' "$profile" -# fi -# echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \ -# >> "$profile" -#fi -# -## Create/Renew GNS certificate authority (CA) per user. -#gnunet-gns-proxy-setup-ca -#EOF -# fi - - # Update files and directories permissions. - # Assuming default values, this *should* not be changed. - echo -n "Updating files and directories permissions:" - # Secure access to the data directory - chmod 0700 "${GNUNET_HOME}" || true - # Restrict access on setuid binaries - for file in /usr/bin/gnunet-helper-exit \ - /usr/bin/gnunet-helper-nat-client \ - /usr/bin/gnunet-helper-nat-server \ - /usr/bin/gnunet-helper-transport-bluetooth \ - /usr/bin/gnunet-helper-transport-wlan \ - /usr/bin/gnunet-helper-vpn - do - # only do something when no setting exists - if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ] - then - chown root:${_GROUPNAME} $file - chmod 4750 $file - fi - done - if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \ - && [ -e /usr/bin/gnunet-helper-dns ] - then - chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns - chmod 4750 /usr/bin/gnunet-helper-dns - fi - if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \ - && [ -e /usr/bin/gnunet-service-dns ] - then - chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns - chmod 2750 /usr/bin/gnunet-service-dns - fi - echo " done." - - echo "All done." - - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - - ;; - - *) - echo "postinst called with unknown argument \`${1}'" >&2 - exit 1 - ;; +configure) + db_version 2.0 + + _USERNAME="gnunet" + _GROUPNAME="gnunet" + + db_get gnunet-systempeer/autostart + _AUTOSTART="${RET}" # boolean + + db_get gnunet-dns/libnsswitch + _LIBNSSWITCH="${RET}" # boolean + + db_get gnunet-user/proxy + _PROXY="${RET}" # boolean + + db_stop + + CONFIG_FILE="/etc/default/gnunet" + + # Read default values + GNUNET_HOME="/var/lib/gnunet" + eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]') + + # Creating gnunet group if needed + if ! getent group ${_GROUPNAME} >/dev/null; then + echo -n "Creating new GNUnet group ${_GROUPNAME}:" + addgroup --quiet --system ${_GROUPNAME} + echo " done." + fi + + # Creating gnunet user if needed + if ! getent passwd ${_USERNAME} >/dev/null; then + echo -n "Creating new GNUnet user ${_USERNAME}:" + adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME} + echo " done." + fi + + # Add a special secured group + GNUNETDNS_GROUP="gnunetdns" + + # Creating gnunetdns group if needed + if ! getent group ${GNUNETDNS_GROUP} >/dev/null; then + echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:" + addgroup --quiet --system ${GNUNETDNS_GROUP} + echo " done." + fi + + # Copy the libnss_gns files to the libnss directory + if ${_LIBNSSWITCH}; then + echo "Editing /etc/nsswitch.conf to use GNS before DNS" + # $2 equals the currently installed version if it exists + if [ -z "$2" ]; then + # first install: setup the recommended configuration (unless + # nsswitch.conf already contains mdns entries) + insert_gns + if [ "$?" -gt 0 ]; then + echo "nsswitch does not exist on this system" + fi + fi + echo " done." + fi + + # # Change the proxy settings for Firefox and Chromium if desired + # if ${_PROXY} + # then + # mkdir -p /etc/X11/xinit/xinitrc.d/ + #cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF" + ##!/bin/bash + #systemctl --user daemon-reload + #systemctl --user start gnunet-user + #systemctl --user enable gnunet-user + #user=$(whoami) + #gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES') + # + ## Enable GNS proxy for new users informed by /etc/skel. + #if [ "$gnunet_proxy" ]; then + # + # # Calculate user specific port + # port=$((8000+$(id -u $user))) + # + # gnunet-config -c $HOME/.config/gnunet.conf \ + # --section=gns-proxy \ + # --option=OPTIONS \ + # --value="-p $port" + # + # # Firefox + # defaultprofile=$(ls $HOME/.mozilla/firefox/*.default) + # if [ ! "$defaultprofile" ];then + # timeout 3s firefox --headless # dirty: create profile if not existent + # fi + # for ffprofile in $HOME/.mozilla/firefox/*.*/; do + # js=$ffprofile/user.js + # if [ -f "$js" ]; then + # sed -i '/Preferences for using the GNU Name System/d' "$js" + # sed -i '/network.proxy.socks/d' "$js" + # sed -i '/network.proxy.socks_port/d' "$js" + # sed -i '/network.proxy.socks_remote_dns/d' "$js" + # sed -i '/network.proxy.type/d' "$js" + # fi + # echo "// Preferences for using the GNU Name System" >> "$js" + # echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js" + # echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js" + # echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js" + # echo "user_pref(\"network.proxy.type\", 1);" >> "$js" + # done + # + # # Chromium + # profile="$HOME/.profile" + # if [ -f "$profile" ]; then + # sed -i '/CHROMIUM_USER_FLAGS/d' "$profile" + # fi + # echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \ + # >> "$profile" + #fi + # + ## Create/Renew GNS certificate authority (CA) per user. + #gnunet-gns-proxy-setup-ca + #EOF + # fi + + # Update files and directories permissions. + # Assuming default values, this *should* not be changed. + echo -n "Updating files and directories permissions:" + # Secure access to the data directory + chmod 0700 "${GNUNET_HOME}" || true + # Restrict access on setuid binaries + for file in /usr/bin/gnunet-helper-exit \ + /usr/bin/gnunet-helper-nat-client \ + /usr/bin/gnunet-helper-nat-server \ + /usr/bin/gnunet-helper-transport-bluetooth \ + /usr/bin/gnunet-helper-transport-wlan \ + /usr/bin/gnunet-helper-vpn; do + # only do something when no setting exists + if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]; then + chown root:${_GROUPNAME} $file + chmod 4750 $file + fi + done + if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 && + [ -e /usr/bin/gnunet-helper-dns ]; then + chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns + chmod 4750 /usr/bin/gnunet-helper-dns + fi + if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 && + [ -e /usr/bin/gnunet-service-dns ]; then + chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns + chmod 2750 /usr/bin/gnunet-service-dns + fi + echo " done." + + echo "All done." + + ;; + +abort-upgrade | abort-remove | abort-deconfigure) ;; + +\ + \ + *) + echo "postinst called with unknown argument \`${1}'" >&2 + exit 1 + ;; esac #DEBHELPER# diff --git a/debian/gnunet.postrm b/debian/gnunet.postrm index 4b60c570a..592fe04a1 100644 --- a/debian/gnunet.postrm +++ b/debian/gnunet.postrm @@ -3,11 +3,11 @@ set -e remove_gns() { - # abort if /etc/nsswitch.conf does not exist - if ! [ -e /etc/nsswitch.conf ]; then - return - fi - perl -i -pe ' + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + return + fi + perl -i -pe ' my @remove=( "gns [NOTFOUND=return]", ); @@ -25,45 +25,41 @@ remove_gns() { _USERNAME="gnunet" _GROUPNAME="gnunet" GNUNETDNS_GROUP="gnunetdns" -if [ -e /usr/share/debconf/confmodule ] -then - . /usr/share/debconf/confmodule - db_version 2.0 +if [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_version 2.0 - db_get gnunet-dns/libnsswitch - _LIBNSSWITCH="${RET}" + db_get gnunet-dns/libnsswitch + _LIBNSSWITCH="${RET}" fi - case "${1}" in - purge) - if $_LIBNSSWITCH - then - rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 - rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 - rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 - remove_gns - fi +purge) + if $_LIBNSSWITCH; then + rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 + rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 + rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 + remove_gns + fi - rm -rf /var/log/gnunet.log /var/lib/gnunet /etc/default/gnunet - ;; + rm -rf /var/log/gnunet.log /var/lib/gnunet /etc/default/gnunet + ;; - remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) +remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) - if $_LIBNSSWITCH - then - rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 - rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 - rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 - remove_gns - fi + if $_LIBNSSWITCH; then + rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns.so.2 + rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns4.so.2 + rm -rf /usr/lib/x86_64-linux-gnu/usr/libnss_gns6.so.2 + remove_gns + fi - ;; + ;; - *) - echo "postrm called with unknown argument \`${1}'" >&2 - exit 1 - ;; +*) + echo "postrm called with unknown argument \`${1}'" >&2 + exit 1 + ;; esac #DEBHELPER# -- cgit v1.2.3