/mandos/release

#!/bin/sh

# This script can be called in the following ways:

#

# After the package was installed:

#       <postinst> configure <old-version>

#

#

# If prerm fails during upgrade or fails on failed upgrade:

#       <old-postinst> abort-upgrade <new-version>

#

# If prerm fails during deconfiguration of a package:

#       <postinst> abort-deconfigure in-favour <new-package> <version>

#                  removing <old-package> <version>

#

# If prerm fails during replacement due to conflict:

#       <postinst> abort-remove in-favour <new-package> <version>

. /usr/share/debconf/confmodule

set -e

case "$1" in

    configure)

	# Rename old "mandos" user and group

	if dpkg --compare-versions "$2" lt "1.0.3-1"; then

	    case "`getent passwd mandos`" in

		*:Mandos\ password\ system,,,:/nonexistent:/bin/false)

		    usermod --login _mandos mandos

		    groupmod --new-name _mandos mandos

		    ;;

	    esac

	fi

	# Create new user and group

	if ! getent passwd _mandos >/dev/null; then

	    adduser --system --force-badname --quiet \

		--home /nonexistent --no-create-home --group \

		--disabled-password --gecos "Mandos password system" \

		_mandos

	elif dpkg --compare-versions "$2" eq 1.7.4-1 \

		|| dpkg --compare-versions "$2" eq "1.7.4-1~bpo8+1"

	then

	    start=no

	    if ! [ -f /var/lib/mandos/clients.pickle ]; then

		invoke-rc.d mandos stop

		start=yes

	    fi

	    chown _mandos:_mandos /var/lib/mandos/clients.pickle \

		  2>/dev/null || :

	    if [ "$start" = yes ]; then

		invoke-rc.d mandos start

	    fi

	fi

	# Reload D-Bus daemon to be aware of the _mandos user & group

	if [ -x /etc/init.d/dbus ]; then

	    invoke-rc.d dbus force-reload || :

	fi

	if ! dpkg-statoverride --list "/var/lib/mandos" >/dev/null \

	     2>&1; then

	    chown _mandos:_mandos /var/lib/mandos

	    chmod u=rwx,go= /var/lib/mandos

	fi

	if dpkg --compare-versions "$2" eq "1.8.0-1" \

		|| dpkg --compare-versions "$2" eq "1.8.0-1~bpo9+1"; then

	    if grep --quiet --regexp='^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$' /etc/mandos/clients.conf; then

		sed --in-place \

		    --expression='/^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$/d' \

		    /etc/mandos/clients.conf

		invoke-rc.d mandos restart

		db_version 2.0

		db_fset mandos/removed_bad_key_ids seen false

		db_reset mandos/removed_bad_key_ids

		db_input critical mandos/removed_bad_key_ids || true

		db_go

		db_stop

	    fi

	fi

	gnutls_version=$(dpkg-query --showformat='${Version}' \

				    --show libgnutls30 \

				    2>/dev/null || :)

	if [ -n "$gnutls_version" ] \

	       && dpkg --compare-versions $gnutls_version ge 3.6.6; then

	    db_version 2.0

	    db_input critical mandos/key_id || true

	    db_go

	    db_stop

	fi

	;;

    abort-upgrade|abort-deconfigure|abort-remove)

	;;

    *)

	echo "$0 called with unknown argument '$1'" 1>&2

	exit 1

	;;

esac

# Avahi version 0.6.31-2 and older provides "avahi" (instead of

# "avahi-daemon") in its /etc/init.d script header.  To make

# insserv(8) happy, we edit our /etc/init.d script header to contain

# the correct string before the code added by dh_installinit calls

# update.rc-d, which calls insserv.

avahi_version="`dpkg-query --showformat='${Version}' --show avahi-daemon`"

if dpkg --compare-versions "$avahi_version" le 0.6.31-2; then

    sed --in-place --expression='/^### BEGIN INIT INFO$/,/^### END INIT INFO$/s/^\(# Required-\(Stop\|Start\):.*avahi\)-daemon\>/\1/g' /etc/init.d/mandos

fi

#DEBHELPER#

exit 0