/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to debian/mandos.postinst

  • Committer: Teddy Hogeborn
  • Date: 2008-07-19 18:43:24 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080719184324-iwhoa5in75xa0u2u
* mandos-clients.conf ([foo]/dn, [foo]/password, [braxen_client]/dn,
                       [braxen_client]/password): Removed.
  ([foo]/fingerprint, [braxen_client]/fingerprint): New.
  ([foo]/checker): New.
  ([foo]/secfile): New.
  ([braxen_client]/secret): New.

* server.py: New "--debug" option to set debug flag.  Removed "cert",
             "key", "ca", "crl", and "cred" variables.  Added default
             value for "checker" config file setting.  Do not pass
             credentials to IPv6_TCPServer constructor.
  (debug): New global debug flag.  Used by most debugging output code.
  (Client.__init__): Keyword argument "dn" replaced by "fingerprint",
                     "password" renamed to "secret", and "passfile"
                     renamed to "secfile".  New keyword argument
                     "checker". All callers changed.
  (Client.dn): Removed.
  (Client.fingerprint): New.
  (Client.password): Renamed to "secret"; all users changed.
  (Client.passfile): Renamed to "secfile"; all users changed.
  (Client.timeout, Client.interval): Changed to be properties; now
                                     automatically updates the
                                     "_timeout_milliseconds" and
                                     "_interval_milliseconds" values.
  (Client.timeout_milliseconds): Renamed to "_timeout_milliseconds".
  (Client.interval_milliseconds): Renamed to "_interval_milliseconds".
  (Client.check_command): New.
  (Client.start_checker): Use the new "check_command" attribute.
  (peer_certificate, fingerprint): New functions.

  (tcp_handler.handle): Use ClientSession with empty credentials
                        object instead of ServerSession.  Set gnutls
                        priority string.  Do not verify peer.  Use
                        fingerprint instead of DN when searching for
                        clients.  Bug fix: Loop sending data so even large
                        secret data strings are sent.
  (IPv6_TCPServer.credentials): Removed.
  (if_nametoindex): Do not import ctypes since that is now imported
                    globally.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
#!/bin/sh -e
2
 
# This script can be called in the following ways:
3
 
#
4
 
# After the package was installed:
5
 
#       <postinst> configure <old-version>
6
 
#
7
 
#
8
 
# If prerm fails during upgrade or fails on failed upgrade:
9
 
#       <old-postinst> abort-upgrade <new-version>
10
 
#
11
 
# If prerm fails during deconfiguration of a package:
12
 
#       <postinst> abort-deconfigure in-favour <new-package> <version>
13
 
#                  removing <old-package> <version>
14
 
#
15
 
# If prerm fails during replacement due to conflict:
16
 
#       <postinst> abort-remove in-favour <new-package> <version>
17
 
 
18
 
case "$1" in
19
 
    configure)
20
 
        # Rename old "mandos" user and group
21
 
        case "`getent passwd mandos`" in
22
 
            *:Mandos\ password\ system,,,:/nonexistent:/bin/false)
23
 
                usermod --login _mandos mandos
24
 
                groupmod --new-name _mandos mandos
25
 
                ;;
26
 
        esac
27
 
        # Create new user and group
28
 
        if ! getent passwd _mandos >/dev/null; then
29
 
            adduser --system --force-badname --quiet \
30
 
                --home /nonexistent --no-create-home --group \
31
 
                --disabled-password --gecos "Mandos password system" \
32
 
                _mandos
33
 
        fi
34
 
        ;;
35
 
 
36
 
    abort-upgrade|abort-deconfigure|abort-remove)
37
 
        ;;
38
 
 
39
 
    *)
40
 
        echo "$0 called with unknown argument '$1'" 1>&2
41
 
        exit 1
42
 
        ;;
43
 
esac
44
 
 
45
 
#DEBHELPER#
46
 
 
47
 
exit 0