/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to debian/mandos.postinst

  • Committer: Teddy Hogeborn
  • Date: 2016-03-07 23:39:36 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 337.
  • Revision ID: teddy@recompile.se-20160307233936-mhgpxhggamde443n
Server bug fix: Include CAP_SETGID so it does not run as root

* debian/mandos.postinst (configure): If old version was 1.7.4-1 or
  1.7.4-1~bpo8+1, fix situation where clients.pickle file is owned by
  root.
* mandos (main): Print debug info about setuid() and setgid()
* mandos.service ([Service]/CapabilityBoundingSet): Add "CAP_KILL
  CAP_SETGID"; the latter is needed for setgid() to be allowed.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/mandos.postinst
15
15
# If prerm fails during replacement due to conflict:
16
16
#       <postinst> abort-remove in-favour <new-package> <version>
17
17
 
18
 
. /usr/share/debconf/confmodule
19
 
 
20
18
set -e
21
19
 
22
20
case "$1" in
50
48
                invoke-rc.d mandos start
51
49
            fi
52
50
        fi
53
 
        # Reload D-Bus daemon to be aware of the _mandos user & group
54
 
        if [ -x /etc/init.d/dbus ]; then
55
 
            invoke-rc.d dbus force-reload || :
56
 
        fi
57
 
        if ! dpkg-statoverride --list "/var/lib/mandos" >/dev/null \
58
 
             2>&1; then
59
 
            chown _mandos:_mandos /var/lib/mandos
60
 
            chmod u=rwx,go= /var/lib/mandos
61
 
        fi
62
 
 
63
 
        if dpkg --compare-versions "$2" eq "1.8.0-1" \
64
 
                || dpkg --compare-versions "$2" eq "1.8.0-1~bpo9+1"; then
65
 
            if grep --quiet --regexp='^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$' /etc/mandos/clients.conf; then
66
 
                sed --in-place \
67
 
                    --expression='/^[[:space:]]*key_id[[:space:]]*=[[:space:]]*[Ee]3[Bb]0[Cc]44298[Ff][Cc]1[Cc]149[Aa][Ff][Bb][Ff]4[Cc]8996[Ff][Bb]92427[Aa][Ee]41[Ee]4649[Bb]934[Cc][Aa]495991[Bb]7852[Bb]855[[:space:]]*$/d' \
68
 
                    /etc/mandos/clients.conf
69
 
                invoke-rc.d mandos restart
70
 
                db_version 2.0
71
 
                db_fset mandos/removed_bad_key_ids seen false
72
 
                db_reset mandos/removed_bad_key_ids
73
 
                db_input critical mandos/removed_bad_key_ids || true
74
 
                db_go
75
 
                db_stop
76
 
            fi
77
 
        fi
78
 
 
79
 
        gnutls_version=$(dpkg-query --showformat='${Version}' \
80
 
                                    --show libgnutls30 \
81
 
                                    2>/dev/null || :)
82
 
        if [ -n "$gnutls_version" ] \
83
 
               && dpkg --compare-versions $gnutls_version ge 3.6.6; then
84
 
            db_version 2.0
85
 
            db_input critical mandos/key_id || true
86
 
            db_go
87
 
            db_stop
88
 
        fi
 
51
        chown _mandos:_mandos /var/lib/mandos
89
52
        ;;
90
53
    
91
54
    abort-upgrade|abort-deconfigure|abort-remove)