/mandos/trunk : contents of debian/mandos-client.postinst at revision 768

: (revision 768)

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

505.1.13 by Teddy Hogeborn Miscellaneous fixes prompted by lintian:	1	#!/bin/sh
185 by Teddy Hogeborn * .bzr-builddeb/default.conf: New.	2	# This script can be called in the following ways:
	3	#
	4	# After the package was installed:
	5	# <postinst> configure <old-version>
	6	#
	7	#
	8	# If prerm fails during upgrade or fails on failed upgrade:
	9	# <old-postinst> abort-upgrade <new-version>
	10	#
	11	# If prerm fails during deconfiguration of a package:
	12	# <postinst> abort-deconfigure in-favour <new-package> <version>
	13	# removing <old-package> <version>
	14	#
	15	# If prerm fails during replacement due to conflict:
	16	# <postinst> abort-remove in-favour <new-package> <version>
	17
505.1.13 by Teddy Hogeborn Miscellaneous fixes prompted by lintian:	18	set -e
	19
195 by Teddy Hogeborn * debian/control (mandos, mandos-client): Depend on "adduser".	20	# Update the initial RAM file system image
185 by Teddy Hogeborn * .bzr-builddeb/default.conf: New.	21	update_initramfs()
185 by Teddy Hogeborn * .bzr-builddeb/default.conf: New.	22	{
195 by Teddy Hogeborn * debian/control (mandos, mandos-client): Depend on "adduser".	23	if [ -x /usr/sbin/update-initramfs ]; then
	24	update-initramfs -u -k all
	25	fi
237.2.21 by Teddy Hogeborn * debian/mandos-client.postinst: Secure permissions of old	26
	27	if dpkg --compare-versions "$2" lt-nl "1.0.10-1"; then
	28	# Make old initrd.img files unreadable too, in case they were
	29	# created with mandos-client 1.0.8 or older.
237.2.22 by Teddy Hogeborn * debian/mandos-client.postinst (update_initramfs): Bug fix: typo.	30	find /boot -maxdepth 1 -type f -name "initrd.img-*.bak" \
	31	-print0 \| xargs --null --no-run-if-empty chmod o-r
237.2.21 by Teddy Hogeborn * debian/mandos-client.postinst: Secure permissions of old	32	fi
185 by Teddy Hogeborn * .bzr-builddeb/default.conf: New.	33	}
185 by Teddy Hogeborn * .bzr-builddeb/default.conf: New.	34
190 by Teddy Hogeborn * debian/mandos-client.postinst: Use "type" instead of "which". Split	35	# Add user and group
	36	add_mandos_user(){
238 by Teddy Hogeborn First version of a somewhat complete D-Bus server interface. Also	37	# Rename old "mandos" user and group
348 by Teddy Hogeborn * debian/mandos-client.postinst (configure): Don't look for user and	38	if dpkg --compare-versions "$2" lt "1.0.3-1"; then
	39	case "`getent passwd mandos`" in
	40	*:Mandos\ password\ system,,,:/nonexistent:/bin/false)
	41	usermod --login _mandos mandos
	42	groupmod --new-name _mandos mandos
	43	return
	44	;;
	45	esac
	46	fi
238 by Teddy Hogeborn First version of a somewhat complete D-Bus server interface. Also	47	# Create new user and group
	48	if ! getent passwd _mandos >/dev/null; then
	49	adduser --system --force-badname --quiet --home /nonexistent \
	50	--no-create-home --group --disabled-password \
	51	--gecos "Mandos password system" _mandos
190 by Teddy Hogeborn * debian/mandos-client.postinst: Use "type" instead of "which". Split	52	fi
	53	}
	54
	55	# Create client key pair
	56	create_key(){
194 by Teddy Hogeborn * debian/mandos-client.postinst (create_key): Do not abort on existing	57	if [ -r /etc/keys/mandos/pubkey.txt \
	58	-a -r /etc/keys/mandos/seckey.txt ]; then
	59	return 0
	60	fi
195 by Teddy Hogeborn * debian/control (mandos, mandos-client): Depend on "adduser".	61	if [ -x /usr/sbin/mandos-keygen ]; then
194 by Teddy Hogeborn * debian/mandos-client.postinst (create_key): Do not abort on existing	62	mandos-keygen
	63	fi
190 by Teddy Hogeborn * debian/mandos-client.postinst: Use "type" instead of "which". Split	64	}
	65
765 by Teddy Hogeborn Install client Diffie-Hellman parameters into initramfs.	66	create_dh_params(){
766 by Teddy Hogeborn Rename the "client-dhparams.pem" file to simply "dhparams.pem".	67	if [ -r /etc/keys/mandos/dhparams.pem ]; then
765 by Teddy Hogeborn Install client Diffie-Hellman parameters into initramfs.	68	return 0
	69	fi
	70	# Create a Diffe-Hellman parameters file
	71	DHFILE="`mktemp -t mandos-client-dh-parameters.XXXXXXXXXX.pem`"
	72	# First try certtool from GnuTLS
	73	if ! certtool --generate-dh-params --sec-param high \
	74	--outfile "$DHFILE"; then
	75	# Otherwise try OpenSSL
	76	if ! openssl genpkey -genparam -algorithm DH -out "$DHFILE" \
	77	-pkeyopt dh_paramgen_prime_len:3072; then
	78	# None of the commands succeded; give up
	79	rm -- "$DHFILE"
	80	return 1
	81	fi
	82	fi
	83	sed --in-place --expression='0,/^-----BEGIN DH PARAMETERS-----$/d' \
	84	"$DHFILE"
	85	sed --in-place --expression='1i-----BEGIN DH PARAMETERS-----' \
	86	"$DHFILE"
766 by Teddy Hogeborn Rename the "client-dhparams.pem" file to simply "dhparams.pem".	87	cp --archive "$DHFILE" /etc/keys/mandos/dhparams.pem
765 by Teddy Hogeborn Install client Diffie-Hellman parameters into initramfs.	88	rm -- "$DHFILE"
	89	}
	90
185 by Teddy Hogeborn * .bzr-builddeb/default.conf: New.	91	case "$1" in
185 by Teddy Hogeborn * .bzr-builddeb/default.conf: New.	92	configure)
237.2.21 by Teddy Hogeborn * debian/mandos-client.postinst: Secure permissions of old	93	add_mandos_user "$@"
	94	create_key "$@"
765 by Teddy Hogeborn Install client Diffie-Hellman parameters into initramfs.	95	create_dh_params "$@" \|\| :
237.2.21 by Teddy Hogeborn * debian/mandos-client.postinst: Secure permissions of old	96	update_initramfs "$@"
185 by Teddy Hogeborn * .bzr-builddeb/default.conf: New.	97	;;
	98	abort-upgrade\|abort-deconfigure\|abort-remove)
	99	;;
	100
	101	*)
275 by Teddy Hogeborn * debian/mandos-client.postinst: Converted to Bourne shell. Also	102	echo "$0 called with unknown argument '$1'" 1>&2
185 by Teddy Hogeborn * .bzr-builddeb/default.conf: New.	103	exit 1
	104	;;
	105	esac
	106
	107	#DEBHELPER#
	108
	109	exit 0