blob: adc86b8326cc42406b7d272f882f1c0600b5fa0c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
#!/bin/sh
# postinst script for chrony
#
# see: dh_installdeb(1)
set -e
# targets: configure|abort-upgrade|abort-remove|abort-deconfigure
case "$1" in
configure)
if ! getent passwd _chrony > /dev/null 2>&1
then
echo "Creating '_chrony' system user/group for the chronyd daemon…"
adduser --force-badname \
--system \
--group \
--quiet \
--gecos "Chrony daemon" \
--home /var/lib/chrony \
--no-create-home _chrony
fi
# Change the owner of "/var/l{ib,og}/chrony" directories and their
# subfiles to "_chrony" only if the user has not set the "user"
# directive in chrony.conf
if ! grep "^user" /etc/chrony/chrony.conf > /dev/null 2>&1; then
chown _chrony:_chrony /var/lib/chrony
if [ -d /var/log/chrony ]; then
chown _chrony:_chrony /var/log/chrony
fi
fi
# Before version 2.2.1-1, we used to create the chrony.keys file from
# the post-installation script and fed it with a random command password.
# Since that command password isn’t needed anymore, a simple key file
# template has been created which is then copied to its destination by ucf.
# The consequence of this move was a prompt presented to the user on
# upgrade even if the key file has been unmodified; this is a violation
# of Debian policy § 10.7.3! The script below workaround that issue by
# deleting the key file when upgrading from chrony < 2.2.1-1 iff a single
# key if found in the file and that the key ID correspond to the ID
# specified by the commandkey ID found in “chrony.conf” and that the
# original key file has the same modes and owners than the new template
# key file.
# Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820087
if [ -n "$2" ] && dpkg --compare-versions "$2" lt "2.2.1-1"; then
commandkey_id=$(awk '$1 ~ /^commandkey$/ { print $2; exit }' /etc/chrony/chrony.conf)
key_id=$(awk '{ print $1; exit }' /etc/chrony/chrony.keys)
orig_keyfile_perm=$(stat -c "%a%u%g" /etc/chrony/chrony.keys 2> /dev/null)
keyfile_tml_perm=$(stat -c "%a%u%g" /usr/share/chrony/chrony.keys 2> /dev/null)
if [ "$(grep -c "^[0-9]" /etc/chrony/chrony.keys)" -eq 1 ] &&
[ "$commandkey_id" -eq "$key_id" ] 2>/dev/null &&
[ "$orig_keyfile_perm" = "$keyfile_tml_perm" ]; then
rm -f /etc/chrony/chrony.keys
fi
fi
if command -v ucf >/dev/null
then
ucf --three-way /usr/share/chrony/chrony.conf /etc/chrony/chrony.conf
ucf --three-way /usr/share/chrony/chrony.keys /etc/chrony/chrony.keys
if [ -x "$(command -v ucfr)" ]; then
ucfr chrony /etc/chrony/chrony.conf
ucfr chrony /etc/chrony/chrony.keys
fi
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
|
