summaryrefslogtreecommitdiffstats
path: root/debian/frr.postinst
blob: 9c9b4a821c65f5bf163b1d8086d98eb0ee6428cb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/bin/sh
set -e

# most of this file makes sense to execute regardless of whether this is any
# of normal "configure" or error-handling "abort-upgrade", "abort-remove" or
# "abort-deconfigure"

addgroup --system frrvty
addgroup --system frr
adduser \
	--system \
	--ingroup frr \
	--home /nonexistent \
	--gecos "Frr routing suite" \
	--no-create-home \
	frr
usermod -a -G frrvty frr

mkdir -m 0755 -p /var/log/frr
mkdir -m 0700 -p /var/lib/frr
mkdir -p /etc/frr

chown frr: /var/lib/frr

# only change ownership of files when they were previously owned by root or
# quagga; this is to ensure we don't trample over some custom user setup.
#
# if we are on a freshly installed package (or we added new configfiles),
# the files should be owned by root by default so we should end up with "frr"
# owned configfiles.

quaggauid=`id -u quagga 2>/dev/null || echo 0`
quaggagid=`id -g quagga 2>/dev/null || echo 0`

find \
	/etc/frr \
	/var/log/frr \
		\( -uid 0 -o -uid $quaggauid \) -a \
		\( -gid 0 -o -gid $quaggauid \) | \
	while read filename; do

	# don't chown anything that has ACLs (but don't fail if we don't
	# have getfacl)
	if { getfacl -c "$filename" 2>/dev/null || true; } \
		| grep -E -q -v '^((user|group|other)::|$)'; then
		:
	else
		chown frr: "$filename"
		chmod o-rwx "$filename"
	fi
done

# fix misconfigured vtysh.conf & frr.conf ownership caused by config save
# mishandling in earlier FRR (and Quagga) versions
find /etc/frr -maxdepth 1 \( -name vtysh.conf -o -name frr.conf \) \
	-group frrvty -exec chgrp frr {} \;

# more Quagga -> FRR upgrade smoothing.  Not technically needed, but let's
# at least do the straightforward pieces.

check_old_config() {
	oldcfg="$1"
	[ -r "$oldcfg" ] || return 0
	[ -s "$oldcfg" ] || return 0
	grep -v '^[[:blank:]]*\(#\|$\)' "$oldcfg" > /dev/null || return 0

	cat >&2 <<EOF
Note: deprecated $oldcfg is present. This file is still read by
the FRR service but its contents should be migrated to /etc/frr/daemons.
EOF
}

rmsum() {
	fname="$1"
	test -f "$1" || return 0
	fhash="`sha1sum \"$fname\"`"
	fhash="${fhash%% *}"
	if test "$fhash" = "$2"; then
		rm "$fname"
	fi
}

case "$1" in
configure)
	check_old_config /etc/frr/daemons.conf
	check_old_config /etc/default/frr
	if test -f /etc/frr/.pkg.frr.nointegrated; then
		# remove integrated config setup
		# (if checksums match, the files match freshly installed
		# defaults, but the user has split config in place)
		rmsum /etc/frr/vtysh.conf 5e7e3a488c51751e1ff98f27c9ad6085e1ad9cbb
		rmsum /etc/frr/frr.conf   dac6f2af4fca9919ba40eb338885a5d1773195c8
		rm /etc/frr/.pkg.frr.nointegrated
	fi
	;;
esac

#DEBHELPER#