1 files changed, 68 insertions, 0 deletions

diff --git a/debian/iproute2.postinst b/debian/iproute2.postinst
new file mode 100755
index 0000000..2adbca7
--- /dev/null
+++ b/debian/iproute2.postinst
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+set -e
+
+# Alternatively this check can be disabled by preseeding:
+#   echo "iproute2/setcaps boolean false" | debconf-set-selections
+
+. /usr/share/debconf/confmodule
+
+case "$1" in
+    configure)
+        if command -v setcap > /dev/null; then
+            db_get iproute2/setcaps
+
+            # Allow dpkg-reconfigure to remove caps
+            if test "$RET" = "true"; then
+                if ! setcap "cap_dac_override,cap_bpf,cap_net_admin=ep" /bin/ip; then
+                   echo "Setcap failed on /bin/ip, ip vrf exec will not be runnable by non-root" >&2
+                fi
+            else
+                # setcap -r fails if the xattr is not present
+                if getcap /bin/ip | grep -qs "/bin/ip"; then
+                    if ! setcap "-r" /bin/ip; then
+                       echo "Setcap -r failed on /bin/ip, could not remove capabilities" >&2
+                    fi
+                fi
+            fi
+        fi
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+# TODO: drop in forky
+if [ "$1" = "configure" ] && [ -n "$2" ] &&  dpkg --compare-versions "$2" lt 6.5.0-4~; then
+    # If any of the config files that used to ship in /etc before were modified
+    # locally, then try to copy them back as overrides, but don't fail if it
+    # cannot be done for any weird reason, as is it not crucial for iproute2's
+    # functionality
+    for f in /etc/iproute2/group /etc/iproute2/rt_realms /etc/iproute2/rt_scopes /etc/iproute2/rt_tables /etc/iproute2/rt_tables.d/README /etc/iproute2/rt_protos.d/README /etc/iproute2/rt_protos /etc/iproute2/rt_dsfield /etc/iproute2/nl_protos /etc/iproute2/ematch_map /etc/iproute2/bpf_pinning; do
+        if [ -f "${f}.dpkg-bak" ]; then
+            mv "${f}.dpkg-bak" "${f}" || true
+        fi
+    done
+
+    if [ -d /etc/iproute2/rt_protos.d/ ]; then
+        rmdir --ignore-fail-on-non-empty /etc/iproute2/rt_protos.d
+    fi
+    if [ -d /etc/iproute2/rt_tables.d/ ]; then
+        rmdir --ignore-fail-on-non-empty /etc/iproute2/rt_tables.d
+    fi
+    if [ -d /etc/iproute2/ ]; then
+        rmdir --ignore-fail-on-non-empty /etc/iproute2
+    fi
+fi
+
+exit 0