#!/bin/sh set -e # Alternatively this check can be disabled by preseeding: # echo "iproute2/setcaps boolean false" | debconf-set-selections . /usr/share/debconf/confmodule case "$1" in configure) if command -v setcap > /dev/null; then db_get iproute2/setcaps # Allow dpkg-reconfigure to remove caps if test "$RET" = "true"; then if ! setcap "cap_dac_override,cap_bpf,cap_net_admin=ep" /bin/ip; then echo "Setcap failed on /bin/ip, ip vrf exec will not be runnable by non-root" >&2 fi else # setcap -r fails if the xattr is not present if getcap /bin/ip | grep -qs "/bin/ip"; then if ! setcap "-r" /bin/ip; then echo "Setcap -r failed on /bin/ip, could not remove capabilities" >&2 fi fi fi fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# # TODO: drop in forky if [ "$1" = "configure" ] && [ -n "$2" ] && dpkg --compare-versions "$2" lt 6.5.0-4~; then # If any of the config files that used to ship in /etc before were modified # locally, then try to copy them back as overrides, but don't fail if it # cannot be done for any weird reason, as is it not crucial for iproute2's # functionality for f in /etc/iproute2/group /etc/iproute2/rt_realms /etc/iproute2/rt_scopes /etc/iproute2/rt_tables /etc/iproute2/rt_tables.d/README /etc/iproute2/rt_protos.d/README /etc/iproute2/rt_protos /etc/iproute2/rt_dsfield /etc/iproute2/nl_protos /etc/iproute2/ematch_map /etc/iproute2/bpf_pinning; do if [ -f "${f}.dpkg-bak" ]; then mv "${f}.dpkg-bak" "${f}" || true fi done if [ -d /etc/iproute2/rt_protos.d/ ]; then rmdir --ignore-fail-on-non-empty /etc/iproute2/rt_protos.d fi if [ -d /etc/iproute2/rt_tables.d/ ]; then rmdir --ignore-fail-on-non-empty /etc/iproute2/rt_tables.d fi if [ -d /etc/iproute2/ ]; then rmdir --ignore-fail-on-non-empty /etc/iproute2 fi fi exit 0