blob: a3d0358b843d8eeaaf11d0d5126d4160b86542fc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
#!/bin/sh
set -e
[ "$DPKG_MAINTSCRIPT_PACKAGE" ] && . /usr/share/debconf/confmodule
SSL_ROOT=/etc/postgresql-common/root.crt
setup_createclusterconf ()
{
[ "$DPKG_MAINTSCRIPT_PACKAGE" ] || return 0
db_get postgresql-common/ssl
case $RET in
true) SSL=on ;;
false) SSL=off ;;
*) return ;;
esac
CCTEMPLATE="/usr/share/postgresql-common/createcluster.conf"
CCTMP=`mktemp --tmpdir postgresql-common.XXXXXX`
trap "rm -f $CCTMP" 0 2 3 15
sed -e "s/^ssl =.*/ssl = $SSL/" $CCTEMPLATE > $CCTMP
chmod 644 $CCTMP
CCCONFIG="/etc/postgresql-common/createcluster.conf"
ucf --debconf-ok $CCTMP $CCCONFIG
ucfr postgresql-common $CCCONFIG
rm -f $CCTMP
}
if [ "$1" = configure ]; then
[ "$DPKG_MAINTSCRIPT_PACKAGE" ] && quiet="--quiet" # RedHat doesn't have this
# Make sure the administrative user exists
if ! getent passwd postgres > /dev/null; then
adduser --system $quiet --home /var/lib/postgresql --no-create-home \
--shell /bin/bash --group --gecos "PostgreSQL administrator" postgres
fi
# if the user was created manually, make sure the group is there as well
if ! getent group postgres > /dev/null; then
addgroup --system $quiet postgres
fi
# make sure postgres is in the postgres group
if ! id -Gn postgres | grep -qw postgres; then
adduser $quiet postgres postgres
fi
# check validity of postgres user and group
if [ "`id -u postgres`" -eq 0 ]; then
echo "The postgres system user must not have uid 0 (root).
Please fix this and reinstall this package." >&2
exit 1
fi
if [ "`id -g postgres`" -eq 0 ]; then
echo "The postgres system user must not have root as primary group.
Please fix this and reinstall this package." >&2
exit 1
fi
# ensure home directory ownership
mkdir -p /var/lib/postgresql
su -s /bin/sh postgres -c "test -O /var/lib/postgresql &&
test -G /var/lib/postgresql" || \
chown postgres:postgres /var/lib/postgresql
# config directory permissions
chown postgres:postgres /etc/postgresql
# nicer log directory permissions
mkdir -p /var/log/postgresql
chmod 1775 /var/log/postgresql
chown root:postgres /var/log/postgresql
# create socket directory
[ -d /var/run/postgresql ] || \
install -d -m 2775 -o postgres -g postgres /var/run/postgresql
# create default dummy root.crt if not present
if ! [ -e "$SSL_ROOT" ]; then
cat > "$SSL_ROOT" <<EOF
This is a dummy root certificate file for PostgreSQL. To enable client side
authentication, add some certificates to it. Client certificates must be signed
with any certificate in this file to be accepted.
A reasonable choice is to just symlink this file to
/etc/ssl/certs/ssl-cert-snakeoil.pem; in this case, client certificates need to
be signed by the postgresql server certificate, which might be desirable in
many cases. See chapter "Server Setup and Operation" in the PostgreSQL
documentation for details (in package postgresql-doc-9.2).
file:///usr/share/doc/postgresql-doc-9.2/html/ssl-tcp.html
EOF
fi
# Add postgres user to the ssl-cert group on fresh installs
# if not already in the group
if [ -z "$2" ]; then
if getent group ssl-cert >/dev/null; then
if ! id -Gn postgres 2> /dev/null | grep -qw ssl-cert; then
adduser $quiet postgres ssl-cert
fi
fi
fi
/usr/share/postgresql-common/pg_checksystem || true
# Create createcluster.conf from debconf
setup_createclusterconf
# Forget about ucf logrotate config handling
if dpkg --compare-versions "$2" lt 183~; then
LRCONFIG="/etc/logrotate.d/postgresql-common"
ucf --purge $LRCONFIG
ucfr --purge postgresql-common $LRCONFIG
fi
# Drop auto-generated conffile dropped in 215/229 + backups
rm -f /etc/apt/apt.conf.d/01autoremove-postgresql*
# Merge postmaster.1.gz (removed in PG16) alternatives with psql.1.gz (248)
if update-alternatives --list postmaster.1.gz >/dev/null 2>&1; then
. /usr/share/postgresql-common/maintscripts-functions
relink_postmaster_manpages
fi
# Create tsearch dictionaries on first install
if [ -z "$2" ]; then
pg_updatedicts
fi
# Reload systemd (we don't restart services on install) (#932360, #950726)
[ -d /run/systemd/system ] && systemctl --system daemon-reload >/dev/null || :
# Provide keyring symlink for pgdg systems using the old pgdg.list format (246)
pgdg_list="/etc/apt/sources.list.d/pgdg.list"
trusted_key="/etc/apt/trusted.gpg.d/apt.postgresql.org.gpg"
pgdg_key="/usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg"
if test -e $pgdg_list && ! test -e $trusted_key && ! grep -q signed-by $pgdg_list; then
ln -sv $pgdg_key $trusted_key
fi
fi
if [ "$1" = triggered ]; then
pg_updatedicts || true
db_stop
exit 0 # skip daemon restart below
fi
[ "$DPKG_MAINTSCRIPT_PACKAGE" ] && db_stop
#DEBHELPER#
if [ "$1" = configure ]; then
# update list of packages not to apt-autoremove (after dpkg-maintscript-helper possibly removed the old version)
/usr/share/postgresql-common/pg_updateaptconfig
fi
exit 0
|