summaryrefslogtreecommitdiffstats
path: root/debian/postgresql-common.postinst
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:02:19 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:02:19 +0000
commit670c19c1ec189d5831be4a4c09099036da4635ad (patch)
tree9e929200d3abb9b52d685695db2a72e02718b243 /debian/postgresql-common.postinst
parentAdding upstream version 248. (diff)
downloadpostgresql-common-debian.tar.xz
postgresql-common-debian.zip
Adding debian version 248.debian/248debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/postgresql-common.postinst')
-rw-r--r--debian/postgresql-common.postinst153
1 files changed, 153 insertions, 0 deletions
diff --git a/debian/postgresql-common.postinst b/debian/postgresql-common.postinst
new file mode 100644
index 0000000..58b7ece
--- /dev/null
+++ b/debian/postgresql-common.postinst
@@ -0,0 +1,153 @@
+#!/bin/sh
+
+set -e
+[ "$DPKG_MAINTSCRIPT_PACKAGE" ] && . /usr/share/debconf/confmodule
+
+SSL_ROOT=/etc/postgresql-common/root.crt
+
+setup_createclusterconf ()
+{
+ [ "$DPKG_MAINTSCRIPT_PACKAGE" ] || return 0
+ db_get postgresql-common/ssl
+ case $RET in
+ true) SSL=on ;;
+ false) SSL=off ;;
+ *) return ;;
+ esac
+
+ CCTEMPLATE="/usr/share/postgresql-common/createcluster.conf"
+ CCTMP=`mktemp --tmpdir postgresql-common.XXXXXX`
+ trap "rm -f $CCTMP" 0 2 3 15
+ sed -e "s/^ssl =.*/ssl = $SSL/" $CCTEMPLATE > $CCTMP
+ chmod 644 $CCTMP
+ CCCONFIG="/etc/postgresql-common/createcluster.conf"
+ ucf --debconf-ok $CCTMP $CCCONFIG
+ ucfr postgresql-common $CCCONFIG
+ rm -f $CCTMP
+}
+
+if [ "$1" = configure ]; then
+ [ "$DPKG_MAINTSCRIPT_PACKAGE" ] && quiet="--quiet" # RedHat doesn't have this
+ # Make sure the administrative user exists
+ if ! getent passwd postgres > /dev/null; then
+ adduser --system $quiet --home /var/lib/postgresql --no-create-home \
+ --shell /bin/bash --group --gecos "PostgreSQL administrator" postgres
+ fi
+ # if the user was created manually, make sure the group is there as well
+ if ! getent group postgres > /dev/null; then
+ addgroup --system $quiet postgres
+ fi
+ # make sure postgres is in the postgres group
+ if ! id -Gn postgres | grep -qw postgres; then
+ adduser $quiet postgres postgres
+ fi
+
+ # check validity of postgres user and group
+ if [ "`id -u postgres`" -eq 0 ]; then
+ echo "The postgres system user must not have uid 0 (root).
+Please fix this and reinstall this package." >&2
+ exit 1
+ fi
+ if [ "`id -g postgres`" -eq 0 ]; then
+ echo "The postgres system user must not have root as primary group.
+Please fix this and reinstall this package." >&2
+ exit 1
+ fi
+
+ # ensure home directory ownership
+ mkdir -p /var/lib/postgresql
+ su -s /bin/sh postgres -c "test -O /var/lib/postgresql &&
+ test -G /var/lib/postgresql" || \
+ chown postgres:postgres /var/lib/postgresql
+
+ # config directory permissions
+ chown postgres:postgres /etc/postgresql
+
+ # nicer log directory permissions
+ mkdir -p /var/log/postgresql
+ chmod 1775 /var/log/postgresql
+ chown root:postgres /var/log/postgresql
+
+ # create socket directory
+ [ -d /var/run/postgresql ] || \
+ install -d -m 2775 -o postgres -g postgres /var/run/postgresql
+
+ # create default dummy root.crt if not present
+ if ! [ -e "$SSL_ROOT" ]; then
+ cat > "$SSL_ROOT" <<EOF
+This is a dummy root certificate file for PostgreSQL. To enable client side
+authentication, add some certificates to it. Client certificates must be signed
+with any certificate in this file to be accepted.
+
+A reasonable choice is to just symlink this file to
+/etc/ssl/certs/ssl-cert-snakeoil.pem; in this case, client certificates need to
+be signed by the postgresql server certificate, which might be desirable in
+many cases. See chapter "Server Setup and Operation" in the PostgreSQL
+documentation for details (in package postgresql-doc-9.2).
+
+ file:///usr/share/doc/postgresql-doc-9.2/html/ssl-tcp.html
+EOF
+ fi
+
+ # Add postgres user to the ssl-cert group on fresh installs
+ # if not already in the group
+ if [ -z "$2" ]; then
+ if getent group ssl-cert >/dev/null; then
+ if ! id -Gn postgres 2> /dev/null | grep -qw ssl-cert; then
+ adduser $quiet postgres ssl-cert
+ fi
+ fi
+ fi
+
+ if [ "$2" ]; then
+ /usr/share/postgresql-common/run-upgrade-scripts "$2" || true
+ fi
+
+ /usr/share/postgresql-common/pg_checksystem || true
+
+ # Create createcluster.conf from debconf
+ setup_createclusterconf
+
+ # Forget about ucf logrotate config handling
+ if dpkg --compare-versions "$2" lt 183~; then
+ LRCONFIG="/etc/logrotate.d/postgresql-common"
+ ucf --purge $LRCONFIG
+ ucfr --purge postgresql-common $LRCONFIG
+ fi
+
+ # Drop auto-generated conffile dropped in 215/229 + backups
+ rm -f /etc/apt/apt.conf.d/01autoremove-postgresql*
+
+ # Create tsearch dictionaries on first install
+ if [ -z "$2" ]; then
+ pg_updatedicts
+ fi
+
+ # Reload systemd (we don't restart services on install) (#932360, #950726)
+ [ -d /run/systemd/system ] && systemctl --system daemon-reload >/dev/null || :
+
+ # Provide keyring symlink for pgdg systems using the old pgdg.list format
+ pgdg_list="/etc/apt/sources.list.d/pgdg.list"
+ trusted_key="/etc/apt/trusted.gpg.d/apt.postgresql.org.gpg"
+ pgdg_key="/usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg"
+ if test -e $pgdg_list && ! test -e $trusted_key && ! grep -q signed-by $pgdg_list; then
+ ln -sv $pgdg_key $trusted_key
+ fi
+fi
+
+if [ "$1" = triggered ]; then
+ pg_updatedicts || true
+ db_stop
+ exit 0 # skip daemon restart below
+fi
+
+[ "$DPKG_MAINTSCRIPT_PACKAGE" ] && db_stop
+
+#DEBHELPER#
+
+if [ "$1" = configure ]; then
+ # update list of packages not to apt-autoremove (after dpkg-maintscript-helper possibly removed the old version)
+ /usr/share/postgresql-common/pg_updateaptconfig
+fi
+
+exit 0