diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:02:19 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:02:19 +0000 |
commit | 670c19c1ec189d5831be4a4c09099036da4635ad (patch) | |
tree | 9e929200d3abb9b52d685695db2a72e02718b243 /debian/postgresql-common.postinst | |
parent | Adding upstream version 248. (diff) | |
download | postgresql-common-debian.tar.xz postgresql-common-debian.zip |
Adding debian version 248.debian/248debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/postgresql-common.postinst')
-rw-r--r-- | debian/postgresql-common.postinst | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/debian/postgresql-common.postinst b/debian/postgresql-common.postinst new file mode 100644 index 0000000..58b7ece --- /dev/null +++ b/debian/postgresql-common.postinst @@ -0,0 +1,153 @@ +#!/bin/sh + +set -e +[ "$DPKG_MAINTSCRIPT_PACKAGE" ] && . /usr/share/debconf/confmodule + +SSL_ROOT=/etc/postgresql-common/root.crt + +setup_createclusterconf () +{ + [ "$DPKG_MAINTSCRIPT_PACKAGE" ] || return 0 + db_get postgresql-common/ssl + case $RET in + true) SSL=on ;; + false) SSL=off ;; + *) return ;; + esac + + CCTEMPLATE="/usr/share/postgresql-common/createcluster.conf" + CCTMP=`mktemp --tmpdir postgresql-common.XXXXXX` + trap "rm -f $CCTMP" 0 2 3 15 + sed -e "s/^ssl =.*/ssl = $SSL/" $CCTEMPLATE > $CCTMP + chmod 644 $CCTMP + CCCONFIG="/etc/postgresql-common/createcluster.conf" + ucf --debconf-ok $CCTMP $CCCONFIG + ucfr postgresql-common $CCCONFIG + rm -f $CCTMP +} + +if [ "$1" = configure ]; then + [ "$DPKG_MAINTSCRIPT_PACKAGE" ] && quiet="--quiet" # RedHat doesn't have this + # Make sure the administrative user exists + if ! getent passwd postgres > /dev/null; then + adduser --system $quiet --home /var/lib/postgresql --no-create-home \ + --shell /bin/bash --group --gecos "PostgreSQL administrator" postgres + fi + # if the user was created manually, make sure the group is there as well + if ! getent group postgres > /dev/null; then + addgroup --system $quiet postgres + fi + # make sure postgres is in the postgres group + if ! id -Gn postgres | grep -qw postgres; then + adduser $quiet postgres postgres + fi + + # check validity of postgres user and group + if [ "`id -u postgres`" -eq 0 ]; then + echo "The postgres system user must not have uid 0 (root). +Please fix this and reinstall this package." >&2 + exit 1 + fi + if [ "`id -g postgres`" -eq 0 ]; then + echo "The postgres system user must not have root as primary group. +Please fix this and reinstall this package." >&2 + exit 1 + fi + + # ensure home directory ownership + mkdir -p /var/lib/postgresql + su -s /bin/sh postgres -c "test -O /var/lib/postgresql && + test -G /var/lib/postgresql" || \ + chown postgres:postgres /var/lib/postgresql + + # config directory permissions + chown postgres:postgres /etc/postgresql + + # nicer log directory permissions + mkdir -p /var/log/postgresql + chmod 1775 /var/log/postgresql + chown root:postgres /var/log/postgresql + + # create socket directory + [ -d /var/run/postgresql ] || \ + install -d -m 2775 -o postgres -g postgres /var/run/postgresql + + # create default dummy root.crt if not present + if ! [ -e "$SSL_ROOT" ]; then + cat > "$SSL_ROOT" <<EOF +This is a dummy root certificate file for PostgreSQL. To enable client side +authentication, add some certificates to it. Client certificates must be signed +with any certificate in this file to be accepted. + +A reasonable choice is to just symlink this file to +/etc/ssl/certs/ssl-cert-snakeoil.pem; in this case, client certificates need to +be signed by the postgresql server certificate, which might be desirable in +many cases. See chapter "Server Setup and Operation" in the PostgreSQL +documentation for details (in package postgresql-doc-9.2). + + file:///usr/share/doc/postgresql-doc-9.2/html/ssl-tcp.html +EOF + fi + + # Add postgres user to the ssl-cert group on fresh installs + # if not already in the group + if [ -z "$2" ]; then + if getent group ssl-cert >/dev/null; then + if ! id -Gn postgres 2> /dev/null | grep -qw ssl-cert; then + adduser $quiet postgres ssl-cert + fi + fi + fi + + if [ "$2" ]; then + /usr/share/postgresql-common/run-upgrade-scripts "$2" || true + fi + + /usr/share/postgresql-common/pg_checksystem || true + + # Create createcluster.conf from debconf + setup_createclusterconf + + # Forget about ucf logrotate config handling + if dpkg --compare-versions "$2" lt 183~; then + LRCONFIG="/etc/logrotate.d/postgresql-common" + ucf --purge $LRCONFIG + ucfr --purge postgresql-common $LRCONFIG + fi + + # Drop auto-generated conffile dropped in 215/229 + backups + rm -f /etc/apt/apt.conf.d/01autoremove-postgresql* + + # Create tsearch dictionaries on first install + if [ -z "$2" ]; then + pg_updatedicts + fi + + # Reload systemd (we don't restart services on install) (#932360, #950726) + [ -d /run/systemd/system ] && systemctl --system daemon-reload >/dev/null || : + + # Provide keyring symlink for pgdg systems using the old pgdg.list format + pgdg_list="/etc/apt/sources.list.d/pgdg.list" + trusted_key="/etc/apt/trusted.gpg.d/apt.postgresql.org.gpg" + pgdg_key="/usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg" + if test -e $pgdg_list && ! test -e $trusted_key && ! grep -q signed-by $pgdg_list; then + ln -sv $pgdg_key $trusted_key + fi +fi + +if [ "$1" = triggered ]; then + pg_updatedicts || true + db_stop + exit 0 # skip daemon restart below +fi + +[ "$DPKG_MAINTSCRIPT_PACKAGE" ] && db_stop + +#DEBHELPER# + +if [ "$1" = configure ]; then + # update list of packages not to apt-autoremove (after dpkg-maintscript-helper possibly removed the old version) + /usr/share/postgresql-common/pg_updateaptconfig +fi + +exit 0 |