OWEALs
/
gnunet
Mirror von https://gnunet.org/git/gnunet.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
							#!/bin/bash

set -e

. /usr/share/debconf/confmodule

# This is taken from the package libnss-mdns and edited to do the same thing
# but for GNS insteand of mdns. try to insert gns entries to the "hosts" line
# in /etc/nsswitch.conf to automatically enable nss-gns support; do not change
# the configuration if the "hosts" line already references some gns lookups
insert_gns() {
  echo -n "Checking NSS setup..."
  # abort if /etc/nsswitch.conf does not exist
  if ! [ -e /etc/nsswitch.conf ]; then
    echo "Could not find /etc/nsswitch.conf."
    return 1
  fi
  perl -i -pe '
		sub insert {
			# this also splits on tab
			my @bits=split(" ", shift);
			# do not break configuration if the "hosts" line already references gns
			if (grep { $_ eq "gns"} @bits) {
				return join " ", @bits;
			}
			# change "dns" or "resolve", whichever comes first, into
			# "gns [NOTFOUND=return] dns"
			foreach my $bit (@bits) {
				if ($bit eq "dns") {
					$bit = "gns [NOTFOUND=return] $bit";
					last;
				}
			}
			return join " ", @bits;
		}
		s/^(hosts:\s+)(.*)/$1.insert($2)/e;
	' /etc/nsswitch.conf
  echo " done."
}

case "${1}" in
configure)
  db_version 2.0

  _USERNAME="gnunet"
  _GROUPNAME="gnunet"

  db_get gnunet-systempeer/autostart
  _AUTOSTART="${RET}" # boolean

  db_get gnunet-dns/libnsswitch
  _LIBNSSWITCH="${RET}" # boolean

  db_get gnunet-user/proxy
  _PROXY="${RET}" # boolean

  db_stop

  # Read default values
  GNUNET_HOME="/var/lib/gnunet"

  # Creating gnunet group if needed
  if ! getent group ${_GROUPNAME} >/dev/null; then
    echo -n "Creating new GNUnet group ${_GROUPNAME}:"
    addgroup --quiet --system ${_GROUPNAME}
    echo " done."
  fi

  # Creating gnunet user if needed
  if ! getent passwd ${_USERNAME} >/dev/null; then
    echo -n "Creating new GNUnet user ${_USERNAME}:"
    adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME}
    echo " done."
  fi

  # Add a special secured group
  GNUNETDNS_GROUP="gnunetdns"

  # Creating gnunetdns group if needed
  if ! getent group ${GNUNETDNS_GROUP} >/dev/null; then
    echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:"
    addgroup --quiet --system ${GNUNETDNS_GROUP}
    echo " done."
  fi

  # Copy the libnss_gns files to the libnss directory
  if ${_LIBNSSWITCH}; then
    echo "Editing /etc/nsswitch.conf to use GNS before DNS"
    # $2 equals the currently installed version if it exists
    if [ -z "$2" ]; then
      # first install: setup the recommended configuration (unless
      # nsswitch.conf already contains mdns entries)
      insert_gns
      if [ "$?" -gt 0 ]; then
        echo "nsswitch does not exist on this system"
      fi
    fi
    echo " done."
  fi

  #	# Change the proxy settings for Firefox and Chromium if desired
  #		if ${_PROXY}
  #        then
  #		    mkdir -p /etc/X11/xinit/xinitrc.d/
  #cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF"
  ##!/bin/bash
  #systemctl --user daemon-reload
  #systemctl --user start gnunet-user
  #systemctl --user enable gnunet-user
  #user=$(whoami)
  #gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES')
  #
  ## Enable GNS proxy for new users informed by /etc/skel.
  #if [ "$gnunet_proxy" ]; then
  #
  #        # Calculate user specific port
  #        port=$((8000+$(id -u $user)))
  #
  #        gnunet-config -c $HOME/.config/gnunet.conf \
  #                --section=gns-proxy \
  #                --option=OPTIONS \
  #                --value="-p $port"
  #
  #        # Firefox
  #        defaultprofile=$(ls $HOME/.mozilla/firefox/*.default)
  #        if [ ! "$defaultprofile" ];then
  #                timeout 3s firefox --headless # dirty: create profile if not existent
  #        fi
  #        for ffprofile in $HOME/.mozilla/firefox/*.*/; do
  #                js=$ffprofile/user.js
  #                if [ -f "$js" ]; then
  #                        sed -i '/Preferences for using the GNU Name System/d' "$js"
  #                        sed -i '/network.proxy.socks/d' "$js"
  #                        sed -i '/network.proxy.socks_port/d' "$js"
  #                        sed -i '/network.proxy.socks_remote_dns/d' "$js"
  #                        sed -i '/network.proxy.type/d' "$js"
  #                fi
  #                echo "// Preferences for using the GNU Name System" >> "$js"
  #                echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js"
  #                echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js"
  #                echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js"
  #                echo "user_pref(\"network.proxy.type\", 1);" >> "$js"
  #        done
  #
  #        # Chromium
  #        profile="$HOME/.profile"
  #        if [ -f "$profile" ]; then
  #                sed -i '/CHROMIUM_USER_FLAGS/d' "$profile"
  #        fi
  #        echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \
  #                >> "$profile"
  #fi
  #
  ## Create/Renew GNS certificate authority (CA) per user.
  #gnunet-gns-proxy-setup-ca
  #EOF
  #                fi

  # Update files and directories permissions.
  # Assuming default values, this *should* not be changed.
  echo -n "Updating files and directories permissions:"
  # Secure access to the data directory
  chmod 0700 "${GNUNET_HOME}" || true
  # Restrict access on setuid binaries
  for file in /usr/bin/gnunet-helper-exit \
    /usr/bin/gnunet-helper-nat-client \
    /usr/bin/gnunet-helper-nat-server \
    /usr/bin/gnunet-helper-transport-bluetooth \
    /usr/bin/gnunet-helper-transport-wlan \
    /usr/bin/gnunet-helper-vpn; do
    # only do something when no setting exists
    if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]; then
      chown root:${_GROUPNAME} $file
      chmod 4750 $file
    fi
  done
  if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 &&
    [ -e /usr/bin/gnunet-helper-dns ]; then
    chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
    chmod 4750 /usr/bin/gnunet-helper-dns
  fi
  if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 &&
    [ -e /usr/bin/gnunet-service-dns ]; then
    chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
    chmod 2750 /usr/bin/gnunet-service-dns
  fi
  echo " done."

  echo "All done."

  ;;

abort-upgrade | abort-remove | abort-deconfigure) ;;

\
  \
  *)
  echo "postinst called with unknown argument \`${1}'" >&2
  exit 1
  ;;
esac

#DEBHELPER#

exit 0