2
0

gnunet.postinst 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309
  1. #!/bin/bash
  2. set -e
  3. . /usr/share/debconf/confmodule
  4. # This is taken from the package libnss-mdns and edited to do the same thing
  5. # but for GNS insteand of mdns. try to insert gns entries to the "hosts" line
  6. # in /etc/nsswitch.conf to automatically enable nss-gns support; do not change
  7. # the configuration if the "hosts" line already references some gns lookups
  8. insert_gns() {
  9. echo -n "Checking NSS setup..."
  10. # abort if /etc/nsswitch.conf does not exist
  11. if ! [ -e /etc/nsswitch.conf ]; then
  12. echo "Could not find /etc/nsswitch.conf."
  13. return 1
  14. fi
  15. perl -i -pe '
  16. sub insert {
  17. # this also splits on tab
  18. my @bits=split(" ", shift);
  19. # do not break configuration if the "hosts" line already references gns
  20. if (grep { $_ eq "gns"} @bits) {
  21. return join " ", @bits;
  22. }
  23. # change "dns" or "resolve", whichever comes first, into
  24. # "gns [NOTFOUND=return] dns"
  25. foreach my $bit (@bits) {
  26. if ($bit eq "dns") {
  27. $bit = "gns [NOTFOUND=return] $bit";
  28. last;
  29. }
  30. }
  31. return join " ", @bits;
  32. }
  33. s/^(hosts:\s+)(.*)/$1.insert($2)/e;
  34. ' /etc/nsswitch.conf
  35. echo " done."
  36. }
  37. case "${1}" in
  38. configure)
  39. db_version 2.0
  40. db_get gnunet-systempeer/username
  41. _USERNAME="${RET:-gnunet}"
  42. db_get gnunet-systempeer/groupname
  43. _GROUPNAME="${RET:-gnunet}"
  44. db_get gnunet-systempeer/autostart
  45. _AUTOSTART="${RET}" # boolean
  46. db_get gnunet-dns/libnsswitch
  47. _LIBNSSWITCH="${RET}" # boolean
  48. db_get gnunet-user/proxy
  49. _PROXY="${RET}" # boolean
  50. db_stop
  51. CONFIG_FILE="/etc/default/gnunet"
  52. # Read default values
  53. GNUNET_HOME="/var/lib/gnunet"
  54. eval $(grep GNUNET_HOME /etc/gnunet.conf | tr -d '[:blank:]')
  55. # Creating gnunet group if needed
  56. if ! getent group ${_GROUPNAME} > /dev/null
  57. then
  58. echo -n "Creating new GNUnet group ${_GROUPNAME}:"
  59. addgroup --quiet --system ${_GROUPNAME}
  60. echo " done."
  61. fi
  62. # Creating gnunet user if needed
  63. if ! getent passwd ${_USERNAME} > /dev/null
  64. then
  65. echo -n "Creating new GNUnet user ${_USERNAME}:"
  66. adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME}
  67. echo " done."
  68. fi
  69. # Add a special secured group
  70. GNUNETDNS_GROUP="gnunetdns"
  71. # Creating gnunetdns group if needed
  72. if ! getent group ${GNUNETDNS_GROUP} > /dev/null
  73. then
  74. echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:"
  75. addgroup --quiet --system ${GNUNETDNS_GROUP}
  76. echo " done."
  77. fi
  78. # Copy the libnss_gns files to the libnss directory
  79. if ${_LIBNSSWITCH}
  80. then
  81. echo "Editing /etc/nsswitch.conf to use GNS before DNS"
  82. # $2 equals the currently installed version if it exists
  83. if [ -z "$2" ]; then
  84. # first install: setup the recommended configuration (unless
  85. # nsswitch.conf already contains mdns entries)
  86. insert_gns
  87. if [ "$?" -gt 0 ]; then
  88. echo "nsswitch does not exist on this system"
  89. fi
  90. fi
  91. echo " done."
  92. fi
  93. # Install GNUnet configuration for all users provided non exists
  94. userlist=$(awk -F ':' '$3>=1000 && $3<2000 {print $1}' /etc/passwd)
  95. users=($userlist)
  96. homedirlist=$(awk -F ':' '$3>=1000 && $3<2000 {print $6}' /etc/passwd)
  97. homedirs=($homedirlist)
  98. for (( i=0; i<${#users[@]}; i++ )); do
  99. usermod -aG gnunet ${users[$i]}
  100. if [ -n "$i" ] && [ -d "${homedirs[$i]}" ]; then
  101. mkdir -p ${homedirs[$i]}/.config/systemd/user/
  102. cat > "${homedirs[$i]}/.config/systemd/user/gnunet-user.service" << EOF
  103. # Copyright (C) 2019 GNUnet e.V.
  104. #
  105. # Copying and distribution of this file, with or without modification,
  106. # are permitted in any medium without royalty provided the copyright
  107. # notice and this notice are preserved. This file is offered as-is,
  108. # without any warranty.
  109. [Unit]
  110. Description=Service that runs a GNUnet for the user gnunet
  111. After=network.target
  112. [Service]
  113. Type=forking
  114. ExecStart=/usr/bin/gnunet-arm -s -c ${homedirs[$i]}/.config/gnunet.conf
  115. ExecStop=/usr/bin/gnunet-arm -e -c ${homedirs[$i]}/.config/gnunet.conf
  116. [Install]
  117. WantedBy=multi-user.target
  118. EOF
  119. chown "${users[$i]}":"${users[$i]}" "${homedirs[$i]}/.config/systemd/user/gnunet-user.service"
  120. if [ ! -f "${homedirs[$i]}/.config/gnunet.conf" ]; then
  121. mkdir -p ${homedirs[$i]}/.config/
  122. cp /etc/skel/.config/gnunet.conf "${homedirs[$i]}/.config/gnunet.conf"
  123. chmod 644 "${homedirs[$i]}/.config/gnunet.conf"
  124. fi
  125. fi
  126. port=$((8000+$(id -u "${users[$i]}")))
  127. gnunet-config -c "${homedirs[$i]}/.config/gnunet.conf" \
  128. --rewrite \
  129. --section=gns-proxy \
  130. --option=IMMEDIATE_START \
  131. --value=YES
  132. gnunet-config -c "${homedirs[$i]}/.config/gnunet.conf" \
  133. --rewrite \
  134. --section=gns-proxy \
  135. --option=OPTIONS \
  136. --value="-p $port"
  137. chown "${users[$i]}":"${users[$i]}" "${homedirs[$i]}/.config/gnunet.conf"
  138. done
  139. # Change the proxy settings for Firefox and Chromium if desired
  140. if ${_PROXY}
  141. then
  142. mkdir -p /etc/X11/xinit/xinitrc.d/
  143. cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF"
  144. #!/bin/bash
  145. systemctl --user daemon-reload
  146. systemctl --user start gnunet-user
  147. systemctl --user enable gnunet-user
  148. user=$(whoami)
  149. gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES')
  150. # Enable GNS proxy for new users informed by /etc/skel.
  151. if [ "$gnunet_proxy" ]; then
  152. # Calculate user specific port
  153. port=$((8000+$(id -u $user)))
  154. gnunet-config -c $HOME/.config/gnunet.conf \
  155. --rewrite \
  156. --section=gns-proxy \
  157. --option=OPTIONS \
  158. --value="-p $port"
  159. # Firefox
  160. defaultprofile=$(ls $HOME/.mozilla/firefox/*.default)
  161. if [ ! "$defaultprofile" ];then
  162. timeout 3s firefox --headless # dirty: create profile if not existent
  163. fi
  164. for ffprofile in $HOME/.mozilla/firefox/*.*/; do
  165. js=$ffprofile/user.js
  166. if [ -f "$js" ]; then
  167. sed -i '/Preferences for using the GNU Name System/d' "$js"
  168. sed -i '/network.proxy.socks/d' "$js"
  169. sed -i '/network.proxy.socks_port/d' "$js"
  170. sed -i '/network.proxy.socks_remote_dns/d' "$js"
  171. sed -i '/network.proxy.type/d' "$js"
  172. fi
  173. echo "// Preferences for using the GNU Name System" >> "$js"
  174. echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js"
  175. echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js"
  176. echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js"
  177. echo "user_pref(\"network.proxy.type\", 1);" >> "$js"
  178. done
  179. # Chromium
  180. profile="$HOME/.profile"
  181. if [ -f "$profile" ]; then
  182. sed -i '/CHROMIUM_USER_FLAGS/d' "$profile"
  183. fi
  184. echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \
  185. >> "$profile"
  186. fi
  187. # Create/Renew GNS certificate authority (CA) per user.
  188. gnunet-gns-proxy-setup-ca
  189. EOF
  190. fi
  191. # Update files and directories permissions.
  192. # Assuming default values, this *should* not be changed.
  193. echo -n "Updating files and directories permissions:"
  194. chown -R ${_USERNAME}:${_GROUPNAME} /var/log/gnunetd
  195. chown -R ${_USERNAME}:${_GROUPNAME} ${GNUNET_HOME}
  196. # Secure access to the data directory
  197. chmod 0700 "${GNUNET_HOME}" || true
  198. # Restrict access on setuid binaries
  199. for file in /usr/bin/gnunet-helper-exit \
  200. /usr/bin/gnunet-helper-nat-client \
  201. /usr/bin/gnunet-helper-nat-server \
  202. /usr/bin/gnunet-helper-transport-bluetooth \
  203. /usr/bin/gnunet-helper-transport-wlan \
  204. /usr/bin/gnunet-helper-vpn
  205. do
  206. # only do something when no setting exists
  207. if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]
  208. then
  209. chown root:${_GROUPNAME} $file
  210. chmod 4750 $file
  211. fi
  212. done
  213. if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 \
  214. && [ -e /usr/bin/gnunet-helper-dns ]
  215. then
  216. chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
  217. chmod 4750 /usr/bin/gnunet-helper-dns
  218. fi
  219. if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 \
  220. && [ -e /usr/bin/gnunet-service-dns ]
  221. then
  222. chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
  223. chmod 2750 /usr/bin/gnunet-service-dns
  224. fi
  225. echo " done."
  226. # Writing new values to configuration file
  227. echo -n "Writing new configuration file:"
  228. CONFIG_NEW=$(tempfile)
  229. cat > "${CONFIG_NEW}" <<EOF
  230. # This file controls the behaviour of the GNUnet init script.
  231. # It will be parsed as a shell script.
  232. # please do not edit by hand, use 'dpkg-reconfigure gnunet-systempeer'.
  233. GNUNET_USER=${_USERNAME}
  234. GNUNET_GROUP=${_GROUPNAME}
  235. GNUNET_AUTOSTART="${_AUTOSTART}"
  236. EOF
  237. cat > "/etc/systemd/system/gnunet.service" <<EOF
  238. [Unit]
  239. Description=A framework for secure peer-to-peer networking
  240. [Service]
  241. EnvironmentFile=/etc/default/gnunet
  242. User=${_USERNAME}
  243. Type=forking
  244. ExecStart=/usr/bin/gnunet-arm -s -c /etc/gnunet.conf
  245. ExecStop=/usr/bin/gnunet-arm -e -c /etc/gnunet.conf
  246. [Install]
  247. WantedBy=multi-user.target
  248. EOF
  249. cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
  250. echo " done."
  251. # Cleaning
  252. rm -f "${CONFIG_NEW}"
  253. echo "All done."
  254. ;;
  255. abort-upgrade|abort-remove|abort-deconfigure)
  256. ;;
  257. *)
  258. echo "postinst called with unknown argument \`${1}'" >&2
  259. exit 1
  260. ;;
  261. esac
  262. #DEBHELPER#
  263. exit 0