2
0

gnunet.postinst 6.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
  1. #!/bin/bash
  2. set -e
  3. . /usr/share/debconf/confmodule
  4. # This is taken from the package libnss-mdns and edited to do the same thing
  5. # but for GNS insteand of mdns. try to insert gns entries to the "hosts" line
  6. # in /etc/nsswitch.conf to automatically enable nss-gns support; do not change
  7. # the configuration if the "hosts" line already references some gns lookups
  8. insert_gns() {
  9. echo -n "Checking NSS setup..."
  10. # abort if /etc/nsswitch.conf does not exist
  11. if ! [ -e /etc/nsswitch.conf ]; then
  12. echo "Could not find /etc/nsswitch.conf."
  13. return 1
  14. fi
  15. perl -i -pe '
  16. sub insert {
  17. # this also splits on tab
  18. my @bits=split(" ", shift);
  19. # do not break configuration if the "hosts" line already references gns
  20. if (grep { $_ eq "gns"} @bits) {
  21. return join " ", @bits;
  22. }
  23. # change "dns" or "resolve", whichever comes first, into
  24. # "gns [NOTFOUND=return] dns"
  25. foreach my $bit (@bits) {
  26. if ($bit eq "dns") {
  27. $bit = "gns [NOTFOUND=return] $bit";
  28. last;
  29. }
  30. }
  31. return join " ", @bits;
  32. }
  33. s/^(hosts:\s+)(.*)/$1.insert($2)/e;
  34. ' /etc/nsswitch.conf
  35. echo " done."
  36. }
  37. case "${1}" in
  38. configure)
  39. db_version 2.0
  40. _USERNAME="gnunet"
  41. _GROUPNAME="gnunet"
  42. db_get gnunet-systempeer/autostart
  43. _AUTOSTART="${RET}" # boolean
  44. db_get gnunet-dns/libnsswitch
  45. _LIBNSSWITCH="${RET}" # boolean
  46. db_get gnunet-user/proxy
  47. _PROXY="${RET}" # boolean
  48. db_stop
  49. # Read default values
  50. GNUNET_HOME="/var/lib/gnunet"
  51. # Creating gnunet group if needed
  52. if ! getent group ${_GROUPNAME} >/dev/null; then
  53. echo -n "Creating new GNUnet group ${_GROUPNAME}:"
  54. addgroup --quiet --system ${_GROUPNAME}
  55. echo " done."
  56. fi
  57. # Creating gnunet user if needed
  58. if ! getent passwd ${_USERNAME} >/dev/null; then
  59. echo -n "Creating new GNUnet user ${_USERNAME}:"
  60. adduser --quiet --system --ingroup ${_GROUPNAME} --home ${GNUNET_HOME} ${_USERNAME}
  61. echo " done."
  62. fi
  63. # Add a special secured group
  64. GNUNETDNS_GROUP="gnunetdns"
  65. # Creating gnunetdns group if needed
  66. if ! getent group ${GNUNETDNS_GROUP} >/dev/null; then
  67. echo -n "Creating new secured GNUnet group ${GNUNETDNS_GROUP}:"
  68. addgroup --quiet --system ${GNUNETDNS_GROUP}
  69. echo " done."
  70. fi
  71. # Copy the libnss_gns files to the libnss directory
  72. if ${_LIBNSSWITCH}; then
  73. echo "Editing /etc/nsswitch.conf to use GNS before DNS"
  74. # $2 equals the currently installed version if it exists
  75. if [ -z "$2" ]; then
  76. # first install: setup the recommended configuration (unless
  77. # nsswitch.conf already contains mdns entries)
  78. insert_gns
  79. if [ "$?" -gt 0 ]; then
  80. echo "nsswitch does not exist on this system"
  81. fi
  82. fi
  83. echo " done."
  84. fi
  85. # # Change the proxy settings for Firefox and Chromium if desired
  86. # if ${_PROXY}
  87. # then
  88. # mkdir -p /etc/X11/xinit/xinitrc.d/
  89. #cat > "/etc/X11/xinit/xinitrc.d/80-gnunet-user-services" << "EOF"
  90. ##!/bin/bash
  91. #systemctl --user daemon-reload
  92. #systemctl --user start gnunet-user
  93. #systemctl --user enable gnunet-user
  94. #user=$(whoami)
  95. #gnunet_proxy=$(gnunet-config -c /etc/skel/.config/gnunet.conf -s gns-proxy | grep 'IMMEDIATE_START = YES')
  96. #
  97. ## Enable GNS proxy for new users informed by /etc/skel.
  98. #if [ "$gnunet_proxy" ]; then
  99. #
  100. # # Calculate user specific port
  101. # port=$((8000+$(id -u $user)))
  102. #
  103. # gnunet-config -c $HOME/.config/gnunet.conf \
  104. # --section=gns-proxy \
  105. # --option=OPTIONS \
  106. # --value="-p $port"
  107. #
  108. # # Firefox
  109. # defaultprofile=$(ls $HOME/.mozilla/firefox/*.default)
  110. # if [ ! "$defaultprofile" ];then
  111. # timeout 3s firefox --headless # dirty: create profile if not existent
  112. # fi
  113. # for ffprofile in $HOME/.mozilla/firefox/*.*/; do
  114. # js=$ffprofile/user.js
  115. # if [ -f "$js" ]; then
  116. # sed -i '/Preferences for using the GNU Name System/d' "$js"
  117. # sed -i '/network.proxy.socks/d' "$js"
  118. # sed -i '/network.proxy.socks_port/d' "$js"
  119. # sed -i '/network.proxy.socks_remote_dns/d' "$js"
  120. # sed -i '/network.proxy.type/d' "$js"
  121. # fi
  122. # echo "// Preferences for using the GNU Name System" >> "$js"
  123. # echo "user_pref(\"network.proxy.socks\", \"localhost\");" >> "$js"
  124. # echo "user_pref(\"network.proxy.socks_port\", $port);" >> "$js"
  125. # echo "user_pref(\"network.proxy.socks_remote_dns\", true);" >> "$js"
  126. # echo "user_pref(\"network.proxy.type\", 1);" >> "$js"
  127. # done
  128. #
  129. # # Chromium
  130. # profile="$HOME/.profile"
  131. # if [ -f "$profile" ]; then
  132. # sed -i '/CHROMIUM_USER_FLAGS/d' "$profile"
  133. # fi
  134. # echo "export CHROMIUM_USER_FLAGS=--proxy-server=socks5://localhost:$port" \
  135. # >> "$profile"
  136. #fi
  137. #
  138. ## Create/Renew GNS certificate authority (CA) per user.
  139. #gnunet-gns-proxy-setup-ca
  140. #EOF
  141. # fi
  142. # Update files and directories permissions.
  143. # Assuming default values, this *should* not be changed.
  144. echo -n "Updating files and directories permissions:"
  145. # Secure access to the data directory
  146. chmod 0700 "${GNUNET_HOME}" || true
  147. # Restrict access on setuid binaries
  148. for file in /usr/bin/gnunet-helper-exit \
  149. /usr/bin/gnunet-helper-nat-client \
  150. /usr/bin/gnunet-helper-nat-server \
  151. /usr/bin/gnunet-helper-transport-bluetooth \
  152. /usr/bin/gnunet-helper-transport-wlan \
  153. /usr/bin/gnunet-helper-vpn; do
  154. # only do something when no setting exists
  155. if ! dpkg-statoverride --list $file >/dev/null 2>&1 && [ -e $file ]; then
  156. chown root:${_GROUPNAME} $file
  157. chmod 4750 $file
  158. fi
  159. done
  160. if ! dpkg-statoverride --list /usr/bin/gnunet-helper-dns >/dev/null 2>&1 &&
  161. [ -e /usr/bin/gnunet-helper-dns ]; then
  162. chown root:${GNUNETDNS_GROUP} /usr/bin/gnunet-helper-dns
  163. chmod 4750 /usr/bin/gnunet-helper-dns
  164. fi
  165. if ! dpkg-statoverride --list /usr/bin/gnunet-service-dns >/dev/null 2>&1 &&
  166. [ -e /usr/bin/gnunet-service-dns ]; then
  167. chown ${_USERNAME}:${GNUNETDNS_GROUP} /usr/bin/gnunet-service-dns
  168. chmod 2750 /usr/bin/gnunet-service-dns
  169. fi
  170. echo " done."
  171. echo "All done."
  172. ;;
  173. abort-upgrade | abort-remove | abort-deconfigure) ;;
  174. \
  175. \
  176. *)
  177. echo "postinst called with unknown argument \`${1}'" >&2
  178. exit 1
  179. ;;
  180. esac
  181. #DEBHELPER#
  182. exit 0