source: debian/i2p.postinst @ 25f6c3d

Last change on this file since 25f6c3d was 29953ea, checked in by kytv <kytv@…>, 5 years ago

Debian: confine daemon with apparmor (ticket #1061)

  • Property mode set to 100755
File size: 4.3 KB
Line 
1#!/bin/sh
2
3set -e
4
5I2PHOME=/var/lib/i2p
6I2PSYSUSER=i2psvc
7
8conffile="/etc/default/i2p"
9#systemdservice="/lib/systemd/system/i2p.service"
10
11# Source debconf library -- we have a Depends line
12# to make sure it is there...
13. /usr/share/debconf/confmodule
14db_version 2.0
15
16
17case "$1" in
18    configure|reconfigure)
19        if [ ! -e $conffile ]; then
20            echo "# Defaults for i2p initscript (/etc/init.d/i2p" >> $conffile
21            echo "# This is a posix shell fragment" >> $conffile
22            echo >> $conffile
23            echo "# [automatically edited by postinst, do not change line format ]" >> $conffile
24            echo "# Run 'dpkg-reconfigure -plow i2p' to change these values." >> $conffile
25            echo >> $conffile
26            echo "RUN_DAEMON=" >> $conffile
27            echo "I2PUSER=" >> $conffile
28            echo "CONFINE_WITH_APPARMOR=" >> $conffile
29            echo "# The next value is also wrapper.java.maxmemory in /etc/i2p/wrapper.config" >> $conffile
30            echo "MEMORYLIMIT=" >> $conffile
31        fi
32
33        db_get i2p/daemon
34        RUN_DAEMON="$RET"
35        db_get i2p/user
36        I2PUSER="$RET"
37        db_get i2p/memory
38        MEMORYLIMIT="$RET"
39        db_get i2p/aa
40        CONFINE_WITH_APPARMOR="$RET"
41
42        cp -a -f $conffile $conffile.tmp
43
44        # If the admin deleted or commented some variables but then set them via debconf,
45        # (re-)add them to the conffile.
46        test -z "$RUN_DAEMON" || grep -Eq '^ *RUN_DAEMON=' $conffile || \
47            echo "RUN_DAEMON=" >> $conffile
48        test -z "$I2PUSER" || grep -Eq '^ *I2PUSER=' $conffile || \
49            echo "I2PUSER=" >> $conffile
50        test -z "$MEMORYLIMIT" || grep -Eq '^ *MEMORYLIMIT=' $conffile || \
51            echo "MEMORYLIMIT=" >> $conffile
52        test -z "$CONFINE_WITH_APPARMOR" || grep -Eq '^ *CONFINE_WITH_APPARMOR=' $conffile || \
53            echo "CONFINE_WITH_APPARMOR=" >> $conffile
54
55        if [ -z $RUN_DAEMON ]; then
56            RUN_DAEMON="false"
57            I2PUSER="i2psvc"
58        fi
59
60
61
62        sed -e "s/^ *RUN_DAEMON=.*/RUN_DAEMON=\"$RUN_DAEMON\"/" \
63            -e "s/^ *I2PUSER=.*/I2PUSER=\"$I2PUSER\"/" \
64            -e "s/^ *MEMORYLIMIT=.*/MEMORYLIMIT=\"$MEMORYLIMIT\"/" \
65            -e "s/^ *CONFINE_WITH_APPARMOR=.*/CONFINE_WITH_APPARMOR=\"$CONFINE_WITH_APPARMOR\"/" \
66            < $conffile > $conffile.tmp
67        mv -f $conffile.tmp $conffile
68
69#        if [ -e "$systemdservice" ]; then
70#            sed -e "s/User=.*/User=$I2PUSER/" < "$systemdservice" > "$systemdservice.tmp"
71#            mv -f "$systemdservice.tmp" "$systemdservice"
72#            chmod 0644 -f "$systemdservice"
73#            if grep -q 'systemd' /proc/1/comm > /dev/null 2>&1; then
74#                systemctl --system daemon-reload
75#                if [ $RUN_DAEMON = 'true' ]; then
76#                    systemctl enable i2p.service
77#                else
78#                    systemctl disable i2p.service
79#                fi
80#            fi
81#        fi
82
83        sed -e "s/^ *wrapper\.java\.maxmemory=.*/wrapper\.java\.maxmemory=$MEMORYLIMIT/" \
84            < /etc/i2p/wrapper.config > /etc/i2p/wrapper.config.tmp
85        mv -f /etc/i2p/wrapper.config.tmp /etc/i2p/wrapper.config
86        chmod 0644 -f /etc/i2p/wrapper.config
87
88    # Older versions of adduser created the home directory.
89    # The version of adduser in Debian unstable does not.
90    [ -d $I2PHOME ] || mkdir -m0750 $I2PHOME
91
92    # Create user and group as a system user.
93    if getent passwd i2psvc > /dev/null 2>&1 ; then
94        groupadd -f $I2PSYSUSER || true
95        usermod -c "I2P Router Daemon" -d $I2PHOME -g $I2PSYSUSER -s "/bin/false" \
96            $I2PSYSUSER -e 1 > /dev/null 2>&1 || true
97    else
98        adduser --system --quiet --group --home $I2PHOME $I2PSYSUSER > /dev/null 2>&1
99    fi
100
101    [ -d /var/log/i2p ] || mkdir -m0750 /var/log/i2p
102    chown -f -R $I2PSYSUSER:i2psvc /var/log/i2p
103
104    # Has someone set the permissions with dpkg-statoverride? If so, obey them.
105    if ! dpkg-statoverride --list $I2PHOME > /dev/null 2>&1
106    then
107        chown -f -R $I2PSYSUSER:$I2PSYSUSER $I2PHOME
108        chmod -f u=rwx,g=rxs,o= $I2PHOME
109    fi
110
111    db_stop
112;;
113abort-upgrade|abort-remove|abort-deconfigure)
114    echo "Aborting upgrade"
115    exit 0
116    ;;
117*)
118        echo "postinst called with unknown argument \`$1'" >&2
119                exit 0
120                ;;
121esac
122
123#DEBHELPER#
124
125exit 0
126# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4
Note: See TracBrowser for help on using the repository browser.