#!/bin/bash # postinst script for core-agent-linux # # see: dh_installdeb(1) set -e # The postinst script may be called in the following ways: # * 'configure' # * 'abort-upgrade' # * 'abort-remove' 'in-favour' # # * 'abort-remove' # * 'abort-deconfigure' 'in-favour' # 'removing' # # # For details, see http://www.debian.org/doc/debian-policy/ or # https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or # the debian-policy package debug() { if [ "${DEBDEBUG}" == "1" ]; then echo -e "$@" fi } is_static() { [ -f "/lib/sytemd/system/$1" ] && ! grep -q '^[[].nstall]' "/lib/systemd/system/$1" } is_masked() { if [ ! -L /etc/systemd/system/"$1" ] then return 1 fi target=$(readlink /etc/systemd/system/"$1" 2>/dev/null || :) if [ "$target" = "/dev/null" ] then return 0 fi return 1 } mask() { ln -sf /dev/null /etc/systemd/system/"$1" } unmask() { if ! is_masked "$1" then return 0 fi rm -f /etc/systemd/system/"$1" } preset_units() { local represet= while read -r action unit_name do if [ "$action" = "#" ] && [ "$unit_name" = "Units below this line will be re-preset on package upgrade" ] then represet=1 continue fi echo "$action $unit_name" | grep -q '^[[:space:]]*[^#;]' || continue if ! [ -n "$action" ] || ! [ -n "$unit_name" ]; then continue fi if [ "$2" = "initial" ] || [ "$represet" = "1" ] then if [ "$action" = "disable" ] && is_static "$unit_name" then if ! is_masked "$unit_name" then # We must effectively mask these units, even if they are static. deb-systemd-helper mask "${unit_name}" > /dev/null 2>&1 || true fi elif [ "$action" = "enable" ] && is_static "$unit_name" then if is_masked "$unit_name" then # We masked this static unit before, now we unmask it. deb-systemd-helper unmask "${unit_name}" > /dev/null 2>&1 || true fi systemctl --no-reload preset "$unit_name" >/dev/null 2>&1 || : else systemctl --no-reload preset "$unit_name" >/dev/null 2>&1 || : fi fi done < "$1" systemctl daemon-reload } installSerialConf() { debug "Installing over-ridden serial.conf init script..." if [ -e /etc/init/serial.conf ]; then cp /usr/share/qubes/serial.conf /etc/init/serial.conf fi } case "${1}" in configure) # Initial installation of package only # ($2 contains version number on update; nothing on initial installation) if [ -z "${2}" ]; then debug "FIRST INSTALL..." # Location of files which contains list of protected files # shellcheck source=init/functions . /usr/lib/qubes/init/functions # ensure that hostname resolves to 127.0.1.1 resp. ::1 and that /etc/hosts is # in the form expected by qubes-sysinit.sh if ! is_protected_file /etc/hostname ; then for ip in '127\.0\.1\.1' '::1'; do if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then sed -i "/^${ip}\s/,+0s/\(\s$(hostname)\)\+\(\s\|$\)/\2/g" /etc/hosts || true sed -i "s/^${ip}\(\s\|$\).*$/\0 $(hostname)/" /etc/hosts || true else echo "${ip//\\/} $(hostname)" >> /etc/hosts || true fi done fi # remove hostname from 127.0.0.1 line (in debian the hostname is by default # resolved to 127.0.1.1) if ! is_protected_file /etc/hosts ; then sed -i "/^127\.0\.0\.1\s/,+0s/\(\s$(hostname)\)\+\(\s\|$\)/\2/g" /etc/hosts || true fi # Set default "runlevel" rm -f /etc/systemd/system/default.target ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target # Systemd preload-all preset_units /lib/systemd/system-preset/75-qubes-vm.preset initial # Maybe install overridden serial.conf init script installSerialConf else preset_units /lib/systemd/system-preset/75-qubes-vm.preset upgrade fi systemctl reenable haveged chgrp user /var/lib/qubes/dom0-updates debug "UPDATE..." # disable some Upstart services for init in plymouth-shutdown \ prefdm \ splash-manager \ start-ttys \ tty ; do dpkg-divert --divert /etc/init/${init}.conf.qubes-disabled --package qubes-core-agent --rename --add /etc/init/${init}.conf done dpkg-divert --divert /etc/init/serial.conf.qubes-orig --package qubes-core-agent --rename --add /etc/init/serial.conf if [ ! -L /etc/systemd/system/rpcbind.service ]; then ln -s /dev/null /etc/systemd/system/rpcbind.service fi # Remove old firmware updates link if [ -L /lib/firmware/updates ]; then rm -f /lib/firmware/updates fi # remove old symlinks if [ -L /etc/systemd/system/sysinit.target.wants/qubes-random-seed.service ]; then rm /etc/systemd/system/sysinit.target.wants/qubes-random-seed.service fi if [ -L /etc/systemd/system/multi-user.target.wants/qubes-mount-home.service ]; then rm /etc/systemd/system/multi-user.target.wants/qubes-mount-home.service fi if ! dpkg-statoverride --list /var/lib/qubes/dom0-updates >/dev/null 2>&1; then dpkg-statoverride --update --add user user 775 /var/lib/qubes/dom0-updates fi glib-compile-schemas /usr/share/glib-2.0/schemas || true if ! [ -r /etc/dconf/profile/user ]; then mkdir -p /etc/dconf/profile echo "user-db:user" >> /etc/dconf/profile/user echo "system-db:local" >> /etc/dconf/profile/user fi if [ -x /usr/bin/dconf ]; then dconf update fi # tell dom0 about installed updates (applications, features etc) /etc/qubes-rpc/qubes.PostInstall || true ;; abort-upgrade|abort-remove|abort-deconfigure) exit 0 ;; triggered) for trigger in ${2}; do case "${trigger}" in /usr/share/applications) debug "Updating Qubes App Menus and advertising features..." /etc/qubes-rpc/qubes.PostInstall || true ;; # Install overridden serial.conf init script /etc/init/serial.conf) installSerialConf ;; esac done exit 0 ;; *) echo "postinst called with unknown argument \`${1}'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 # vim: set ts=4 sw=4 sts=4 et :