23250f84b2
The /etc/dconf/profile/user file in some distributions is part of dconf
package, in some not. There are even cases where it changes between
package versions (Fedora 27 don't have it, but Fedora 28 do).
Also, base Debian Stretch don't have it, but Kali Linux based on it do.
To avoid overly complex dependency handling, create the file dynamically
on package installation if it's missing in that particular case. The
file content is canonical:
user-db:user
system-db:local
Fixes QubesOS/qubes-issues#3834
235 lines
7.4 KiB
Bash
Executable File
235 lines
7.4 KiB
Bash
Executable File
#!/bin/bash
|
|
# postinst script for core-agent-linux
|
|
#
|
|
# see: dh_installdeb(1)
|
|
|
|
set -e
|
|
|
|
# The postinst script may be called in the following ways:
|
|
# * <postinst> 'configure' <most-recently-configured-version>
|
|
# * <old-postinst> 'abort-upgrade' <new version>
|
|
# * <conflictor's-postinst> 'abort-remove' 'in-favour' <package>
|
|
# <new-version>
|
|
# * <postinst> 'abort-remove'
|
|
# * <deconfigured's-postinst> 'abort-deconfigure' 'in-favour'
|
|
# <failed-install-package> <version> 'removing'
|
|
# <conflicting-package> <version>
|
|
#
|
|
# For details, see http://www.debian.org/doc/debian-policy/ or
|
|
# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or
|
|
# the debian-policy package
|
|
|
|
|
|
debug() {
|
|
if [ "${DEBDEBUG}" == "1" ]; then
|
|
echo -e "$@"
|
|
fi
|
|
}
|
|
|
|
is_static() {
|
|
[ -f "/lib/sytemd/system/$1" ] && ! grep -q '^[[].nstall]' "/lib/systemd/system/$1"
|
|
}
|
|
|
|
is_masked() {
|
|
if [ ! -L /etc/systemd/system/"$1" ]
|
|
then
|
|
return 1
|
|
fi
|
|
target=$(readlink /etc/systemd/system/"$1" 2>/dev/null || :)
|
|
if [ "$target" = "/dev/null" ]
|
|
then
|
|
return 0
|
|
fi
|
|
return 1
|
|
}
|
|
|
|
mask() {
|
|
ln -sf /dev/null /etc/systemd/system/"$1"
|
|
}
|
|
|
|
unmask() {
|
|
if ! is_masked "$1"
|
|
then
|
|
return 0
|
|
fi
|
|
rm -f /etc/systemd/system/"$1"
|
|
}
|
|
|
|
preset_units() {
|
|
local represet=
|
|
while read -r action unit_name
|
|
do
|
|
if [ "$action" = "#" ] && [ "$unit_name" = "Units below this line will be re-preset on package upgrade" ]
|
|
then
|
|
represet=1
|
|
continue
|
|
fi
|
|
echo "$action $unit_name" | grep -q '^[[:space:]]*[^#;]' || continue
|
|
if ! [ -n "$action" ] || ! [ -n "$unit_name" ]; then
|
|
continue
|
|
fi
|
|
if [ "$2" = "initial" ] || [ "$represet" = "1" ]
|
|
then
|
|
if [ "$action" = "disable" ] && is_static "$unit_name"
|
|
then
|
|
if ! is_masked "$unit_name"
|
|
then
|
|
# We must effectively mask these units, even if they are static.
|
|
deb-systemd-helper mask "${unit_name}" > /dev/null 2>&1 || true
|
|
fi
|
|
elif [ "$action" = "enable" ] && is_static "$unit_name"
|
|
then
|
|
if is_masked "$unit_name"
|
|
then
|
|
# We masked this static unit before, now we unmask it.
|
|
deb-systemd-helper unmask "${unit_name}" > /dev/null 2>&1 || true
|
|
fi
|
|
systemctl --no-reload preset "$unit_name" >/dev/null 2>&1 || :
|
|
else
|
|
systemctl --no-reload preset "$unit_name" >/dev/null 2>&1 || :
|
|
fi
|
|
fi
|
|
done < "$1"
|
|
|
|
systemctl daemon-reload
|
|
}
|
|
|
|
installSerialConf() {
|
|
debug "Installing over-ridden serial.conf init script..."
|
|
if [ -e /etc/init/serial.conf ]; then
|
|
cp /usr/share/qubes/serial.conf /etc/init/serial.conf
|
|
fi
|
|
}
|
|
|
|
case "${1}" in
|
|
configure)
|
|
# Initial installation of package only
|
|
# ($2 contains version number on update; nothing on initial installation)
|
|
if [ -z "${2}" ]; then
|
|
|
|
debug "FIRST INSTALL..."
|
|
# Location of files which contains list of protected files
|
|
# shellcheck source=init/functions
|
|
. /usr/lib/qubes/init/functions
|
|
|
|
# ensure that hostname resolves to 127.0.1.1 resp. ::1 and that /etc/hosts is
|
|
# in the form expected by qubes-sysinit.sh
|
|
if ! is_protected_file /etc/hostname ; then
|
|
for ip in '127\.0\.1\.1' '::1'; do
|
|
if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then
|
|
sed -i "/^${ip}\s/,+0s/\(\s$(hostname)\)\+\(\s\|$\)/\2/g" /etc/hosts || true
|
|
sed -i "s/^${ip}\(\s\|$\).*$/\0 $(hostname)/" /etc/hosts || true
|
|
else
|
|
echo "${ip//\\/} $(hostname)" >> /etc/hosts || true
|
|
fi
|
|
done
|
|
fi
|
|
|
|
# remove hostname from 127.0.0.1 line (in debian the hostname is by default
|
|
# resolved to 127.0.1.1)
|
|
if ! is_protected_file /etc/hosts ; then
|
|
sed -i "/^127\.0\.0\.1\s/,+0s/\(\s$(hostname)\)\+\(\s\|$\)/\2/g" /etc/hosts || true
|
|
fi
|
|
|
|
# Set default "runlevel"
|
|
rm -f /etc/systemd/system/default.target
|
|
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
|
|
|
# Systemd preload-all
|
|
preset_units /lib/systemd/system-preset/75-qubes-vm.preset initial
|
|
|
|
# Maybe install overridden serial.conf init script
|
|
installSerialConf
|
|
else
|
|
preset_units /lib/systemd/system-preset/75-qubes-vm.preset upgrade
|
|
fi
|
|
systemctl reenable haveged
|
|
|
|
chgrp user /var/lib/qubes/dom0-updates
|
|
|
|
debug "UPDATE..."
|
|
# disable some Upstart services
|
|
for init in plymouth-shutdown \
|
|
prefdm \
|
|
splash-manager \
|
|
start-ttys \
|
|
tty ; do
|
|
dpkg-divert --divert /etc/init/${init}.conf.qubes-disabled --package qubes-core-agent --rename --add /etc/init/${init}.conf
|
|
done
|
|
dpkg-divert --divert /etc/init/serial.conf.qubes-orig --package qubes-core-agent --rename --add /etc/init/serial.conf
|
|
|
|
if [ ! -L /etc/systemd/system/rpcbind.service ]; then
|
|
ln -s /dev/null /etc/systemd/system/rpcbind.service
|
|
fi
|
|
|
|
# Remove old firmware updates link
|
|
if [ -L /lib/firmware/updates ]; then
|
|
rm -f /lib/firmware/updates
|
|
fi
|
|
|
|
# remove old symlinks
|
|
if [ -L /etc/systemd/system/sysinit.target.wants/qubes-random-seed.service ]; then
|
|
rm /etc/systemd/system/sysinit.target.wants/qubes-random-seed.service
|
|
fi
|
|
if [ -L /etc/systemd/system/multi-user.target.wants/qubes-mount-home.service ]; then
|
|
rm /etc/systemd/system/multi-user.target.wants/qubes-mount-home.service
|
|
fi
|
|
|
|
if ! dpkg-statoverride --list /var/lib/qubes/dom0-updates >/dev/null 2>&1; then
|
|
dpkg-statoverride --update --add user user 775 /var/lib/qubes/dom0-updates
|
|
fi
|
|
|
|
glib-compile-schemas /usr/share/glib-2.0/schemas || true
|
|
|
|
if ! [ -r /etc/dconf/profile/user ]; then
|
|
mkdir -p /etc/dconf/profile
|
|
echo "user-db:user" >> /etc/dconf/profile/user
|
|
echo "system-db:local" >> /etc/dconf/profile/user
|
|
fi
|
|
|
|
if [ -x /usr/bin/dconf ]; then
|
|
dconf update
|
|
fi
|
|
|
|
# tell dom0 about installed updates (applications, features etc)
|
|
/etc/qubes-rpc/qubes.PostInstall || true
|
|
;;
|
|
|
|
abort-upgrade|abort-remove|abort-deconfigure)
|
|
exit 0
|
|
;;
|
|
|
|
triggered)
|
|
for trigger in ${2}; do
|
|
case "${trigger}" in
|
|
|
|
/usr/share/applications)
|
|
debug "Updating Qubes App Menus and advertising features..."
|
|
/etc/qubes-rpc/qubes.PostInstall || true
|
|
;;
|
|
|
|
# Install overridden serial.conf init script
|
|
/etc/init/serial.conf)
|
|
installSerialConf
|
|
;;
|
|
|
|
esac
|
|
done
|
|
exit 0
|
|
;;
|
|
|
|
*)
|
|
echo "postinst called with unknown argument \`${1}'" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# dh_installdeb will replace this with shell code automatically
|
|
# generated by other debhelper scripts.
|
|
|
|
#DEBHELPER#
|
|
|
|
exit 0
|
|
|
|
# vim: set ts=4 sw=4 sts=4 et :
|