Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
715693b93d
core-agent-linux/debian/qubes-core-agent.preinst
Marek Marczykowski-Górecki 32915fe126
deb,rpm: split passwordless root access configs into separate package 
Make passwordless root access optional - ease integration qrexec
authorization for sudo.

QubesOS/qubes-issues#2695
2017-06-08 22:11:36 +02:00

87 lines
3.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# preinst script for core-agent-linux
#
# see: dh_installdeb(1)
set -e
# The preinst script may be called in the following ways:
# * <new-preinst> 'install'
# * <new-preinst> 'install' <old-version>
# * <new-preinst> 'upgrade' <old-version>
#
# The package will not yet be unpacked, so the preinst script cannot rely
# on any files included in its package. Only essential packages and
# pre-dependencies (Pre-Depends) may be assumed to be available.
# Pre-dependencies will have been configured at least once, but at the time the
# preinst is called they may only be in an "Unpacked" or "Half-Configured" state
# if a previous version of the pre-dependency was completely configured and has
# not been removed since then.
#
#
# * <old-preinst> 'abort-upgrade' <new-version>
#
# Called during error handling of an upgrade that failed after unpacking the
# new package because the postrm upgrade action failed. The unpacked files may
# be partly from the new version or partly missing, so the script cannot rely
# on files included in the package. Package dependencies may not be available.
# Pre-dependencies will be at least "Unpacked" following the same rules as
# above, except they may be only "Half-Installed" if an upgrade of the
# pre-dependency failed.[46]
#
# For details, see http://www.debian.org/doc/debian-policy/ or
# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or
# the debian-policy package
if [ "$1" = "install" ] ; then
# --------------------------------------------------------------------------
# Required groups
# --------------------------------------------------------------------------
groupadd --force --system qubes
groupadd --force --system sudo
# --------------------------------------------------------------------------
# User add / modifications
# --------------------------------------------------------------------------
id -u 'user' >/dev/null 2>&1 || {
useradd --user-group --create-home --shell /bin/bash user
}
id -u 'tinyproxy' >/dev/null 2>&1 || {
useradd --user-group --system -M --home /run/tinyproxy --shell /bin/false tinyproxy
}
usermod -L -a --groups qubes user
# --------------------------------------------------------------------------
# Remove `mesg` from root/.profile?
# --------------------------------------------------------------------------
sed -i -e '/^mesg n/d' /root/.profile
fi
if [ "$1" = "upgrade" ] ; then
## Fix static gid issue for in place template upgrades.
## https://github.com/QubesOS/qubes-issues/issues/1105
if grep -q ^qubes:x:98: /etc/group ; then
if ! grep -q :980: /etc/group ; then
if groupmod -g 980 qubes ; then
# make sure that vchan will still work until VM start
chmod 666 /dev/xen/* /proc/xen/privcmd
find / -gid 98 ! -type l -exec chgrp --verbose qubes {} \; 2>/dev/null || true
fi
fi
fi
## Allow passwordless login for user "user" (when using 'sudo xl console').
## https://github.com/QubesOS/qubes-issues/issues/1130
if grep -q '^user:\!:' /etc/shadow ; then
passwd user -d >/dev/null || true
fi
fi
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
# vim: set ts=4 sw=4 sts=4 et :
Reference in New Issue View Git Blame Copy Permalink