Sign upLogin

linuxmuster/linuxmuster-base7

View on GitHub
Star
debian/postinst

Summary

Maintainability
Test Coverage
#!/bin/bash
#
# postinst script for linuxmuster-base
# thomas@linuxmuster.net
# 20240220
# GPL v3
#

# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#

# get constants
source /usr/share/linuxmuster/defaults.sh
datestr="$(date +%Y%m%d%H%M)"

case "$1" in

 configure)
  # ensure python3 paramiko and reconfigure are installed
  /usr/bin/python3 -m pip install paramiko reconfigure

  # add lmn paths to python environment
  usersite="$(python3 -c 'import site; site._script()' --user-site)"
  userpth="$usersite/lmn.pth"
  mkdir -p "$usersite"
  echo "$LIBDIR" > "$userpth"
  echo "$SETUPDIR" >> "$userpth"

  # clean and bytecompile modules
  find "$LIBDIR" -name \*.pyc -exec rm '{}' \;
  find "$LIBDIR" -type d -name __pycache__ -exec rm -r '{}' \; 2> /dev/null || true
  python3 -m compileall "$LIBDIR"

  # create ssl-cert group
  groupadd --force --system ssl-cert

  # set permissions
  # linuxmuster ssl certs 
  chgrp ssl-cert "$SSLDIR" -R
  chmod 750 "$SSLDIR"
  # linuxmuster secrets directory
  for i in "$SECRETDIR" "$BINDUSERSECRET" "$DNSADMINSECRET"; do
    [ -e "$i" ] && chgrp dhcpd "$i"
    if [ -d "$i" ]; then
      chmod 750 "$i"
    else
      [ -e "$i" ] && chmod 440 "$i"
    fi
  done
  # samba sysvol directory
  sysvol="/var/lib/samba/sysvol"
  [ -d "$sysvol" ] && find "$sysvol" -type d -exec chmod 775 '{}' \;
  # samba ntp socket directory
  mkdir -p "$NTPSOCKDIR"
  chgrp ntp "$NTPSOCKDIR"
  chmod 750 "$NTPSOCKDIR"


  # skip subsequent actions on configured systems
  [ -s "$SETUPINI" ] || exit 0

  # provide cacert.pem for clients if not present
  if [ -n "$domainname" -a -s "$CACERT" ]; then
    sysvoltlsdir="$(echo "$SYSVOLTLSDIR" | sed -e 's|@@domainname@@|'"$domainname"'|')"
    sysvolpemfile="$sysvoltlsdir/$(basename "$CACERT")"
    [ -d "$sysvoltlsdir" ] || mkdir -p "$sysvoltlsdir"
    if [ -d "$sysvoltlsdir" -a ! -e "$sysvolpemfile" ]; then
      echo "Providing $sysvolpemfile."
      cp "$CACERT" "$sysvolpemfile"
    fi
  fi

  # timesyncd update, add firewall ip as parent ntp server
  conf='/etc/systemd/timesyncd.conf'
  if [ -e "$conf" ]; then
    search="NTP=${firewallip}"
    if ! grep -q ^"$search" "$conf"; then
      echo "Updating time server related timesyncd configuration."
      cp "$conf" "$conf".dpkg-bak."$datestr"
      echo "$search" >> "$conf"
      systemctl daemon-reload
    fi
  fi

  # enable ntp service, change firewall name to ip (#88)
  if timedatectl status | grep -qi 'active: yes'; then
    echo "Disabling timesyncd service."
    timedatectl set-ntp false
  fi
  if systemctl status ntp | grep -qi 'inactive (dead)'; then
    echo "Enabling & starting ntp service."
    systemctl enable ntp.service
    systemctl start ntp.service
  fi

 ;;

 abort-upgrade|abort-remove|abort-deconfigure)
 ;;

 *)
  echo "postinst called with unknown argument \`$1'" >&2
  exit 1
 ;;

esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0