debian: chop down & rework maintainer scripts

Signed-off-by: David Lamparter <equinox@diac24.net>
2018-12-11 17:02:20 +01:00 · 2018-12-11 17:02:20 +01:00 · d29f324aa8
parent 8a91a6ef9c
commit d29f324aa8
4 changed files with 96 additions and 133 deletions
--- a/debian/frr.postinst
+++ b/debian/frr.postinst
@ -1,36 +1,74 @@
-#!/bin/bash
+#!/bin/sh
 set -e
-######################
+# most of this file makes sense to execute regardless of whether this is any
-frruid=`getent passwd frr | awk -F ":" '{ print $3 }'`
+# of normal "configure" or error-handling "abort-upgrade", "abort-remove" or
-frrgid=`getent group frr | awk -F ":" '{ print $3 }'`
+# "abort-deconfigure"
 frrvtygid=`getent group frrvty | awk -F ":" '{ print $3 }'`
-[ -n ${frruid} ]    || (echo "No uid for frr"    && /bin/false)
+addgroup --system frrvty
-[ -n ${frrgid} ]    || (echo "No gid for frr"    && /bin/false)
+addgroup --system frr
-[ -n ${frrVTYgid} ] || (echo "No gid for frrvty" && /bin/false)
+adduser \
 	--system \
 	--ingroup frr \
 	--home /nonexistent \
 	--gecos "Frr routing suite" \
 	frr
 usermod -a -G frrvty frr
-chown ${frruid}:${frrgid} /etc/frr
+mkdir -p /var/log/frr
-chown ${frruid}:${frrgid} /etc/frr/*
+mkdir -p /etc/frr
 touch /etc/frr/vtysh.conf
 chgrp ${frrvtygid} /etc/frr/vtysh*
 chmod 644 /etc/frr/*
 ENVIRONMENTFILE=/etc/environment
 if ! egrep --quiet '^VTYSH_PAGER=' ${ENVIRONMENTFILE}; then
    echo "VTYSH_PAGER=/bin/cat"  >> ${ENVIRONMENTFILE}
 fi
 ##################################################
-if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
+# only change ownership of files when they were previously owned by root or
-${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"}
+# quagga; this is to ensure we don't trample over some custom user setup.
 #
 # if we are on a freshly installed package (or we added new configfiles),
 # the files should be owned by root by default so we should end up with "frr"
 # owned configfiles.
-# This is most likely due to the answer "no" to the "really stop the server"
+quaggauid=`id -u quagga 2>/dev/null || echo 0`
-# question in the prerm script.
+quaggagid=`id -g quagga 2>/dev/null || echo 0`
-if [ "$1" = "abort-upgrade" ]; then
+
-  exit 0
+find \
-fi
+	/etc/frr \
 	/var/log/frr \
 		\( -uid 0 -o -uid $quaggauid \) -a \
 		\( -gid 0 -o -gid $quaggauid \) | \
 	while read filename; do
 	# don't chown anything that has ACLs (but don't fail if we don't
 	# have getfacl)
 	if { getfacl -c "$filename" 2>/dev/null || true; } \
 		| egrep -q -v '^((user|group|other)::|$)'; then
 		:
 	else
 		chown frr: "$filename"
 		chmod o-rwx "$filename"
 	fi
 done
 # fix misconfigured vtysh.conf & frr.conf ownership set up by some inofficial
 # ("pre"-Debian) packages
 find /etc/frr -maxdepth 1 \( -name vtysh.conf -o -name frr.conf \) \
 	-group frrvty -exec chgrp frr {} \;
 check_old_config() {
 	oldcfg="$1"
 	[ -r "$oldcfg" ] || return 0
 	[ -s "$oldcfg" ] || return 0
 	grep -v '^[[:blank:]]*\(#\|$\)' "$oldcfg" > /dev/null || return 0
 	cat >&2 <<EOF
 Note: deprecated $oldcfg is present. This file is still read by
 the FRR service but its contents should be migrated to /etc/frr/daemons.
 EOF
 }
 case "$1" in
 configure)
 	check_old_config /etc/frr/daemons.conf
 	check_old_config /etc/default/frr
 	;;
 esac
 #DEBHELPER#
--- a/debian/frr.postrm
+++ b/debian/frr.postrm
@ -1,14 +1,12 @@
-#!/bin/bash
+#!/bin/sh
 set -e
 if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
 ${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"}
 # set -u	not because of debhelper
 if [ "$1" = "purge" ]; then
-	rm -rf /etc/frr /var/run/frr /var/log/frr
+	rm -rf /run/frr || true
-  	userdel frr >/dev/null 2>&1 || true
+
 	# "purge" does not remove logfiles.  therefore we shouldn't delete
 	# the "frr" user/group since that would leave files with "dangling"
 	# ownership.
 fi
 #DEBHELPER#
--- a/debian/frr.preinst
+++ b/debian/frr.preinst
@ -1,81 +1,32 @@
 #!/bin/bash
 if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
 ${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"}
 set -e
-set -u
+# bash is required since /etc/frr/daemons.conf used a bash array in some
 # previous versions.
-# creating frrvty group if it isn't already there
+case "$1" in
-if ! getent group frrvty >/dev/null; then
+install|upgrade)
-        addgroup --system frrvty >/dev/null
+	(
-fi
+		test -f /etc/frr/daemons      && . /etc/frr/daemons
 		test -f /etc/frr/daemons.conf && . /etc/frr/daemons.conf
 		test -f /etc/default/frr      && . /etc/default/frr
-# creating frr group if it isn't already there
+		if [ "$watchfrr_enable" = no -o \
-if ! getent group frr >/dev/null; then
+			"$watchfrr_enable" = "0" ]; then
-        addgroup --system frr >/dev/null
+			echo >&2 <<EOF
-fi
+ERROR: Pre-existing frr configuration file disables watchfrr.
-# creating frr user if he isn't already there
+This configuration is deprecated upstream and not supported by the Debian
-if ! getent passwd frr >/dev/null; then
+FRR package.  Refusing to $1 in order to not break running setups.
-        adduser \
+Please change your setup to use watchfrr and remove the "watchfrr_enable"
-          --system \
+option from /etc/frr/daemons, /etc/frr/daemons.conf and/or /etc/default/frr.
-          --ingroup frr \
+EOF
-          --home /nonexistent \
+			exit 1
-          --gecos "Frr routing suite" \
+		fi
-          --shell /bin/false \
+	)
-          frr  >/dev/null
+	;;
-fi
+abort-upgrade)
-
+	# shouldn't fail an upgrade abort
-# We may be installing over an older version of
+	;;
-# frr and as such we need to intelligently
+esac
 # check to see if the frr user is in the frrvty
 # group.
 if ! id frr | grep &>/dev/null 'frrvty'; then
    usermod -a -G frrvty frr >/dev/null
 fi
 # Do not change permissions when upgrading as it would violate policy.
 if [ "$1" = "install" ]; then
  # Logfiles are group readable in case users were put into the frr group.
  d=/var/log/frr/
    mkdir -p $d
    chown frr:frr $d
    chown --quiet frr:frr $d/* | true
    chmod u=rwx,go=rx $d
    find $d -type f -print0 | xargs -0 --no-run-if-empty   chmod u=rw,g=r,o=
  # Strict permissions for the sockets.
  d=/var/run/frr/
    mkdir -p $d
    chown frr:frr $d
    chown --quiet frr:frr $d/* | true
    chmod u=rwx,go=rx $d
    find $d -type f -print0 | xargs -0 --no-run-if-empty   chmod u=rw,go=
  # Config files. Vtysh does not have access to the individual daemons config file
  d=/etc/frr/
    mkdir -p $d
    chown frr:frrvty $d
    chmod ug=rwx,o=rx $d
    find $d -type f -print0 | xargs -0 --no-run-if-empty   chown frr:frr
    find $d -type f -print0 | xargs -0 --no-run-if-empty   chmod u=rw,g=r,o=
    # Exceptions for vtysh.
    f=$d/vtysh.conf
    if [ -f $f ]; then
      chown frr:frrvty $f
      chmod u=rw,g=r,o= $f
    fi
    # Exceptions for vtysh.
    f=$d/frr.conf
    if [ -f $d/Zebra.conf ]; then
      mv $d/Zebra.conf $f
    fi
    if [ -f $f ]; then
      chown frr:frrvty $f
      chmod u=rw,g=r,o= $f
    fi
 fi
 #DEBHELPER#
--- a/debian/frr.prerm
+++ b/debian/frr.prerm
@ -1,24 +0,0 @@
 #!/bin/bash
 if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
 ${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"}
 set -e
 # prerm remove
 # old-prerm upgrade new-version
 # new-prerm failed-upgrade old-version
 # conflictor's-prerm remove in-favour package new-version
 # deconfigured's-prerm deconfigure in-favour package-being-installed version removing conflicting-package 
 case $1 in
  remove|upgrade)
 	;;
  failed-upgrade)
 	# If frr/really_stop was negated then this script exits with return
 	# code 1 and is called again with "failed-upgrade". Well, exit again.
 	exit 1
 	;;
 esac
 #DEBHELPER#