189 lines
7.5 KiB
Bash
Executable File
189 lines
7.5 KiB
Bash
Executable File
#!/bin/sh
|
|
# postinst script for polkitd
|
|
#
|
|
# see: dh_installdeb(1)
|
|
|
|
set -e
|
|
|
|
# summary of how this script can be called:
|
|
# * <postinst> `configure' <most-recently-configured-version>
|
|
# * <old-postinst> `abort-upgrade' <new version>
|
|
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
|
|
# <new-version>
|
|
# * <postinst> `abort-remove'
|
|
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
|
|
# <failed-install-package> <version> `removing'
|
|
# <conflicting-package> <version>
|
|
# for details, see http://www.debian.org/doc/debian-policy/ or
|
|
# the debian-policy package
|
|
|
|
set_perms() {
|
|
USER=$1
|
|
GROUP=$2
|
|
MODE=$3
|
|
FILE=$4
|
|
if ! dpkg-statoverride --list "$FILE" > /dev/null 2>&1; then
|
|
chown "$USER:$GROUP" "$FILE"
|
|
chmod "$MODE" "$FILE"
|
|
fi
|
|
}
|
|
|
|
stop_polkitd () {
|
|
if [ -n "${DPKG_ROOT-}" ]; then
|
|
return
|
|
fi
|
|
|
|
if [ -d /run/systemd/system ]; then
|
|
deb-systemd-invoke stop polkit.service >/dev/null || true
|
|
else
|
|
# On non-systemd systems, polkitd is started as a traditional D-Bus
|
|
# system service and is not managed by a service manager, so this is
|
|
# the best we can do
|
|
start-stop-daemon --stop --oknodo --quiet --exec /usr/lib/polkit-1/polkitd || true
|
|
start-stop-daemon --stop --oknodo --quiet --exec /usr/libexec/polkitd || true
|
|
fi
|
|
}
|
|
|
|
case "$1" in
|
|
configure)
|
|
if ! getent passwd polkitd >/dev/null; then
|
|
user_changed=yes
|
|
else
|
|
user_changed=
|
|
fi
|
|
|
|
# Intentionally not using dh_installsysusers: we need enough control
|
|
# over sequencing to reload dbus-daemon after doing this, but before
|
|
# restarting polkitd
|
|
if command -v systemd-sysusers >/dev/null; then
|
|
SYSTEMD_NSS_DYNAMIC_BYPASS=1 systemd-sysusers ${DPKG_ROOT:+--root="$DPKG_ROOT"} polkit.conf
|
|
else
|
|
adduser --group --system --quiet --gecos 'polkit' \
|
|
--no-create-home --home /nonexistent polkitd
|
|
addgroup --system --quiet polkitd
|
|
fi
|
|
|
|
if dpkg --compare-versions "$2" lt "122-3~" \
|
|
&& [ "$(getent passwd polkitd | cut -d: -f6)" = /var/lib/polkit-1 ]
|
|
then
|
|
# Make sure polkitd is stopped: usermod refuses to change the
|
|
# home directory of a uid that has processes
|
|
stop_polkitd
|
|
# Don't fail hard if we can't change this, it's non-critical
|
|
usermod -d /nonexistent polkitd || true
|
|
fi
|
|
|
|
# polkitd-pkla wants the polkitd user to have polkitd as its
|
|
# primary group, but older Debian packages used nogroup
|
|
if [ "$(id -g polkitd)" = 65534 ]; then
|
|
user_changed=yes
|
|
usermod -g polkitd polkitd
|
|
fi
|
|
set_perms root polkitd 750 /etc/polkit-1/rules.d
|
|
set_perms root polkitd 750 /var/lib/polkit-1
|
|
set_perms root root 4755 /usr/lib/polkit-1/polkit-agent-helper-1
|
|
|
|
# Older versions had rules.d owned by polkitd:root - reset that
|
|
set_perms root root 755 /usr/share/polkit-1/rules.d
|
|
|
|
# Older versions had /var/lib/polkit-1 as polkitd's home directory
|
|
# and owned by polkitd, allowing it to create an unnecessary .cache
|
|
# directory; clean that up on upgrades. This can be removed
|
|
# after Debian 13 and Ubuntu 24.04 are released.
|
|
rm -fr /var/lib/polkit-1/.cache || true
|
|
|
|
# If the polkitd user was newly created or newly added to the polkitd
|
|
# group, the dbus-daemon might not know about that until reloaded.
|
|
# dbus-broker's service has a dbus.service alias, so this will reload
|
|
# either dbus-daemon or dbus-broker, whichever is used.
|
|
if [ -z "${DPKG_ROOT-}" ] && [ -n "$user_changed" ]; then
|
|
invoke-rc.d dbus reload || true
|
|
fi
|
|
;;
|
|
|
|
abort-upgrade|abort-remove|abort-deconfigure)
|
|
;;
|
|
|
|
*)
|
|
echo "postinst called with unknown argument \`$1'" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# dh_installdeb will replace this with shell code automatically
|
|
# generated by other debhelper scripts.
|
|
|
|
# Automatically added by dh_installxmlcatalogs/UNDECLARED
|
|
if [ "$1" = "configure" ]; then
|
|
update-xmlcatalog --sort --add --type public --id "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" --package polkitd --local /usr/share/xml/polkit-1/catalog.xml
|
|
update-xmlcatalog --sort --add --type system --id "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd" --package polkitd --local /usr/share/xml/polkit-1/catalog.xml
|
|
|
|
update-xmlcatalog --sort --add --type public --id "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" --package polkitd --root
|
|
update-xmlcatalog --sort --add --type system --id "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd" --package polkitd --root
|
|
|
|
fi
|
|
# End automatically added section
|
|
# Automatically added by dh_installtmpfiles/13.14.1ubuntu5
|
|
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
|
|
if [ -x "$(command -v systemd-tmpfiles)" ]; then
|
|
systemd-tmpfiles ${DPKG_ROOT:+--root="$DPKG_ROOT"} --create polkitd.conf || true
|
|
fi
|
|
fi
|
|
# End automatically added section
|
|
# Automatically added by dh_installdeb/13.14.1ubuntu5
|
|
dpkg-maintscript-helper rm_conffile /etc/pam.d/polkit-1 122-2\~ -- "$@"
|
|
dpkg-maintscript-helper rm_conffile /etc/polkit-1/localauthority.conf.d/50-localauthority.conf 121\+compat0.1-1\~ -- "$@"
|
|
dpkg-maintscript-helper rm_conffile /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf 121\+compat0.1-1\~ -- "$@"
|
|
dpkg-maintscript-helper rm_conffile /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf 121\+compat0.1-1\~ -- "$@"
|
|
dpkg-maintscript-helper rm_conffile /etc/polkit-1/rules.d/40-debian-sudo.rules 121\~ polkitd-javascript -- "$@"
|
|
dpkg-maintscript-helper rm_conffile /etc/polkit-1/rules.d/40-ubuntu-admin.rules 121\~ polkitd-javascript -- "$@"
|
|
dpkg-maintscript-helper rm_conffile /etc/polkit-1/rules.d/50-default.rules 121\~ polkitd-javascript -- "$@"
|
|
# End automatically added section
|
|
# Automatically added by dh_installsystemd/13.14.1ubuntu5
|
|
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
|
|
if [ -z "${DPKG_ROOT:-}" ] && [ -d /run/systemd/system ]; then
|
|
systemctl --system daemon-reload >/dev/null || true
|
|
if [ -n "$2" ]; then
|
|
deb-systemd-invoke try-restart 'polkit.service' >/dev/null || true
|
|
fi
|
|
fi
|
|
fi
|
|
# End automatically added section
|
|
|
|
|
|
# If dpkg renamed a sysadmin-modified /etc/pam.d/polkit-1 to .dpkg-bak,
|
|
# rename it back to the original name so PAM will still load it.
|
|
# (Workaround for missing dpkg feature requested in
|
|
# https://bugs.debian.org/1006655)
|
|
if [ -e /etc/pam.d/polkit-1.dpkg-bak ]; then
|
|
echo "Moving /etc/pam.d/polkit-1.dpkg-bak back to /etc/pam.d/polkit-1 ..."
|
|
mv /etc/pam.d/polkit-1.dpkg-bak /etc/pam.d/polkit-1
|
|
fi
|
|
|
|
# Clean up old directories after dpkg-maintscript-helper has removed the
|
|
# conffiles.
|
|
if dpkg --compare-versions "$2" lt "0.109-1"; then
|
|
for path in \
|
|
/etc/polkit-1/localauthority.conf.d/ \
|
|
/etc/polkit-1/nullbackend.conf.d/ \
|
|
; do
|
|
if [ -d "$path" ] \
|
|
&& ! dpkg-query -S "$path" >/dev/null 2>/dev/null
|
|
then
|
|
rmdir --ignore-fail-on-non-empty "$path"
|
|
fi
|
|
done
|
|
fi
|
|
|
|
# On non-systemd systems, polkitd is started as a traditional D-Bus
|
|
# system service and is not managed by a service manager, so the
|
|
# closest thing we can do to a restart operation is to terminate it
|
|
# and let dbus-daemon restart it.
|
|
if ! [ -d /run/systemd/system ]; then
|
|
stop_polkitd
|
|
fi
|
|
|
|
exit 0
|
|
|
|
# vim:set sw=4 sts=4 et:
|