|
|
|
#!/bin/sh -e
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
if [ "$1" = configure ]; then
|
|
|
|
# Create the loki_ group (shared with lokid)
|
|
|
|
if ! getent group _loki >/dev/null; then
|
|
|
|
addgroup --force-badname --system --quiet _loki
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Create _lokinet user if it doesn't exist
|
|
|
|
if ! getent passwd _lokinet >/dev/null; then
|
|
|
|
adduser --force-badname --system --quiet --home /var/lib/lokinet --ingroup _loki --gecos "Lokinet system user" _lokinet
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Make sure the _lokinet user is part of the _loki group (in case it already existed)
|
|
|
|
if ! id -Gn _lokinet | grep -qw _loki; then
|
|
|
|
adduser --force-badname --quiet _lokinet _loki
|
|
|
|
fi
|
|
|
|
|
|
|
|
mkdir -p /var/lib/lokinet
|
|
|
|
su -s /bin/sh _lokinet -c "test -O /var/lib/lokinet && test -G /var/lib/lokinet" || \
|
|
|
|
chown _lokinet:_loki /var/lib/lokinet
|
|
|
|
|
|
|
|
if ! dpkg-statoverride --list /usr/bin/lokinet >/dev/null 2>&1; then
|
|
|
|
dpkg-statoverride --update --add root _loki 750 /usr/bin/lokinet
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! setcap cap_net_admin,cap_net_bind_service=+eip /usr/bin/lokinet; then
|
|
|
|
echo "failed to setcap lokinet" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! [ -e /var/lib/lokinet/bootstrap.signed ]; then
|
|
|
|
/usr/bin/lokinet-bootstrap "" /var/lib/lokinet/bootstrap.signed
|
|
|
|
chown _lokinet:_loki /var/lib/lokinet/bootstrap.signed
|
|
|
|
fi
|
|
|
|
|
|
|
|
tmpdir=$(mktemp --tmpdir -d lokinet.XXXXXXXXXX)
|
|
|
|
/usr/bin/lokinet -g $tmpdir/lokinet.ini
|
|
|
|
sed -i -e "s#$tmpdir#/var/lib/lokinet#" $tmpdir/lokinet.ini
|
|
|
|
chmod 640 $tmpdir/lokinet.ini
|
|
|
|
chgrp _loki $tmpdir/lokinet.ini
|
|
|
|
ucf $tmpdir/lokinet.ini /etc/loki/lokinet.ini
|
|
|
|
ucfr lokinet /etc/loki/lokinet.ini
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
#DEBHELPER#
|