mirror of
https://github.com/oxen-io/lokinet.git
synced 2024-11-17 15:25:35 +00:00
2e50981408
Setcap causes problems (like issue #1007), so stop using it (and undo the permission override on upgrade) and instead set capabilities via the systemd services. (This also fixes some AssertFileNotEmpty declarations that were in the wrong places).
35 lines
1.3 KiB
Bash
35 lines
1.3 KiB
Bash
#!/bin/sh -e
|
|
|
|
set -e
|
|
|
|
if [ "$1" = configure ]; then
|
|
# Create the loki_ group (shared with lokid)
|
|
if ! getent group _loki >/dev/null; then
|
|
addgroup --force-badname --system --quiet _loki
|
|
fi
|
|
|
|
# Create _lokinet user if it doesn't exist
|
|
if ! getent passwd _lokinet >/dev/null; then
|
|
adduser --force-badname --system --quiet --home /var/lib/lokinet --ingroup _loki --gecos "Lokinet system user" _lokinet
|
|
fi
|
|
|
|
# Make sure the _lokinet user is part of the _loki group (in case it already existed)
|
|
if ! id -Gn _lokinet | grep -qw _loki; then
|
|
adduser --force-badname --quiet _lokinet _loki
|
|
fi
|
|
|
|
# Before 0.6.2-3 the deb's setcap'ed the binary and used restrictive permissions and ownership
|
|
# to protect invocation; from 0.6.2-3 onwards we do the capabilities via the systemd service
|
|
# file, so if we are upgrading from an older version remove the stat override. (Otherwise do
|
|
# nothing in case the local admin does a statoverride).
|
|
if dpkg --compare-versions "$2" lt '0.6.2-3~'; then
|
|
if dpkg-statoverride --list /usr/bin/lokinet >/dev/null 2>&1; then
|
|
dpkg-statoverride --remove /usr/bin/lokinet
|
|
chown root:root /usr/bin/lokinet
|
|
chmod 755 /usr/bin/lokinet
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
#DEBHELPER#
|