nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-04-15 09:51:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/debian/freedombox.postinst
Sunil Mohan Adapa 966ceb5871
container: Fix upgrading of freedombox 
On a development container, we are currently changing the plinth user to be a
non-system user to allow folder sharing with the host. This leads to `addgroup
--system` and `adduser --system` failing when a non-system user/group already
exists.

This patch added checks to ensure that plinth user and group don't exist before
trying to add them. Several packages in Debian seem to be doing similar checks
before running adduser and addgroup. So, this patch is not bad to have even when
container hack is not present.

Closes: #1875.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2020-06-15 18:30:04 -04:00

44 lines
1.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
set -e
# Source debconf library.
. /usr/share/debconf/confmodule
daemonuser=plinth
daemongroup=plinth
# Due to a change in sudo, now it runs PAM modules even on password-less
# invocations. This leads to plinth not being able to run root privileges. This
# is because of our own restrictions in /etc/security/access.conf. Since Plinth
# is locked out after upgrade, we need to do this in postinst.
sed -i 's+-:ALL EXCEPT root fbx (admin) (sudo):ALL+-:ALL EXCEPT root fbx plinth (admin) (sudo):ALL+' /etc/security/access.conf
case "$1" in
configure)
if ! getent group plinth >/dev/null; then
addgroup --system --quiet plinth
fi
if ! getent passwd plinth >/dev/null; then
adduser --system --quiet --ingroup plinth --no-create-home --home /var/lib/plinth plinth
fi
chown plinth: /var/lib/plinth
chown plinth: /var/lib/plinth/sessions
if [ ! -e '/var/lib/freedombox/is-freedombox-disk-image' ]; then
umask 377
cat /dev/urandom | base64 | head -c16 > /var/lib/plinth/firstboot-wizard-secret
chown plinth:plinth /var/lib/plinth/firstboot-wizard-secret
db_subst plinth/firstboot_wizard_secret secret $(cat /var/lib/plinth/firstboot-wizard-secret)
db_input high plinth/firstboot_wizard_secret || true
db_go
fi
;;
esac
#DEBHELPER#
exit 0
Reference in New Issue View Git Blame Copy Permalink