]> git.proxmox.com Git - mirror_frr.git/blame - debian/frr.postinst
Merge pull request #7669 from ranjanyash54/2370
[mirror_frr.git] / debian / frr.postinst
CommitLineData
d29f324a 1#!/bin/sh
9a1c48e8 2set -e
d8e4c438 3
d29f324a
DL
4# most of this file makes sense to execute regardless of whether this is any
5# of normal "configure" or error-handling "abort-upgrade", "abort-remove" or
6# "abort-deconfigure"
d8e4c438 7
d29f324a
DL
8addgroup --system frrvty
9addgroup --system frr
10adduser \
11 --system \
12 --ingroup frr \
13 --home /nonexistent \
14 --gecos "Frr routing suite" \
9ada5ead 15 --no-create-home \
d29f324a
DL
16 frr
17usermod -a -G frrvty frr
d8e4c438 18
d29f324a
DL
19mkdir -p /var/log/frr
20mkdir -p /etc/frr
d8e4c438 21
d8e4c438 22
d29f324a
DL
23# only change ownership of files when they were previously owned by root or
24# quagga; this is to ensure we don't trample over some custom user setup.
25#
26# if we are on a freshly installed package (or we added new configfiles),
27# the files should be owned by root by default so we should end up with "frr"
28# owned configfiles.
d8e4c438 29
d29f324a
DL
30quaggauid=`id -u quagga 2>/dev/null || echo 0`
31quaggagid=`id -g quagga 2>/dev/null || echo 0`
d8e4c438 32
d29f324a
DL
33find \
34 /etc/frr \
35 /var/log/frr \
36 \( -uid 0 -o -uid $quaggauid \) -a \
37 \( -gid 0 -o -gid $quaggauid \) | \
38 while read filename; do
39
40 # don't chown anything that has ACLs (but don't fail if we don't
41 # have getfacl)
42 if { getfacl -c "$filename" 2>/dev/null || true; } \
43 | egrep -q -v '^((user|group|other)::|$)'; then
44 :
45 else
46 chown frr: "$filename"
47 chmod o-rwx "$filename"
48 fi
49done
50
4c3d9ff5
DL
51# fix misconfigured vtysh.conf & frr.conf ownership caused by config save
52# mishandling in earlier FRR (and Quagga) versions
d29f324a
DL
53find /etc/frr -maxdepth 1 \( -name vtysh.conf -o -name frr.conf \) \
54 -group frrvty -exec chgrp frr {} \;
d8e4c438 55
4c3d9ff5
DL
56# more Quagga -> FRR upgrade smoothing. Not technically needed, but let's
57# at least do the straightforward pieces.
58
d29f324a
DL
59check_old_config() {
60 oldcfg="$1"
61 [ -r "$oldcfg" ] || return 0
62 [ -s "$oldcfg" ] || return 0
63 grep -v '^[[:blank:]]*\(#\|$\)' "$oldcfg" > /dev/null || return 0
64
65 cat >&2 <<EOF
66Note: deprecated $oldcfg is present. This file is still read by
67the FRR service but its contents should be migrated to /etc/frr/daemons.
68EOF
69}
70
f673b4f6
DL
71rmsum() {
72 fname="$1"
73 test -f "$1" || return 0
74 fhash="`sha1sum \"$fname\"`"
75 fhash="${fhash%% *}"
76 if test "$fhash" = "$2"; then
77 rm "$fname"
78 fi
79}
80
d29f324a
DL
81case "$1" in
82configure)
83 check_old_config /etc/frr/daemons.conf
84 check_old_config /etc/default/frr
f673b4f6
DL
85 if test -f /etc/frr/.pkg.frr.nointegrated; then
86 # remove integrated config setup
87 # (if checksums match, the files match freshly installed
88 # defaults, but the user has split config in place)
89 rmsum /etc/frr/vtysh.conf 5e7e3a488c51751e1ff98f27c9ad6085e1ad9cbb
90 rmsum /etc/frr/frr.conf dac6f2af4fca9919ba40eb338885a5d1773195c8
91 rm /etc/frr/.pkg.frr.nointegrated
92 fi
d29f324a
DL
93 ;;
94esac
95
96#DEBHELPER#