debian/frr.postinst

   1 #!/bin/sh
   2 set -e
   3
   4 # most of this file makes sense to execute regardless of whether this is any
   5 # of normal "configure" or error-handling "abort-upgrade", "abort-remove" or
   6 # "abort-deconfigure"
   7
   8 addgroup --system frrvty
   9 addgroup --system frr
  10 adduser \
  11         --system \
  12         --ingroup frr \
  13         --home /nonexistent \
  14         --gecos "Frr routing suite" \
  15         --no-create-home \
  16         frr
  17 usermod -a -G frrvty frr
  18
  19 mkdir -m 0755 -p /var/log/frr
  20 mkdir -p /etc/frr
  21
  22
  23 # only change ownership of files when they were previously owned by root or
  24 # quagga; this is to ensure we don't trample over some custom user setup.
  25 #
  26 # if we are on a freshly installed package (or we added new configfiles),
  27 # the files should be owned by root by default so we should end up with "frr"
  28 # owned configfiles.
  29
  30 quaggauid=`id -u quagga 2>/dev/null || echo 0`
  31 quaggagid=`id -g quagga 2>/dev/null || echo 0`
  32
  33 find \
  34         /etc/frr \
  35         /var/log/frr \
  36                 \( -uid 0 -o -uid $quaggauid \) -a \
  37                 \( -gid 0 -o -gid $quaggauid \) | \
  38         while read filename; do
  39
  40         # don't chown anything that has ACLs (but don't fail if we don't
  41         # have getfacl)
  42         if { getfacl -c "$filename" 2>/dev/null || true; } \
  43                 | grep -E -q -v '^((user|group|other)::|$)'; then
  44                 :
  45         else
  46                 chown frr: "$filename"
  47                 chmod o-rwx "$filename"
  48         fi
  49 done
  50
  51 # fix misconfigured vtysh.conf & frr.conf ownership caused by config save
  52 # mishandling in earlier FRR (and Quagga) versions
  53 find /etc/frr -maxdepth 1 \( -name vtysh.conf -o -name frr.conf \) \
  54         -group frrvty -exec chgrp frr {} \;
  55
  56 # more Quagga -> FRR upgrade smoothing.  Not technically needed, but let's
  57 # at least do the straightforward pieces.
  58
  59 check_old_config() {
  60         oldcfg="$1"
  61         [ -r "$oldcfg" ] || return 0
  62         [ -s "$oldcfg" ] || return 0
  63         grep -v '^[[:blank:]]*\(#\|$\)' "$oldcfg" > /dev/null || return 0
  64
  65         cat >&2 <<EOF
  66 Note: deprecated $oldcfg is present. This file is still read by
  67 the FRR service but its contents should be migrated to /etc/frr/daemons.
  68 EOF
  69 }
  70
  71 rmsum() {
  72         fname="$1"
  73         test -f "$1" || return 0
  74         fhash="`sha1sum \"$fname\"`"
  75         fhash="${fhash%% *}"
  76         if test "$fhash" = "$2"; then
  77                 rm "$fname"
  78         fi
  79 }
  80
  81 case "$1" in
  82 configure)
  83         check_old_config /etc/frr/daemons.conf
  84         check_old_config /etc/default/frr
  85         if test -f /etc/frr/.pkg.frr.nointegrated; then
  86                 # remove integrated config setup
  87                 # (if checksums match, the files match freshly installed
  88                 # defaults, but the user has split config in place)
  89                 rmsum /etc/frr/vtysh.conf 5e7e3a488c51751e1ff98f27c9ad6085e1ad9cbb
  90                 rmsum /etc/frr/frr.conf   dac6f2af4fca9919ba40eb338885a5d1773195c8
  91                 rm /etc/frr/.pkg.frr.nointegrated
  92         fi
  93         ;;
  94 esac
  95
  96 #DEBHELPER#