-set -u
-
-# creating frrvty group if it isn't already there
-if ! getent group frrvty >/dev/null; then
- addgroup --system frrvty >/dev/null
-fi
-
-# creating frr group if it isn't already there
-if ! getent group frr >/dev/null; then
- addgroup --system frr >/dev/null
-fi
-
-# creating frr user if he isn't already there
-if ! getent passwd frr >/dev/null; then
- adduser \
- --system \
- --ingroup frr \
- --home /nonexistent \
- --gecos "Frr routing suite" \
- --shell /bin/false \
- frr >/dev/null
-fi
-
-# We may be installing over an older version of
-# frr and as such we need to intelligently
-# check to see if the frr user is in the frrvty
-# group.
-if ! id frr | grep &>/dev/null 'frrvty'; then
- usermod -a -G frrvty frr >/dev/null
-fi
-
-# Do not change permissions when upgrading as it would violate policy.
-if [ "$1" = "install" ]; then
- # Logfiles are group readable in case users were put into the frr group.
- d=/var/log/frr/
- mkdir -p $d
- chown frr:frr $d
- chown --quiet frr:frr $d/* | true
- chmod u=rwx,go=rx $d
- find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o=
-
- # Strict permissions for the sockets.
- d=/var/run/frr/
- mkdir -p $d
- chown frr:frr $d
- chown --quiet frr:frr $d/* | true
- chmod u=rwx,go=rx $d
- find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,go=
-
- # Config files. Vtysh does not have access to the individual daemons config file
- d=/etc/frr/
- mkdir -p $d
- chown frr:frrvty $d
- chmod ug=rwx,o=rx $d
- find $d -type f -print0 | xargs -0 --no-run-if-empty chown frr:frr
- find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o=
-
- # Exceptions for vtysh.
- f=$d/vtysh.conf
- if [ -f $f ]; then
- chown frr:frrvty $f
- chmod u=rw,g=r,o= $f
- fi
-
- # Exceptions for vtysh.
- f=$d/frr.conf
- if [ -f $d/Zebra.conf ]; then
- mv $d/Zebra.conf $f
- fi
- if [ -f $f ]; then
- chown frr:frrvty $f
- chmod u=rw,g=r,o= $f
- fi
-fi
+# bash is required since /etc/frr/daemons.conf used a bash array in some
+# previous versions.
+
+case "$1" in
+install|upgrade)
+ (
+ test -f /etc/frr/daemons && . /etc/frr/daemons
+ test -f /etc/frr/daemons.conf && . /etc/frr/daemons.conf
+ test -f /etc/default/frr && . /etc/default/frr
+
+ if [ "$watchfrr_enable" = no -o \
+ "$watchfrr_enable" = "0" ]; then
+ echo >&2 <<EOF
+ERROR: Pre-existing frr configuration file disables watchfrr.
+
+This configuration is deprecated upstream and not supported by the Debian
+FRR package. Refusing to $1 in order to not break running setups.
+Please change your setup to use watchfrr and remove the "watchfrr_enable"
+option from /etc/frr/daemons, /etc/frr/daemons.conf and/or /etc/default/frr.
+EOF
+ exit 1
+ fi
+ )
+ ;;
+abort-upgrade)
+ # shouldn't fail an upgrade abort
+ ;;
+esac