[pkg-bacula-commits] [bacula] 03/03: Cleanup of postinst scripts, safer password handling, no longer create unneeded .dist files of config files (Closes: #493092)
Carsten Leonhardt
leo at moszumanska.debian.org
Sat Sep 3 17:40:31 UTC 2016
This is an automated email from the git hooks/post-receive script.
leo pushed a commit to branch migrate-files
in repository bacula.
commit f09f5b4ba19afa315c18e4525a4a5edb3c1a3320
Author: Carsten Leonhardt <leo at debian.org>
Date: Sat Sep 3 19:02:33 2016 +0200
Cleanup of postinst scripts, safer password handling,
no longer create unneeded .dist files of config files (Closes: #493092)
---
debian/TODO | 6 +--
debian/bacula-console-qt.postinst | 50 +++---------------
debian/bacula-console.postinst | 20 +++-----
debian/bacula-director-db.postinst.in | 95 +++++++++++------------------------
debian/bacula-fd.postinst | 53 +++----------------
debian/bacula-sd.postinst | 54 +++-----------------
debian/changelog | 5 +-
7 files changed, 62 insertions(+), 221 deletions(-)
diff --git a/debian/TODO b/debian/TODO
index 05470c4..10502b9 100644
--- a/debian/TODO
+++ b/debian/TODO
@@ -1,10 +1,6 @@
-High:
-
- * debian/*.postinst.in: possibly unsafe handling of file, permissions
- should be set before sensible data is written to the file.
-
Normal:
+ * Handle bacula-dir.conf in package bacula-director
* Check if dh_exec can help us (architecture dependent *.install and
renames while installing)
* Check Depends on SQL-client-libraries, they might be obsoleted by dbconfig-*sql*
diff --git a/debian/bacula-console-qt.postinst b/debian/bacula-console-qt.postinst
index 5edb70c..7cf00ba 100644
--- a/debian/bacula-console-qt.postinst
+++ b/debian/bacula-console-qt.postinst
@@ -1,59 +1,23 @@
#!/bin/sh
-# postinst script for bacula
-#
-# see: dh_installdeb(1)
set -e
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-#
-# quoting from the policy:
-# Any necessary prompting should almost always be confined to the
-# post-installation script, and should be protected with a conditional
-# so that unnecessary prompting doesn't happen if a package's
-# installation fails and the `postinst' is called with `abort-upgrade',
-# `abort-remove' or `abort-deconfigure'.
-
SRCDIR="/usr/share/bacula-common/defconfig"
DSTDIR="/etc/bacula"
-CFGFILE="bat.conf"
+CONFIG="bat.conf"
+TARGET=$DSTDIR/$CONFIG
. /usr/share/bacula-common/common-functions.dpkg
readOrCreatePasswords
case "$1" in
configure)
-
- if [ ! -f $DSTDIR/$CFGFILE ]; then
- TARGET=$DSTDIR/$CFGFILE
- else
- TARGET=$DSTDIR/$CFGFILE.dist
+ if [ ! -f $TARGET ]; then
+ install -m 640 -o root -g bacula $SRCDIR/$CONFIG $TARGET
+ sed -e s~@debian_hostname@~`hostname`~ \
+ -e s~XXX_DIRPASSWORD_XXX~$DIRPASSWD~ \
+ -i $TARGET
fi
-
- sed -e s~@debian_hostname@~`hostname`~ \
- -e s~XXX_DIRPASSWORD_XXX~$DIRPASSWD~ \
- < $SRCDIR/$CFGFILE > $TARGET
-
- chown root:bacula $TARGET
- chmod 640 $TARGET
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
-
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
;;
esac
diff --git a/debian/bacula-console.postinst b/debian/bacula-console.postinst
index c439d0a..4a3e10e 100644
--- a/debian/bacula-console.postinst
+++ b/debian/bacula-console.postinst
@@ -2,33 +2,25 @@
set -e
-
SRCDIR="/usr/share/bacula-common/defconfig"
DSTDIR="/etc/bacula"
CONFIG="bconsole.conf"
+TARGET=$DSTDIR/$CONFIG
. /usr/share/bacula-common/common-functions.dpkg
readOrCreatePasswords
case "$1" in
configure)
- if [ ! -f $DSTDIR/$CONFIG ]; then
- TARGET=$DSTDIR/$CONFIG
- else
- TARGET=$DSTDIR/$CONFIG.dist
+ if [ ! -f $TARGET ]; then
+ install -m 640 -o root -g bacula $SRCDIR/$CONFIG $TARGET
+ sed -e s~@debian_hostname@~`hostname`~ \
+ -e s~XXX_DIRPASSWORD_XXX~$DIRPASSWD~ \
+ -i $TARGET
fi
-
- sed -e s~@debian_hostname@~`hostname`~ \
- -e s~XXX_DIRPASSWORD_XXX~$DIRPASSWD~ \
- < $SRCDIR/$CONFIG > $TARGET
-
- # Harden permissions, so that passwords can not be looked at
- chown root:bacula $TARGET
- chmod 640 $TARGET
;;
esac
-
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
diff --git a/debian/bacula-director-db.postinst.in b/debian/bacula-director-db.postinst.in
index 0a5a187..ba61685 100644
--- a/debian/bacula-director-db.postinst.in
+++ b/debian/bacula-director-db.postinst.in
@@ -54,8 +54,10 @@ if [ -f /usr/share/dbconfig-common/dpkg/postinst.$THISDB ]; then
dbc_go bacula-director-$THISDB $@
fi
-DEFCONFIG="/usr/share/bacula-common/defconfig"
-CFGFILE="/etc/bacula/bacula-dir.conf"
+SRCDIR="/usr/share/bacula-common/defconfig"
+DSTDIR="/etc/bacula"
+CONFIG="bacula-dir.conf"
+TARGET=$DSTDIR/$CONFIG
case "$1" in
configure)
@@ -64,75 +66,38 @@ configure)
check_and_fix_unsafe_director_password bacula-director-$THISDB
- echo -n "Processing configuration..."
- . /etc/dbconfig-common/bacula-director-$THISDB.conf
- TARGET=$CFGFILE.dpkg-tmp
+ if [ ! -f $TARGET ]; then
+ echo -n "No $CONFIG found, creating a new one..."
+ install -m 640 -o root -g bacula $SRCDIR/$CONFIG $TARGET
- if [ "$dbc_install" = "true" ] ; then
- sed -e s~XXX_DIRPASSWORD_XXX~$DIRPASSWD~ \
- -e s~XXX_MONDIRPASSWORD_XXX~$DIRMPASSWD~ \
- -e s~XXX_SDPASSWORD_XXX~$SDPASSWD~ \
- -e s~XXX_FDPASSWORD_XXX~$FDPASSWD~ \
- $DEFCONFIG/bacula-dir.conf > $TARGET
+ sed -e s~XXX_DIRPASSWORD_XXX~$DIRPASSWD~ \
+ -e s~XXX_MONDIRPASSWORD_XXX~$DIRMPASSWD~ \
+ -e s~XXX_SDPASSWORD_XXX~$SDPASSWD~ \
+ -e s~XXX_FDPASSWORD_XXX~$FDPASSWD~ \
+ -e "s~@debian_hostname@~`hostname`~" \
+ -i $TARGET
+
+ . /etc/dbconfig-common/bacula-director-$THISDB.conf
+ if [ "$dbc_install" = "true" ] ; then
case "$THISDB" in
- mysql | pgsql)
- sed -e "s/dbname = \"XXX_DBNAME_XXX\";/dbname = \"$dbc_dbname\"; DB Address = \"$dbc_dbserver\";/" \
- -e "s~/XXX_DBNAME_XXX~/$dbc_dbname~" \
- -e "s/XXX_DBUSER_XXX/$dbc_dbuser/" -e "s/XXX_DBPASSWORD_XXX/$dbc_dbpass/" \
- -i $TARGET
+ mysql | pgsql)
+ sed -e "s/dbname = \"XXX_DBNAME_XXX\";/dbname = \"$dbc_dbname\"; DB Address = \"$dbc_dbserver\";/" \
+ -e "s~/XXX_DBNAME_XXX~/$dbc_dbname~" \
+ -e "s/XXX_DBUSER_XXX/$dbc_dbuser/" -e "s/XXX_DBPASSWORD_XXX/$dbc_dbpass/" \
+ -i $TARGET
;;
- sqlite3)
- BACULADBNAME=`echo "$dbc_dbname" | sed 's/.db$//'`
- sed -e "s~/XXX_DBNAME_XXX~/$BACULADBNAME~" \
- -e "s~\"XXX_DBNAME_XXX~\"$BACULADBNAME~" \
- -e s~XXX_DBUSER_XXX~~ \
- -e s~XXX_DBPASSWORD_XXX~~ \
- -i $TARGET
+ sqlite3)
+ BACULADBNAME=`echo "$dbc_dbname" | sed 's/.db$//'`
+ sed -e "s~/XXX_DBNAME_XXX~/$BACULADBNAME~" \
+ -e "s~\"XXX_DBNAME_XXX~\"$BACULADBNAME~" \
+ -e s~XXX_DBUSER_XXX~~ \
+ -e s~XXX_DBPASSWORD_XXX~~ \
+ -i $TARGET
;;
esac
- fi
-
- # the remainder was formerly the content of postinst-common:
- DEFCONFIGDIR="/usr/share/bacula-common/defconfig"
- DSTDIR="/etc/bacula"
- CONFIG="bacula-dir.conf"
- TMPCONFIG=$DSTDIR/$CONFIG.dpkg-tmp
-
- if [ -f $TMPCONFIG ]; then
- SOURCE=$TMPCONFIG
- else
- SOURCE=$DEFCONFIGDIR/$CONFIG
- fi
-
- if [ ! -f $DSTDIR/$CONFIG ]; then
- TARGET=$DSTDIR/$CONFIG
- else
- TARGET=$DSTDIR/$CONFIG.dist
+ fi
+ echo "Ok."
fi
-
- # Final config fix
- sed -e "s/@debian_hostname@/`hostname`/" < $SOURCE > $TARGET
-
- # get rid of now unnecessary file
- rm -f $TMPCONFIG
-
- # Harden permissions, so that passwords can not be looked at
- # Fixed by Philipp M Hahn
- # XXX this is too late! should be done BEFORE the passwords
- # are written to the file
- chown root:bacula $TARGET
- chmod 640 $TARGET
-
- echo "Ok."
- ;;
-
-abort-upgrade|abort-remove|abort-deconfigure)
-
- ;;
-
-*)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
;;
esac
diff --git a/debian/bacula-fd.postinst b/debian/bacula-fd.postinst
index d2fee5f..5d1231f 100644
--- a/debian/bacula-fd.postinst
+++ b/debian/bacula-fd.postinst
@@ -1,33 +1,11 @@
#!/bin/sh
-# postinst script for bacula-fd
-#
set -e
-. /usr/share/debconf/confmodule
-db_version 2.0
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-#
-# quoting from the policy:
-# Any necessary prompting should almost always be confined to the
-# post-installation script, and should be protected with a conditional
-# so that unnecessary prompting doesn't happen if a package's
-# installation fails and the `postinst' is called with `abort-upgrade',
-# `abort-remove' or `abort-deconfigure'.
-
SRCDIR="/usr/share/bacula-common/defconfig"
DSTDIR="/etc/bacula"
CONFIG="bacula-fd.conf"
+TARGET=$DSTDIR/$CONFIG
. /usr/share/bacula-common/common-functions.dpkg
readOrCreatePasswords
@@ -35,31 +13,14 @@ setup_etc_default bacula-fd $@
case "$1" in
configure)
-
- if [ ! -f $DSTDIR/$CONFIG ]; then
- TARGET=$DSTDIR/$CONFIG
- else
- TARGET=$DSTDIR/$CONFIG.dist
+ if [ ! -f $TARGET ]; then
+ install -m 640 -o root -g bacula $SRCDIR/$CONFIG $TARGET
+ sed -e s~@debian_hostname@~`hostname`~ \
+ -e s~XXX_FDPASSWORD_XXX~$FDPASSWD~ \
+ -e s~XXX_MONFDPASSWORD_XXX~$FDMPASSWD~ \
+ -i $TARGET
fi
-
- sed -e s~@debian_hostname@~`hostname`~ \
- -e s~XXX_FDPASSWORD_XXX~$FDPASSWD~ \
- -e s~XXX_MONFDPASSWORD_XXX~$FDMPASSWD~ < $SRCDIR/$CONFIG > $TARGET
-
-
- # Harden permissions, so that passwords can not be looked at
- chown root:root $TARGET
- chmod 640 $TARGET
;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
-
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
esac
# dh_installdeb will replace this with shell code automatically
diff --git a/debian/bacula-sd.postinst b/debian/bacula-sd.postinst
index b94475a..cd6bf83 100644
--- a/debian/bacula-sd.postinst
+++ b/debian/bacula-sd.postinst
@@ -1,33 +1,11 @@
#!/bin/sh
-# postinst script for bacula-sd
-#
set -e
-. /usr/share/debconf/confmodule
-db_version 2.0
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-#
-# quoting from the policy:
-# Any necessary prompting should almost always be confined to the
-# post-installation script, and should be protected with a conditional
-# so that unnecessary prompting doesn't happen if a package's
-# installation fails and the `postinst' is called with `abort-upgrade',
-# `abort-remove' or `abort-deconfigure'.
-
SRCDIR="/usr/share/bacula-common/defconfig"
DSTDIR="/etc/bacula"
CONFIG="bacula-sd.conf"
+TARGET=$DSTDIR/$CONFIG
. /usr/share/bacula-common/common-functions.dpkg
readOrCreatePasswords
@@ -35,30 +13,14 @@ setup_etc_default bacula-sd $@
case "$1" in
configure)
-
- if [ ! -f $DSTDIR/$CONFIG ]; then
- TARGET=$DSTDIR/$CONFIG
- else
- TARGET=$DSTDIR/$CONFIG.dist
+ if [ ! -f $TARGET ]; then
+ install -m 640 -o root -g bacula $SRCDIR/$CONFIG $TARGET
+ sed -e s~@debian_hostname@~`hostname`~ \
+ -e s~XXX_SDPASSWORD_XXX~$SDPASSWD~ \
+ -e s~XXX_MONSDPASSWORD_XXX~$SDMPASSWD~ \
+ -i $TARGET
fi
-
- sed -e s~@debian_hostname@~`hostname`~ \
- -e s~XXX_SDPASSWORD_XXX~$SDPASSWD~ \
- -e s~XXX_MONSDPASSWORD_XXX~$SDMPASSWD~ < $SRCDIR/$CONFIG > $TARGET
-
- # Harden permissions, so that passwords can not be looked at
- chown bacula:bacula $TARGET
- chmod 640 $TARGET
;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
-
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
esac
# dh_installdeb will replace this with shell code automatically
@@ -67,5 +29,3 @@ esac
#DEBHELPER#
exit 0
-
-
diff --git a/debian/changelog b/debian/changelog
index c422c09..68872f2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,8 +5,11 @@ bacula (7.4.3+dfsg-5) unstable; urgency=medium
* Don't delete all of /etc/bacula when purging bacula-common
* Rewrote most of the postrm scripts
* /etc/default/bacula-dir is now handled in bacula-director
+ * Cleanup of postinst scripts, safer password handling,
+ no longer create unneeded .dist files of config files (Closes: #493092)
+ * deleted obsolete code from various places in debian/*
- -- Carsten Leonhardt <leo at debian.org> Thu, 01 Sep 2016 08:48:38 +0200
+ --
bacula (7.4.3+dfsg-4) experimental; urgency=medium
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bacula/bacula.git
More information about the pkg-bacula-commits
mailing list