2017-02-20 05:25:28 +07:00
|
|
|
#!/bin/bash
|
|
|
|
|
2019-10-31 22:19:44 +07:00
|
|
|
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
|
2017-02-20 05:25:28 +07:00
|
|
|
## See the file COPYING for copying conditions.
|
|
|
|
|
2019-05-12 13:58:45 +07:00
|
|
|
if [ -f /usr/lib/helper-scripts/pre.bsh ]; then
|
|
|
|
source /usr/lib/helper-scripts/pre.bsh
|
2017-02-20 05:25:28 +07:00
|
|
|
fi
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
true "
|
|
|
|
#####################################################################
|
2017-03-06 22:00:33 +07:00
|
|
|
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@
|
2017-02-20 05:25:28 +07:00
|
|
|
#####################################################################
|
|
|
|
"
|
|
|
|
|
|
|
|
case "$1" in
|
|
|
|
configure)
|
2017-02-20 05:32:04 +07:00
|
|
|
glib-compile-schemas /usr/share/glib-2.0/schemas || true
|
2017-02-20 05:25:28 +07:00
|
|
|
;;
|
|
|
|
|
|
|
|
abort-upgrade|abort-remove|abort-deconfigure)
|
|
|
|
;;
|
|
|
|
|
|
|
|
*)
|
|
|
|
echo "$DPKG_MAINTSCRIPT_NAME called with unknown argument \`$1'" >&2
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
2019-10-16 04:02:03 +07:00
|
|
|
addgroup --system sysfs
|
|
|
|
addgroup --system cpuinfo
|
2019-12-07 17:40:20 +07:00
|
|
|
|
2019-12-08 13:56:30 +07:00
|
|
|
## group 'sudo' membership required to use 'su'
|
|
|
|
## /usr/share/pam-configs/wheel-security-misc
|
2019-12-08 13:43:45 +07:00
|
|
|
addgroup root sudo
|
2019-12-08 13:46:32 +07:00
|
|
|
|
|
|
|
## Related to Console Lockdown.
|
2019-12-08 13:57:43 +07:00
|
|
|
## /usr/share/pam-configs/console-lockdown-security-misc
|
2019-12-08 13:46:32 +07:00
|
|
|
## /etc/security/access-security-misc.conf
|
2019-12-08 13:58:58 +07:00
|
|
|
addgroup --system console
|
|
|
|
addgroup --system console-unrestricted
|
|
|
|
addgroup --system ssh
|
2019-12-08 13:46:32 +07:00
|
|
|
## This has no effect since by default this package also ships and an
|
|
|
|
## /etc/securetty configuration file that contains nothing but comments, i.e.
|
|
|
|
## an "empty" /etc/securetty.
|
2019-12-08 13:47:40 +07:00
|
|
|
## In case a system administrator edits /etc/securetty, there is no need to
|
|
|
|
## block for this to be still blocked by console lockdown. See also:
|
|
|
|
## https://www.whonix.org/wiki/Root#Root_Login
|
2019-12-07 17:40:20 +07:00
|
|
|
addgroup root console
|
2019-07-31 14:29:42 +07:00
|
|
|
|
2019-07-13 18:41:37 +07:00
|
|
|
pam-auth-update --package
|
2019-07-08 03:51:40 +07:00
|
|
|
|
2019-08-14 15:34:03 +07:00
|
|
|
/usr/lib/security-misc/permission-lockdown
|
2019-07-13 23:20:14 +07:00
|
|
|
|
2019-09-07 12:44:23 +07:00
|
|
|
## https://phabricator.whonix.org/T377
|
|
|
|
## Debian has no update-grub trigger yet:
|
|
|
|
## https://bugs.debian.org/481542
|
|
|
|
if command -v update-grub >/dev/null 2>&1; then
|
|
|
|
update-grub || \
|
|
|
|
echo "$DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ERROR: Running \
|
|
|
|
'update-grub' failed with exit code $?. $DPKG_MAINTSCRIPT_PACKAGE is most \
|
|
|
|
likely only the trigger, not the cause. Unless you know this is not an issue, \
|
|
|
|
you should fix running 'update-grub', otherwise your system might no longer \
|
|
|
|
boot." >&2
|
|
|
|
fi
|
|
|
|
|
2017-02-20 05:25:28 +07:00
|
|
|
true "INFO: debhelper beginning here."
|
|
|
|
|
|
|
|
#DEBHELPER#
|
|
|
|
|
|
|
|
true "INFO: Done with debhelper."
|
|
|
|
|
|
|
|
true "
|
|
|
|
#####################################################################
|
2017-03-06 22:00:33 +07:00
|
|
|
## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@
|
2017-02-20 05:25:28 +07:00
|
|
|
#####################################################################
|
|
|
|
"
|
|
|
|
|
|
|
|
## Explicitly "exit 0", so eventually trapped errors can be ignored.
|
|
|
|
exit 0
|