security-misc/debian/security-misc.postinst

83 lines
2.4 KiB
Plaintext
Raw Normal View History

#!/bin/bash
2019-10-31 22:19:44 +07:00
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
2019-05-12 13:58:45 +07:00
if [ -f /usr/lib/helper-scripts/pre.bsh ]; then
source /usr/lib/helper-scripts/pre.bsh
fi
set -e
true "
#####################################################################
2017-03-06 22:00:33 +07:00
## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@
#####################################################################
"
case "$1" in
configure)
glib-compile-schemas /usr/share/glib-2.0/schemas || true
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "$DPKG_MAINTSCRIPT_NAME called with unknown argument \`$1'" >&2
exit 1
;;
esac
2019-10-16 04:02:03 +07:00
addgroup --system sysfs
addgroup --system cpuinfo
2019-12-08 13:56:30 +07:00
## group 'sudo' membership required to use 'su'
## /usr/share/pam-configs/wheel-security-misc
addgroup root sudo
2019-12-08 13:46:32 +07:00
## Related to Console Lockdown.
## /usr/share/pam-configs/console-lockdown-security-misc
2019-12-08 13:46:32 +07:00
## /etc/security/access-security-misc.conf
2019-12-08 13:58:58 +07:00
addgroup --system console
addgroup --system console-unrestricted
addgroup --system ssh
2019-12-08 13:46:32 +07:00
## This has no effect since by default this package also ships and an
## /etc/securetty configuration file that contains nothing but comments, i.e.
## an "empty" /etc/securetty.
2019-12-08 13:47:40 +07:00
## In case a system administrator edits /etc/securetty, there is no need to
## block for this to be still blocked by console lockdown. See also:
## https://www.whonix.org/wiki/Root#Root_Login
addgroup root console
2019-07-31 14:29:42 +07:00
pam-auth-update --package
/usr/lib/security-misc/permission-lockdown
## https://phabricator.whonix.org/T377
## Debian has no update-grub trigger yet:
## https://bugs.debian.org/481542
if command -v update-grub >/dev/null 2>&1; then
update-grub || \
echo "$DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ERROR: Running \
'update-grub' failed with exit code $?. $DPKG_MAINTSCRIPT_PACKAGE is most \
likely only the trigger, not the cause. Unless you know this is not an issue, \
you should fix running 'update-grub', otherwise your system might no longer \
boot." >&2
fi
true "INFO: debhelper beginning here."
#DEBHELPER#
true "INFO: Done with debhelper."
true "
#####################################################################
2017-03-06 22:00:33 +07:00
## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@
#####################################################################
"
## Explicitly "exit 0", so eventually trapped errors can be ignored.
exit 0