mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-12-23 01:13:40 +07:00
notify if security-misc installation is forced
This commit is contained in:
parent
7ee5fc1b76
commit
c22adbd92f
86
debian/security-misc.preinst
vendored
86
debian/security-misc.preinst
vendored
@ -48,13 +48,14 @@ user_groups_modifications() {
|
||||
addgroup root console
|
||||
}
|
||||
|
||||
output_skip_checks() {
|
||||
echo "security-misc '$0' INFO: Allow installation of security-misc anyway." >&2
|
||||
echo "security-misc '$0' INFO: (technical reason: $@)" >&2
|
||||
echo "security-misc '$0' INFO: If this is a chroot this is probably OK." >&2
|
||||
echo "security-misc '$0' INFO: Otherwise you might not be able to login." >&2
|
||||
}
|
||||
|
||||
sudo_users_check () {
|
||||
if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
|
||||
return 0
|
||||
fi
|
||||
if test -f /var/lib/security-misc/skip_install_check ; then
|
||||
return 0
|
||||
fi
|
||||
if command -v "qubesdb-read" &>/dev/null; then
|
||||
## Qubes users can use dom0 to get a root terminal emulator.
|
||||
## For example:
|
||||
@ -86,26 +87,47 @@ sudo_users_check () {
|
||||
IFS="$OLD_IFS"
|
||||
export IFS
|
||||
|
||||
if [ "$are_there_any_sudo_users" = "yes" ]; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
|
||||
output_skip_checks "Environment variable SECURITY_MISC_INSTALL is set to 'force'."
|
||||
return 0
|
||||
fi
|
||||
if test -f "/var/lib/security-misc/skip_install_check" ; then
|
||||
output_skip_checks "File '/var/lib/security-misc/skip_install_check' exists."
|
||||
return 0
|
||||
fi
|
||||
|
||||
## Prevent users from locking themselves out.
|
||||
## https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
|
||||
if [ ! "$are_there_any_sudo_users" = "yes" ]; then
|
||||
echo "$0: ERROR: No user is a member of group 'sudo'. Installation aborted." >&2
|
||||
echo "$0: ERROR: You probably want to run:" >&2
|
||||
echo "" >&2
|
||||
echo "sudo adduser user sudo" >&2
|
||||
echo "sudo adduser user console" >&2
|
||||
echo "" >&2
|
||||
echo "$0: ERROR: See also installation instructions:" >&2
|
||||
echo "https://www.whonix.org/wiki/security-misc#install" >&2
|
||||
exit 200
|
||||
echo "$0: ERROR: No user is a member of group 'sudo'. Installation aborted." >&2
|
||||
echo "$0: ERROR: You probably want to run:" >&2
|
||||
echo "" >&2
|
||||
echo "sudo adduser user sudo" >&2
|
||||
echo "sudo adduser user console" >&2
|
||||
echo "" >&2
|
||||
echo "$0: ERROR: See also installation instructions:" >&2
|
||||
echo "https://www.whonix.org/wiki/security-misc#install" >&2
|
||||
|
||||
if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
|
||||
output_skip_checks "Environment variable SECURITY_MISC_INSTALL is set to 'force'."
|
||||
return 0
|
||||
fi
|
||||
if test -f "/var/lib/security-misc/skip_install_check" ; then
|
||||
output_skip_checks "File '/var/lib/security-misc/skip_install_check' exists."
|
||||
return 0
|
||||
fi
|
||||
|
||||
exit 200
|
||||
}
|
||||
|
||||
console_users_check() {
|
||||
if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
|
||||
return 0
|
||||
fi
|
||||
if test -f /var/lib/security-misc/skip_install_check ; then
|
||||
if test -f "/var/lib/security-misc/skip_install_check" ; then
|
||||
return 0
|
||||
fi
|
||||
if command -v "qubesdb-read" &>/dev/null; then
|
||||
@ -142,16 +164,28 @@ console_users_check() {
|
||||
|
||||
## Prevent users from locking themselves out.
|
||||
## https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
|
||||
if [ ! "$are_there_any_console_users" = "yes" ]; then
|
||||
echo "$0: ERROR: No user is a member of group 'console'. Installation aborted." >&2
|
||||
echo "$0: ERROR: You probably want to run:" >&2
|
||||
echo "" >&2
|
||||
echo "sudo adduser user console" >&2
|
||||
echo "" >&2
|
||||
echo "$0: ERROR: See also installation instructions:" >&2
|
||||
echo "https://www.whonix.org/wiki/security-misc#install" >&2
|
||||
exit 201
|
||||
if [ "$are_there_any_console_users" = "yes" ]; then
|
||||
return 0
|
||||
fi
|
||||
|
||||
echo "$0: ERROR: No user is a member of group 'console'. Installation aborted." >&2
|
||||
echo "$0: ERROR: You probably want to run:" >&2
|
||||
echo "" >&2
|
||||
echo "sudo adduser user console" >&2
|
||||
echo "" >&2
|
||||
echo "$0: ERROR: See also installation instructions:" >&2
|
||||
echo "https://www.whonix.org/wiki/security-misc#install" >&2
|
||||
|
||||
if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
|
||||
output_skip_checks "Environment variable SECURITY_MISC_INSTALL is set to 'force'."
|
||||
return 0
|
||||
fi
|
||||
if test -f "/var/lib/security-misc/skip_install_check" ; then
|
||||
output_skip_checks "File '/var/lib/security-misc/skip_install_check' exists."
|
||||
return 0
|
||||
fi
|
||||
|
||||
exit 201
|
||||
}
|
||||
|
||||
legacy() {
|
||||
|
Loading…
Reference in New Issue
Block a user