68 lines
No EOL
2.5 KiB
Bash
Executable file
68 lines
No EOL
2.5 KiB
Bash
Executable file
#!/bin/dash
|
|
|
|
set -e
|
|
|
|
case "$1" in
|
|
configure)
|
|
[ -f "/etc/default/cacert-oidc-demo-app" ] && . /etc/default/cacert-oidc-demo-app
|
|
|
|
[ -z "$OIDC_DEMO_APP_HOME" ] && OIDC_DEMO_APP_HOME=/var/lib/oidc-demo-app
|
|
[ -z "$OIDC_DEMO_APP_USER" ] && OIDC_DEMO_APP_USER=cacert-demo
|
|
[ -z "$OIDC_DEMO_APP_NAME" ] && OIDC_DEMO_APP_NAME="CAcert OIDC Demo"
|
|
[ -z "$OIDC_DEMO_APP_GROUP" ] && OIDC_DEMO_APP_GROUP=cacert-demo
|
|
|
|
# create user to avoid running cacert-oidc-demo-app as root
|
|
# 1. create group if not existing
|
|
if ! getent group | grep -q "^$OIDC_DEMO_APP_GROUP" ; then
|
|
echo -n "Adding group $OIDC_DEMO_APP_GROUP.."
|
|
addgroup --quiet --system $OIDC_DEMO_APP_GROUP 2>/dev/null || true
|
|
echo "..done"
|
|
fi
|
|
# 2. create homedir if not existing
|
|
test -d "$OIDC_DEMO_APP_HOME" || mkdir "$OIDC_DEMO_APP_HOME"
|
|
# 3. create user if not existing
|
|
if ! getent passwd | grep -q "^$OIDC_DEMO_APP_USER"; then
|
|
echo -n "Adding system user $OIDC_DEMO_APP_USER.."
|
|
adduser --quiet \
|
|
--system \
|
|
--ingroup $OIDC_DEMO_APP_GROUP \
|
|
--no-create-home \
|
|
--disabled-password \
|
|
$OIDC_DEMO_APP_USER 2>/dev/null || true
|
|
echo "..done"
|
|
fi
|
|
# 4. adjust passwd entry
|
|
usermod -c "$OIDC_DEMO_APP_NAME" \
|
|
-d $OIDC_DEMO_APP_HOME \
|
|
-g $OIDC_DEMO_APP_GROUP \
|
|
$OIDC_DEMO_APP_USER || true
|
|
# 5. adjust file and directory permissions
|
|
if ! dpkg-statoverride --list $OIDC_DEMO_APP_HOME >/dev/null
|
|
then
|
|
chown -R $OIDC_DEMO_APP_USER:adm $OIDC_DEMO_APP_HOME
|
|
chmod u=rwx,g=rxs,o= $OIDC_DEMO_APP_HOME
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
UNIT="cacert-oidc-demo-app.service"
|
|
|
|
case "$1" in
|
|
'configure' | 'abort-upgrade' | 'abort-deconfigure' | 'abort-remove')
|
|
# systemctl daemon-reload
|
|
# systemctl --global enable $UNIT
|
|
# This will only remove masks created by d-s-h on package removal.
|
|
deb-systemd-helper unmask $UNIT >/dev/null || true
|
|
|
|
# was-enabled defaults to true, so new installations run enable.
|
|
if deb-systemd-helper --quiet was-enabled $UNIT ; then
|
|
# Enables the unit on first installation, creates new
|
|
# symlinks on upgrades if the unit file has changed.
|
|
deb-systemd-helper enable $UNIT >/dev/null || true
|
|
else
|
|
# Update the statefile to add new symlinks (if any), which need to be
|
|
# cleaned up on purge. Also remove old symlinks.
|
|
deb-systemd-helper update-state $UNIT >/dev/null || true
|
|
fi
|
|
;;
|
|
esac |