oidc-idp/debian/postinst

68 lines
2.3 KiB
Text
Raw Normal View History

#!/bin/dash
set -e
case "$1" in
configure)
[ -f "/etc/default/cacert-oidc-idp" ] && . /etc/default/cacert-oidc-idp
[ -z "$OIDC_IDP_HOME" ] && OIDC_IDP_HOME=/var/lib/oidc-idp
[ -z "$OIDC_IDP_USER" ] && OIDC_IDP_USER=cacert-oidc-idp
[ -z "$OIDC_IDP_NAME" ] && OIDC_IDP_NAME="CAcert OIDC IDP"
[ -z "$OIDC_IDP_GROUP" ] && OIDC_IDP_GROUP=cacert-oidc-idp
# create user to avoid running cacert-oidc-idp as root
# 1. create group if not existing
if ! getent group | grep -q "^$OIDC_IDP_GROUP" ; then
echo -n "Adding group $OIDC_IDP_GROUP.."
addgroup --quiet --system $OIDC_IDP_GROUP 2>/dev/null || true
echo "..done"
fi
# 2. create homedir if not existing
test -d "$OIDC_IDP_HOME" || mkdir "$OIDC_IDP_HOME"
# 3. create user if not existing
if ! getent passwd | grep -q "^$OIDC_IDP_USER"; then
echo -n "Adding system user $OIDC_IDP_USER.."
adduser --quiet \
--system \
--ingroup $OIDC_IDP_GROUP \
--no-create-home \
--disabled-password \
$OIDC_IDP_USER 2>/dev/null || true
echo "..done"
fi
# 4. adjust passwd entry
usermod -c "$OIDC_IDP_NAME" \
-d $OIDC_IDP_HOME \
-g $OIDC_IDP_GROUP \
$OIDC_IDP_USER || true
# 5. adjust file and directory permissions
if ! dpkg-statoverride --list $OIDC_IDP_HOME >/dev/null
then
chown -R $OIDC_IDP_USER:adm $OIDC_IDP_HOME
chmod u=rwx,g=rxs,o= $OIDC_IDP_HOME
fi
;;
esac
2023-07-29 18:35:01 +00:00
UNIT="cacert-oidc-idp.service"
case "$1" in
'configure' | 'abort-upgrade' | 'abort-deconfigure' | 'abort-remove')
# systemctl daemon-reload
# systemctl --global enable $UNIT
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask $UNIT >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled $UNIT ; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable $UNIT >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state $UNIT >/dev/null || true
fi
;;
esac