This file is indexed.

postinst is in ecryptfs-utils 111-0ubuntu5.

This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/bin/sh

set -e

chmod 755 /usr/share/ecryptfs-utils/*.desktop || true

case "${1}" in
	configure)
		[ -e /var/log/installer/syslog ] && sed -i '/user-setup: YOU SHOULD RECORD THIS/,+2 d' /var/log/installer/syslog
		pam-auth-update --package
		# Try to migrate encrypted Private counters from /tmp to /dev/shm, if sane
		for i in $(ls /home); do
			if [ -f "/tmp/ecryptfs-$i-Private" ] && [ ! -e "/dev/shm/ecryptfs-$i-Private" ]; then
				o=$(stat -c %U "/tmp/ecryptfs-$i-Private")
				if [ $i = $o ]; then
					mv -f /tmp/ecryptfs-$i-Private /dev/shm
				fi
			fi
		done
		# detect and clean up after nonexisting cryptswap devices from LP #953875
		if [ -e /etc/crypttab ] && [ -e /etc/fstab ]; then
			broken_devs=''
			while read mapper_dev phys_dev keyfile _; do
				# ignore comments, existing devices, non-UUID phys_devs, and non-random devices
				[ "$mapper_dev" = "${mapper_dev#\#}" ] || continue
				[ ! -e "/dev/mapper/$mapper_dev" ] || continue
				[ "$phys_dev" != "${phys_dev#UUID=}" ] || continue
				[ "$keyfile" = "/dev/urandom" ] || continue
				uuid="${phys_dev#UUID=}"
				# does that UUID actually exist? then everything is good
				[ ! -e /dev/disk/by-uuid/$uuid ] || continue
				# we found a broken one
				broken_devs="$broken_devs$mapper_dev "
			done < /etc/crypttab
			if [ -n "$broken_devs" ]; then
				echo "Disabling broken cryptswap devices: $broken_devs (see https://launchpad.net/bugs/953875)..."
				cp -a /etc/crypttab /etc/crypttab.dpkg-save
				cp -a /etc/fstab /etc/fstab.dpkg-save
				for dev in $broken_devs; do
					sed -i "/^$dev\b/ s/^/#/" /etc/crypttab
					sed -i "/^\/dev\/mapper\/$dev\b/ s/^/#/" /etc/fstab
				done
				if type update-initamfs >/dev/null 2>&1; then
					update-initramfs -u
				fi
			fi
		fi
		# comment out leftover unencrypted swap after LP #1453738
		if [ -e /etc/crypttab ] && [ -e /etc/fstab ] && dpkg --compare-versions "$2" lt-nl "107-0ubuntu2"; then
			while read mapper_dev phys_dev keyfile options; do
				# only consider cryptswapN devices from ecryptfs-setup-swap
				[ "$mapper_dev" != "${mapper_dev#cryptswap}" ] || continue
				[ "${options#*swap,}" != "$options" ] || continue
				# ignore devices without offset=, they would cause #953875 again
				[ "${options%offset=*}" != "$options" ] || continue
				# get/verify UUID
				uuid="${phys_dev#UUID=}"
				[ -e /dev/disk/by-uuid/$uuid ] || continue
				# we found a cryptswap partition; disable all fstab references to the underlying unencrypted one
				for link in $(udevadm info --query=symlink -n /dev/disk/by-uuid/$uuid); do
					if grep -q "/dev/$link[[:space:]]" /etc/fstab; then
						echo "Disabling unencrypted swap device /dev/$link in /etc/fstab to enable $mapper_dev"
						sed -i.dpkg-save "\^/dev/$link[[:space:]]^d" /etc/fstab
						break
					fi
				done
			done < /etc/crypttab
		fi

		# Fix up GPT unencrypted swap partitions that have not been
		# marked as no-auto mounting in order to prevent systemd from
		# using them before the encrypted swap can be initialized
		# (LP: #1447282, LP: #1597154).
		#
		# IMPORTANT: Much of this code is duplicated from
		# ecryptfs-setup-swap. Please keep the two in sync when making
		# any changes.
		if [ -e /etc/crypttab ] && [ -e /etc/fstab ]; then
			while read mapper_dev phys_dev keyfile options; do
				# only consider cryptswapN devices from ecryptfs-setup-swap
				[ "$mapper_dev" != "${mapper_dev#cryptswap}" ] || continue
				[ "${options#*swap,}" != "$options" ] || continue
				# ignore devices without offset=, they would cause #953875 again
				[ "${options%offset=*}" != "$options" ] || continue
				# get/verify UUID
				uuid="${phys_dev#UUID=}"
				[ -e "/dev/disk/by-uuid/$uuid" ] || continue

				# If this is a GPT partition, mark it as no-auto mounting, to avoid
				# auto-activating it on boot
				swap_dev=$(blkid -U "$uuid")
				if [ "$(blkid -p -s PART_ENTRY_SCHEME -o value "$swap_dev")" = "gpt" ]; then
					# Correctly handle NVMe/MMC drives, as well as any similar physical
					# block device that follow the "/dev/foo0p1" pattern (LP: #1597154)
					if echo "$swap_dev" | grep -qE "^/dev/.+[0-9]+p[0-9]+$"; then
						drive=$(echo "$swap_dev" | sed "s:\(.\+[0-9]\)p[0-9]\+:\1:")
					else
						drive=$(echo "$swap_dev" | sed "s:\(.\+[^0-9]\)[0-9]\+:\1:")
					fi
					partno=$(echo "$swap_dev" | sed "s:.\+[^0-9]\([0-9]\+\):\1:")
					if [ -b "$drive" ] && \
					   ! printf "x\np\n" | fdisk "$drive" | grep -q "^$swap_dev .* GUID:.*\b63\b"; then
							# toggle flag 63 ("no auto")
							echo "Marking GPT swap partition $swap_dev as no-auto ..."
							# unfortunately fdisk fails on "cannot re-read part table" and is very verbose
							printf "x\nS\n$partno\n63\nr\nw\n" | fdisk "$drive" >/dev/null 2>&1 || true
					fi
				fi
			done < /etc/crypttab
		fi
	;;
	abort-upgrade|abort-remove|abort-deconfigure)

	;;
	*)
		echo "postinst called with unknown argument \`{$1}'" >&2
		exit 1
	;;
esac



exit 0