postinst is in tor 0.3.2.10-1.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 | #!/bin/sh -e
# checking debian-tor account
uid=`getent passwd debian-tor | cut -d ":" -f 3`
home=`getent passwd debian-tor | cut -d ":" -f 6`
# if there is the uid the account is there and we can do
# the sanit(ar)y checks otherwise we can safely create it.
if [ "$uid" ]; then
if [ "$home" = "/var/lib/tor" ]; then
:
#echo "debian-tor homedir check: ok"
else
echo "ERROR: debian-tor account has an unexpected home directory!"
echo "It should be '/var/lib/tor', but it is '$home'."
echo "Removing the debian-tor user might fix this, but the question"
echo "remains how you got into this mess to begin with."
exit 1
fi
else
adduser --quiet \
--system \
--disabled-password \
--home /var/lib/tor \
--no-create-home \
--shell /bin/false \
--group \
debian-tor
fi
for i in lib log; do
if ! [ -d "/var/$i/tor" ]; then
echo "Something or somebody made /var/$i/tor disappear."
echo "Creating one for you again."
mkdir "/var/$i/tor"
fi
done
which restorecon >/dev/null 2>&1 && restorecon /var/lib/tor
chown debian-tor:debian-tor /var/lib/tor
chmod 02700 /var/lib/tor
which restorecon >/dev/null 2>&1 && restorecon /var/log/tor
chown debian-tor:adm /var/log/tor
chmod 02750 /var/log/tor
move_away_keys=0
if [ "$1" = "configure" ] &&
[ -e /var/lib/tor/keys ] &&
[ ! -z "$2" ]; then
if dpkg --compare-versions "$2" lt 0.1.2.19-2; then
move_away_keys=1
elif dpkg --compare-versions "$2" gt 0.2.0 &&
dpkg --compare-versions "$2" lt 0.2.0.26-rc; then
move_away_keys=1
fi
fi
if [ "$move_away_keys" = "1" ]; then
echo "Retiring possibly compromised keys. See /usr/share/doc/tor/NEWS.Debian.gz"
echo "and /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY for"
echo "further information."
if ! [ -d /var/lib/tor/keys/moved-away-by-tor-package ]; then
mkdir /var/lib/tor/keys/moved-away-by-tor-package
cat > /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY << EOF
It has been discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable.
See Debian Security Advisory number 1571 (DSA-1571) for more information:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
The Debian package for Tor has moved away the onion keys upon package
upgrade, and it will have moved away your identity key if it was created
in the affected timeframe. There is no sure way to automatically tell
if your key was created with an affected openssl library, so this move
is done unconditionally.
If you have restarted Tor since this change (and the package probably
did that for you already unless you configured your system differently)
then the Tor daemon already created new keys for itself and in all
likelyhood is already working just fine with new keys.
If you are absolutely certain that your identity key was created with
a non-affected version of openssl and for some reason you have to retain
the old identity, then you can move back the copy of secret_id_key to
/var/lib/tor/keys. Do not move back the onion keys, they were created
only recently since they are temporary keys with a lifetime of only a few
days anyway.
Sincerely,
Peter Palfrader, Tue, 13 May 2008 13:32:23 +0200
EOF
fi
for f in secret_onion_key secret_onion_key.old; do
if [ -e /var/lib/tor/keys/"$f" ]; then
mv -v /var/lib/tor/keys/"$f" /var/lib/tor/keys/moved-away-by-tor-package/"$f"
fi
done
if [ -e /var/lib/tor/keys/secret_id_key ]; then
id_mtime=`stat -c %Y /var/lib/tor/keys/secret_id_key`
sept=`date -d '2006-09-10' +%s`
if [ "$id_mtime" -gt "$sept" ] ; then
mv -v /var/lib/tor/keys/secret_id_key /var/lib/tor/keys/moved-away-by-tor-package/secret_id_key
fi
fi
fi
# clean out apparmor policy files that we shipped with
# Tor 0.2.3.16-alpha-1 in experimental and
# Tor 0.2.3.17-beta-1 in unstable.
if [ "$1" = "configure" ] &&
[ -e /etc/apparmor.d/usr.sbin.tor ] &&
[ ! -z "$2" ] &&
dpkg --compare-versions "$2" le 0.2.3.17-beta-1; then
checksum="`md5sum /etc/apparmor.d/usr.sbin.tor | awk '{print $1}'`"
pkg_md5="`dpkg-query -W -f='${Conffiles}' tor | awk '$1=="/etc/apparmor.d/usr.sbin.tor" {print $2}'`"
if [ "$checksum" = "$pkg_md5" ]; then
if command -v apparmor_parser > /dev/null 2>&1 ; then
apparmor_parser --remove -T -W /etc/apparmor.d/usr.sbin.tor || true
fi
rm -f "/etc/apparmor.d/usr.sbin.tor"
rm -f "/etc/apparmor.d/disable/usr.sbin.tor" || true
rm -f "/etc/apparmor.d/force-complain/usr.sbin.tor" || true
rm -f "/etc/apparmor.d/local/usr.sbin.tor" || true
rmdir /etc/apparmor.d/local 2>/dev/null || true
rmdir /etc/apparmor.d 2>/dev/null || true
fi
fi
tor_error_init() {
echo "Tor was unable to start due to configuration errors.";
echo "Please fix them and manually restart the tor daemon using";
echo " ´service start tor´";
}
# Automatically added by dh_apparmor/2.12-4ubuntu1
aa_is_enabled() {
if command aa-enabled >/dev/null 2>&1; then
# apparmor >= 2.10.95-2
aa-enabled --quiet 2>/dev/null
else
# apparmor << 2.10.95-2
# (This should be removed once Debian Stretch and Ubuntu 18.04 are out.)
rc=0
aa-status --enabled 2>/dev/null || rc=$?
[ "$rc" = 0 ] || [ "$rc" = 2 ]
fi
}
if [ "$1" = "configure" ]; then
APP_PROFILE="/etc/apparmor.d/system_tor"
if [ -f "$APP_PROFILE" ]; then
# Add the local/ include
LOCAL_APP_PROFILE="/etc/apparmor.d/local/system_tor"
test -e "$LOCAL_APP_PROFILE" || {
mkdir -p `dirname "$LOCAL_APP_PROFILE"`
install --mode 644 /dev/null "$LOCAL_APP_PROFILE"
}
# Reload the profile, including any abstraction updates
if aa_is_enabled; then
apparmor_parser -r -T -W "$APP_PROFILE" || true
fi
fi
fi
# End automatically added section
# Automatically added by dh_systemd_enable/11.1.4ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'tor.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'tor.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'tor.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'tor.service' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_installdeb/11.1.4ubuntu1
dpkg-maintscript-helper rm_conffile /etc/tor/tor-tsocks.conf 0.2.4.12-alpha-1 tor -- "$@"
# End automatically added section
# Automatically added by dh_installinit/11.1.4ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -x "/etc/init.d/tor" ]; then
update-rc.d tor defaults >/dev/null
invoke-rc.d tor start || tor_error_init
fi
fi
# End automatically added section
exit 0
|