#! /bin/sh
set -eu
# this needs to be here until bookworm+2.
# this is messy
# the SHA sums are from the respective reference files in
# /usr/share/adduser with DIR_MODE lines grepped out.
# that way we only have to worry about DIR_MODE explicitly here.
# sha512sum from adduser 3.115
# sha512sum is in coreutils, Essential: yes, so it's ok to use
create_adduser_conf() {
OLDVERSION="$1"
if dpkg --compare-versions "$OLDVERSION" lt 3.114; then
printf "Upgrading from a version older than Debian 10. That is no longer supported. You can continue after answering the dpkg configuration file question.\n"
return 0
elif dpkg --compare-versions "$OLDVERSION" lt 3.125; then
# we are upgrading from a supported version. Since the conffile can
# have remained unmodified over multiple past upgrades, it does not make
# sense to distinguish between upgrades from which version. We just treat
# all known hashes equally.
SHA="\
d8502b9daf3a3a486ca563a15f2bb03a25eb9247d201d15a4640088626c660a03416b62217f59c37aa94050317243b8979fd46d99e081f555eb7f8adf325a7f8 \
42ead32621022ca6c5d63e95b19838442cdd118d64077574b80fdafd5e6946a6de4608cad89576f887bec85c3398248ccb8f2a9d5c94d0571cc36c009c0f1b33 \
53ab619b03fb957e8b965b745257ae44d626851b4e23d407e25d21e20013cea2a32b090c9864695fab7eb0c3310b44ddba363e9e8370ab878e6a91aafb0e2839 \
5f213119a342d8923113fc93a0f2ac15e223d13574ccafe02731f31aeb8c04ab0d3ce5b7d9d3eef4c5382038935e0bece43b5fb2765e31b4c82af1f0bdcc711a \
ab6adcf4067d7d50ef45cc93ca3a8c54b7ab3e7748420434ad846e8d6e6c34d2ae10d576029d3e1e501f7a743951aed3876c8f3d0e03a918410fa3c9d82460e2 \
b26329cba15b817a79d19c542c49a3e34b7535ffbd60057df7aca2b7027a1ad8db0cdecfd5c00c40d60f50e8b7e2e1675d8401696cf8933a5530e31e430a6675 \
a91cdf6bf59602a7c7dbb745bca1b4d374035026dd89aa62eb9edea8ffcdff4a764a2274770de81687291d57cf9fbc0f0eb495451460c2b44229cebcecd9d870 \
9276d943d595d49f28f391688ab1973b2235a90dcf42cd383ee7a0e7b819fd8c232ec9d7e5da0c2b8a822a8d8f0eba230e88acde34015a4881ca2499b7809cb4 \
b9eb41be93cf85fba8f716d4683e6171b39a068b61a4fe4bfb5b1be93400000e8fb24b151ecaf4a88487802c24ac7aec72100fa6fd1926fa49fed9862d45deee \
d8502b9daf3a3a486ca563a15f2bb03a25eb9247d201d15a4640088626c660a03416b62217f59c37aa94050317243b8979fd46d99e081f555eb7f8adf325a7f8"
else
# old version already has adduser.conf as a dpkg-conffile, nothing to do.
return 0
fi
AUCSHA="$(< /etc/adduser.conf grep -v '^DIR_MODE' | sha512sum -)"
MATCH=0
for sha in ${SHA}; do
if [ "${sha} -" = "${AUCSHA}" ]; then
MATCH=1
break
fi
done
if [ "${MATCH}" = 1 ]; then
if [ -e "/etc/adduser.conf.update-old" ]; then
printf "cannot move unchanged adduser.conf to adduser.conf.update-old. You can continue after answering the dpkg configuration file question.\n"
else
DIR_MODE="$(< /etc/adduser.conf sed -n '/^\(DIR_MODE=\)/{s///;p;q;}')"
DIR_MODE="${DIR_MODE:-0750}"
if [ "$DIR_MODE" != "0750" ] && [ "$DIR_MODE" != "0755" ]; then
# We reach this point of control if the local file is identical to what
# we have shipped AND DIR_MODE is neither set to 0750 and 0755. This must
# be a local change, therefore a dpkg prompt is expected.
printf "DIR_MODE default has changed from %s to 0750. You can continue after answering the dpkg configuration file question.\n" "${DIR_MODE}"
else
# We reach this point of control if the local file is identical to what
# we have shipped AND DIR_MODE is either set to 0750 or 0755. If it is
# 0750, then our change is already what the user has configured before
# (no prompt needed). If it is 0755, the user never changed the default,
# hence we are policy compliant to overwrite our unchanged default with
# the new one (no prompt needed as well).
printf "moving unchanged adduser.conf to adduser.conf.update-old. New dpkg-conffile will come from the package.\n"
mv --no-clobber /etc/adduser.conf /etc/adduser.conf.update-old
fi
fi
else
printf "adduser.conf with unknown checksum (probably locally changed) encountered. You can continue after answering the dpkg configuration file question.\n"
fi
}
case $1 in
upgrade)
create_adduser_conf "${2:-}"
;;
esac
set +eu
|