#!/bin/sh
# postinst script for polkitd
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
set_perms() {
USER=$1
GROUP=$2
MODE=$3
FILE=$4
if ! dpkg-statoverride --list "$FILE" > /dev/null 2>&1; then
chown "$USER:$GROUP" "$FILE"
chmod "$MODE" "$FILE"
fi
}
stop_polkitd () {
if [ -n "${DPKG_ROOT-}" ]; then
return
fi
if [ -d /run/systemd/system ]; then
deb-systemd-invoke stop polkit.service >/dev/null || true
else
# On non-systemd systems, polkitd is started as a traditional D-Bus
# system service and is not managed by a service manager, so this is
# the best we can do
start-stop-daemon --stop --oknodo --quiet --exec /usr/lib/polkit-1/polkitd || true
start-stop-daemon --stop --oknodo --quiet --exec /usr/libexec/polkitd || true
fi
}
case "$1" in
configure)
if ! getent passwd polkitd >/dev/null; then
user_changed=yes
else
user_changed=
fi
# Intentionally not using dh_installsysusers: we need enough control
# over sequencing to reload dbus-daemon after doing this, but before
# restarting polkitd
if command -v systemd-sysusers >/dev/null; then
SYSTEMD_NSS_DYNAMIC_BYPASS=1 systemd-sysusers ${DPKG_ROOT:+--root="$DPKG_ROOT"} polkit.conf
else
adduser --group --system --quiet --gecos 'polkit' \
--no-create-home --home /nonexistent polkitd
addgroup --system --quiet polkitd
fi
if dpkg --compare-versions "$2" lt "122-3~" \
&& [ "$(getent passwd polkitd | cut -d: -f6)" = /var/lib/polkit-1 ]
then
# Make sure polkitd is stopped: usermod refuses to change the
# home directory of a uid that has processes
stop_polkitd
# Don't fail hard if we can't change this, it's non-critical
usermod -d /nonexistent polkitd || true
fi
# polkitd-pkla wants the polkitd user to have polkitd as its
# primary group, but older Debian packages used nogroup
if [ "$(id -g polkitd)" = 65534 ]; then
user_changed=yes
usermod -g polkitd polkitd
fi
set_perms root polkitd 750 /etc/polkit-1/rules.d
set_perms root polkitd 750 /var/lib/polkit-1
set_perms root root 4755 /usr/lib/polkit-1/polkit-agent-helper-1
# Older versions had rules.d owned by polkitd:root - reset that
set_perms root root 755 /usr/share/polkit-1/rules.d
# Older versions had /var/lib/polkit-1 as polkitd's home directory
# and owned by polkitd, allowing it to create an unnecessary .cache
# directory; clean that up on upgrades. This can be removed
# after Debian 13 and Ubuntu 24.04 are released.
rm -fr /var/lib/polkit-1/.cache || true
# If the polkitd user was newly created or newly added to the polkitd
# group, the dbus-daemon might not know about that until reloaded.
# dbus-broker's service has a dbus.service alias, so this will reload
# either dbus-daemon or dbus-broker, whichever is used.
if [ -z "${DPKG_ROOT-}" ] && [ -n "$user_changed" ]; then
invoke-rc.d dbus reload || true
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
# Automatically added by dh_installxmlcatalogs/UNDECLARED
if [ "$1" = "configure" ]; then
update-xmlcatalog --sort --add --type public --id "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" --package polkitd --local /usr/share/xml/polkit-1/catalog.xml
update-xmlcatalog --sort --add --type system --id "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd" --package polkitd --local /usr/share/xml/polkit-1/catalog.xml
update-xmlcatalog --sort --add --type public --id "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" --package polkitd --root
update-xmlcatalog --sort --add --type system --id "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd" --package polkitd --root
fi
# End automatically added section
# Automatically added by dh_installtmpfiles/13.14.1ubuntu5
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -x "$(command -v systemd-tmpfiles)" ]; then
systemd-tmpfiles ${DPKG_ROOT:+--root="$DPKG_ROOT"} --create polkitd.conf || true
fi
fi
# End automatically added section
# Automatically added by dh_installdeb/13.14.1ubuntu5
dpkg-maintscript-helper rm_conffile /etc/pam.d/polkit-1 122-2\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/polkit-1/localauthority.conf.d/50-localauthority.conf 121\+compat0.1-1\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf 121\+compat0.1-1\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf 121\+compat0.1-1\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/polkit-1/rules.d/40-debian-sudo.rules 121\~ polkitd-javascript -- "$@"
dpkg-maintscript-helper rm_conffile /etc/polkit-1/rules.d/40-ubuntu-admin.rules 121\~ polkitd-javascript -- "$@"
dpkg-maintscript-helper rm_conffile /etc/polkit-1/rules.d/50-default.rules 121\~ polkitd-javascript -- "$@"
# End automatically added section
# Automatically added by dh_installsystemd/13.14.1ubuntu5
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -z "${DPKG_ROOT:-}" ] && [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
if [ -n "$2" ]; then
deb-systemd-invoke try-restart 'polkit.service' >/dev/null || true
fi
fi
fi
# End automatically added section
# If dpkg renamed a sysadmin-modified /etc/pam.d/polkit-1 to .dpkg-bak,
# rename it back to the original name so PAM will still load it.
# (Workaround for missing dpkg feature requested in
# https://bugs.debian.org/1006655)
if [ -e /etc/pam.d/polkit-1.dpkg-bak ]; then
echo "Moving /etc/pam.d/polkit-1.dpkg-bak back to /etc/pam.d/polkit-1 ..."
mv /etc/pam.d/polkit-1.dpkg-bak /etc/pam.d/polkit-1
fi
# Clean up old directories after dpkg-maintscript-helper has removed the
# conffiles.
if dpkg --compare-versions "$2" lt "0.109-1"; then
for path in \
/etc/polkit-1/localauthority.conf.d/ \
/etc/polkit-1/nullbackend.conf.d/ \
; do
if [ -d "$path" ] \
&& ! dpkg-query -S "$path" >/dev/null 2>/dev/null
then
rmdir --ignore-fail-on-non-empty "$path"
fi
done
fi
# On non-systemd systems, polkitd is started as a traditional D-Bus
# system service and is not managed by a service manager, so the
# closest thing we can do to a restart operation is to terminate it
# and let dbus-daemon restart it.
if ! [ -d /run/systemd/system ]; then
stop_polkitd
fi
exit 0
# vim:set sw=4 sts=4 et:
|