-#!/bin/bash
-
+#!/bin/sh
set -e
-######################
-PASSWDFILE=/etc/passwd
-GROUPFILE=/etc/group
+# most of this file makes sense to execute regardless of whether this is any
+# of normal "configure" or error-handling "abort-upgrade", "abort-remove" or
+# "abort-deconfigure"
-frruid=`egrep "^frr:" $PASSWDFILE | awk -F ":" '{ print $3 }'`
-frrgid=`egrep "^frr:" $GROUPFILE | awk -F ":" '{ print $3 }'`
-frrvtygid=`egrep "^frrvty:" $GROUPFILE | awk -F ":" '{ print $3 }'`
+addgroup --system frrvty
+addgroup --system frr
+adduser \
+ --system \
+ --ingroup frr \
+ --home /nonexistent \
+ --gecos "Frr routing suite" \
+ frr
+usermod -a -G frrvty frr
-[ -n ${frruid} ] || (echo "No uid for frr in ${PASSWDFILE}" && /bin/false)
-[ -n ${frrgid} ] || (echo "No gid for frr in ${GROUPFILE}" && /bin/false)
-[ -n ${frrVTYgid} ] || (echo "No gid for frrvty in ${GROUPFILE}" && /bin/false)
+mkdir -p /var/log/frr
+mkdir -p /etc/frr
-chown ${frruid}:${frrgid} /etc/frr
-chown ${frruid}:${frrgid} /etc/frr/*
-touch /etc/frr/vtysh.conf
-chgrp ${frrvtygid} /etc/frr/vtysh*
-chmod 644 /etc/frr/*
-ENVIRONMENTFILE=/etc/environment
-if ! egrep --quiet '^VTYSH_PAGER=' ${ENVIRONMENTFILE}; then
- echo "VTYSH_PAGER=/bin/cat" >> ${ENVIRONMENTFILE}
-fi
-##################################################
+# only change ownership of files when they were previously owned by root or
+# quagga; this is to ensure we don't trample over some custom user setup.
+#
+# if we are on a freshly installed package (or we added new configfiles),
+# the files should be owned by root by default so we should end up with "frr"
+# owned configfiles.
-if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
-${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"}
+quaggauid=`id -u quagga 2>/dev/null || echo 0`
+quaggagid=`id -g quagga 2>/dev/null || echo 0`
-# This is most likely due to the answer "no" to the "really stop the server"
-# question in the prerm script.
-if [ "$1" = "abort-upgrade" ]; then
- exit 0
-fi
+find \
+ /etc/frr \
+ /var/log/frr \
+ \( -uid 0 -o -uid $quaggauid \) -a \
+ \( -gid 0 -o -gid $quaggauid \) | \
+ while read filename; do
-#DEBHELPER#
+ # don't chown anything that has ACLs (but don't fail if we don't
+ # have getfacl)
+ if { getfacl -c "$filename" 2>/dev/null || true; } \
+ | egrep -q -v '^((user|group|other)::|$)'; then
+ :
+ else
+ chown frr: "$filename"
+ chmod o-rwx "$filename"
+ fi
+done
+
+# fix misconfigured vtysh.conf & frr.conf ownership set up by some inofficial
+# ("pre"-Debian) packages
+find /etc/frr -maxdepth 1 \( -name vtysh.conf -o -name frr.conf \) \
+ -group frrvty -exec chgrp frr {} \;
+
+check_old_config() {
+ oldcfg="$1"
+ [ -r "$oldcfg" ] || return 0
+ [ -s "$oldcfg" ] || return 0
+ grep -v '^[[:blank:]]*\(#\|$\)' "$oldcfg" > /dev/null || return 0
+ cat >&2 <<EOF
+Note: deprecated $oldcfg is present. This file is still read by
+the FRR service but its contents should be migrated to /etc/frr/daemons.
+EOF
+}
+
+case "$1" in
+configure)
+ check_old_config /etc/frr/daemons.conf
+ check_old_config /etc/default/frr
+ ;;
+esac
+
+#DEBHELPER#
-#!/bin/bash
-
+#!/bin/sh
set -e
-if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
-${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"}
-# set -u not because of debhelper
-
if [ "$1" = "purge" ]; then
- rm -rf /etc/frr /var/run/frr /var/log/frr
- userdel frr >/dev/null 2>&1 || true
+ rm -rf /run/frr || true
+
+ # "purge" does not remove logfiles. therefore we shouldn't delete
+ # the "frr" user/group since that would leave files with "dangling"
+ # ownership.
fi
#DEBHELPER#
#!/bin/bash
-
-if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
-${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"}
set -e
-set -u
-
-# creating frrvty group if it isn't already there
-if ! getent group frrvty >/dev/null; then
- addgroup --system frrvty >/dev/null
-fi
-
-# creating frr group if it isn't already there
-if ! getent group frr >/dev/null; then
- addgroup --system frr >/dev/null
-fi
-
-# creating frr user if he isn't already there
-if ! getent passwd frr >/dev/null; then
- adduser \
- --system \
- --ingroup frr \
- --home /nonexistent \
- --gecos "Frr routing suite" \
- --shell /bin/false \
- frr >/dev/null
-fi
-
-# We may be installing over an older version of
-# frr and as such we need to intelligently
-# check to see if the frr user is in the frrvty
-# group.
-if ! id frr | grep &>/dev/null 'frrvty'; then
- usermod -a -G frrvty frr >/dev/null
-fi
-
-# Do not change permissions when upgrading as it would violate policy.
-if [ "$1" = "install" ]; then
- # Logfiles are group readable in case users were put into the frr group.
- d=/var/log/frr/
- mkdir -p $d
- chown frr:frr $d
- chown --quiet frr:frr $d/* | true
- chmod u=rwx,go=rx $d
- find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o=
-
- # Strict permissions for the sockets.
- d=/var/run/frr/
- mkdir -p $d
- chown frr:frr $d
- chown --quiet frr:frr $d/* | true
- chmod u=rwx,go=rx $d
- find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,go=
-
- # Config files. Vtysh does not have access to the individual daemons config file
- d=/etc/frr/
- mkdir -p $d
- chown frr:frrvty $d
- chmod ug=rwx,o=rx $d
- find $d -type f -print0 | xargs -0 --no-run-if-empty chown frr:frr
- find $d -type f -print0 | xargs -0 --no-run-if-empty chmod u=rw,g=r,o=
-
- # Exceptions for vtysh.
- f=$d/vtysh.conf
- if [ -f $f ]; then
- chown frr:frrvty $f
- chmod u=rw,g=r,o= $f
- fi
-
- # Exceptions for vtysh.
- f=$d/frr.conf
- if [ -f $d/Zebra.conf ]; then
- mv $d/Zebra.conf $f
- fi
- if [ -f $f ]; then
- chown frr:frrvty $f
- chmod u=rw,g=r,o= $f
- fi
-fi
+# bash is required since /etc/frr/daemons.conf used a bash array in some
+# previous versions.
+
+case "$1" in
+install|upgrade)
+ (
+ test -f /etc/frr/daemons && . /etc/frr/daemons
+ test -f /etc/frr/daemons.conf && . /etc/frr/daemons.conf
+ test -f /etc/default/frr && . /etc/default/frr
+
+ if [ "$watchfrr_enable" = no -o \
+ "$watchfrr_enable" = "0" ]; then
+ echo >&2 <<EOF
+ERROR: Pre-existing frr configuration file disables watchfrr.
+
+This configuration is deprecated upstream and not supported by the Debian
+FRR package. Refusing to $1 in order to not break running setups.
+Please change your setup to use watchfrr and remove the "watchfrr_enable"
+option from /etc/frr/daemons, /etc/frr/daemons.conf and/or /etc/default/frr.
+EOF
+ exit 1
+ fi
+ )
+ ;;
+abort-upgrade)
+ # shouldn't fail an upgrade abort
+ ;;
+esac
#DEBHELPER#
+++ /dev/null
-#!/bin/bash
-
-if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
-${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*"}
-set -e
-
-# prerm remove
-# old-prerm upgrade new-version
-# new-prerm failed-upgrade old-version
-# conflictor's-prerm remove in-favour package new-version
-# deconfigured's-prerm deconfigure in-favour package-being-installed version removing conflicting-package
-case $1 in
- remove|upgrade)
- ;;
-
- failed-upgrade)
- # If frr/really_stop was negated then this script exits with return
- # code 1 and is called again with "failed-upgrade". Well, exit again.
- exit 1
- ;;
-
-esac
-
-#DEBHELPER#
projects / mirror / frr.git / commitdiff