postinst is in freeradius 2.1.12+dfsg-1.2.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 | #! /bin/sh
set -e
update_fs_from_statoverride() {
# I wish a simple dpkg-statoverride --update $file just did
# the right thing, but it doesn't, so we have to do it manually.
type=$1
user=$2
group=$3
mode=$4
file=$5
if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
chgrp $group $file
chmod $mode $file
fi
fi
}
handle_config_files() {
runmode=$1
for file in /etc/freeradius/preproxy_users \
/etc/freeradius/policy.conf \
/etc/freeradius/eap.conf \
/etc/freeradius/experimental.conf \
/etc/freeradius/huntgroups \
/etc/freeradius/proxy.conf \
/etc/freeradius/attrs.pre-proxy \
/etc/freeradius/hints \
/etc/freeradius/sql.conf \
/etc/freeradius/ldap.attrmap \
/etc/freeradius/attrs \
/etc/freeradius/policy.txt \
/etc/freeradius/attrs.accounting_response \
/etc/freeradius/attrs.access_reject \
/etc/freeradius/attrs.access_challenge \
/etc/freeradius/clients.conf \
/etc/freeradius/acct_users
do
set +e
so=$(dpkg-statoverride --list $file)
ret=$?
set -e
case "$runmode" in
initial)
if [ $ret != 0 ]; then
dpkg-statoverride --add --update root freerad 0640 $file
fi
;;
upgrade)
update_fs_from_statoverride f $so
;;
esac
done
for dir in /etc/freeradius/certs \
/etc/freeradius/sites-available \
/etc/freeradius/sites-enabled
do
set +e
so=$(dpkg-statoverride --list $dir)
ret=$?
set -e
case "$runmode" in
initial)
if [ $ret != 0 ]; then
dpkg-statoverride --add --update freerad freerad 2751 $dir
fi
;;
upgrade)
update_fs_from_statoverride d $so
;;
esac
done
}
case "$1" in
configure)
if [ -z "$2" ]; then
# Changed in 1.1.5-1 for new installs (we used to start at S50
# and stop at K50) We now start at S50 and stop at K19 so we
# start after services which may be used and stop before them.
update-rc.d freeradius start 50 2 3 4 5 . stop 19 0 1 6 . >/dev/null
# Set up initial permissions on all the freeradius directories
if ! dpkg-statoverride --list /var/run/freeradius >/dev/null; then
dpkg-statoverride --add --update freerad freerad 0755 /var/run/freeradius
fi
if ! dpkg-statoverride --list /var/log/freeradius >/dev/null; then
dpkg-statoverride --add --update freerad freerad 0750 /var/log/freeradius
fi
for file in radius.log radwtmp; do
[ ! -f "/var/log/freeradius/${file}" ] && install -o freerad -g freerad -m 644 /dev/null /var/log/freeradius/${file}
done
handle_config_files initial
action="start"
else
handle_config_files upgrade
action="restart"
fi
# Create links for default sites, but only if this is an initial
# install or an upgrade from before there were links; users may
# want to remove them...
if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.0.4+dfsg-4; then
for site in default inner-tunnel; do
if [ ! -e /etc/freeradius/sites-enabled/$site ]; then
ln -s ../sites-available/$site /etc/freeradius/sites-enabled/$site
fi
done
fi
# Create stub SSL certificate file that became necessary in 2.1.8,
# with analogous disclaimers, because the admin may yet choose to
# switch to /usr/share/doc/freeradius/examples/certs/ stuff.
if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.1.8+dfsg-1; then
if egrep -q '^[ ]*\$INCLUDE eap.conf' /etc/freeradius/radiusd.conf && \
egrep -q '^[ ]*certdir = \${confdir}/certs' /etc/freeradius/eap.conf && \
egrep -q '^[ ]*cadir = \${confdir}/certs' /etc/freeradius/eap.conf
then
echo "Updating default SSL certificate settings, if any..." >&2
test -d /etc/freeradius/certs || mkdir /etc/freeradius/certs
if test ! -e /etc/ssl/certs/ssl-cert-snakeoil.pem || \
test ! -e /etc/ssl/private/ssl-cert-snakeoil.key
then
make-ssl-cert generate-default-snakeoil
fi
if egrep -q '^[ ]*certificate_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
test ! -f /etc/freeradius/certs/server.pem
then
serverpem=wasnotthere
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/freeradius/certs/server.pem
fi
if ( egrep -q '^[ ]*private_key_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
[ "$serverpem" = "wasnotthere" ] ) \
|| \
( egrep -q '^[ ]*private_key_file = \${certdir}/server.key' /etc/freeradius/eap.conf && \
test ! -f /etc/freeradius/certs/server.key )
then
ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/freeradius/certs/server.key
sed -i -e 's,^\([ ]*private_key_file = \${certdir}\)/server.pem$,\1/server.key,' /etc/freeradius/eap.conf
if getent group ssl-cert >/dev/null; then
# freeradius-common dependency also provides us with adduser
adduser --quiet freerad ssl-cert
fi
fi
if egrep -q '^[ ]*CA_file = \${cadir}/ca.pem' /etc/freeradius/eap.conf && \
test ! -f /etc/freeradius/certs/ca.pem
then
ln -s /etc/ssl/certs/ca-certificates.crt /etc/freeradius/certs/ca.pem
fi
if egrep -q '^[ ]*random_file = \${certdir}/random' /etc/freeradius/eap.conf && \
test ! -f /etc/freeradius/certs/random
then
sed -i -e 's,^\([ ]*random_file = \)\${certdir}/random$,\1/dev/urandom,' /etc/freeradius/eap.conf
fi
if egrep -q '^[ ]*dh_file = \${certdir}/dh' /etc/freeradius/eap.conf && \
test ! -f /etc/freeradius/certs/dh
then
# ssl-cert dependency also provides us with openssl
openssl dhparam -out /etc/freeradius/certs/dh 1024
fi
fi
fi
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d freeradius $action || true
else
/etc/init.d/freeradius $action
fi
;;
abort-upgrade)
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d freeradius restart || true
else
/etc/init.d/freeradius restart
fi
;;
abort-remove)
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d freeradius start || true
else
/etc/init.d/freeradius start
fi
;;
abort-deconfigure)
;;
esac
exit 0
|