File: /var/lib/dpkg/info/chrony.postinst
#!/bin/sh
# postinst script for chrony
#
# see: dh_installdeb(1)
set -e
# targets: configure|abort-upgrade|abort-remove|abort-deconfigure
case "$1" in
configure)
if ! getent passwd _chrony > /dev/null 2>&1
then
echo "Creating '_chrony' system user/group for the chronyd daemon…"
adduser --force-badname \
--system \
--group \
--quiet \
--gecos "Chrony daemon" \
--home /var/lib/chrony \
--no-create-home _chrony
fi
# Change the owner of "/var/l{ib,og}/chrony" directories and their
# subfiles to "_chrony" only if the user has not set the "user"
# directive in chrony.conf
if ! grep "^user" /etc/chrony/chrony.conf > /dev/null 2>&1; then
chown _chrony:_chrony /var/lib/chrony
if [ -d /var/log/chrony ]; then
chown _chrony:_chrony /var/log/chrony
fi
fi
# Before version 2.2.1-1, we used to create the chrony.keys file from
# the post-installation script and fed it with a random command password.
# Since that command password isn’t needed anymore, a simple key file
# template has been created which is then copied to its destination by ucf.
# The consequence of this move was a prompt presented to the user on
# upgrade even if the key file has been unmodified; this is a violation
# of Debian policy § 10.7.3! The script below workaround that issue by
# deleting the key file when upgrading from chrony < 2.2.1-1 iff a single
# key if found in the file and that the key ID correspond to the ID
# specified by the commandkey ID found in “chrony.conf” and that the
# original key file has the same modes and owners than the new template
# key file.
# Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820087
if [ -n "$2" ] && dpkg --compare-versions "$2" lt "2.2.1-1"; then
commandkey_id=$(awk '$1 ~ /^commandkey$/ { print $2; exit }' /etc/chrony/chrony.conf)
key_id=$(awk '{ print $1; exit }' /etc/chrony/chrony.keys)
orig_keyfile_perm=$(stat -c "%a%u%g" /etc/chrony/chrony.keys 2> /dev/null)
keyfile_tml_perm=$(stat -c "%a%u%g" /usr/share/chrony/chrony.keys 2> /dev/null)
if [ "$(grep -c "^[0-9]" /etc/chrony/chrony.keys)" -eq 1 ] &&
[ "$commandkey_id" -eq "$key_id" ] 2>/dev/null &&
[ "$orig_keyfile_perm" = "$keyfile_tml_perm" ]; then
rm -f /etc/chrony/chrony.keys
fi
fi
if command -v ucf >/dev/null
then
ucf --three-way /usr/share/chrony/chrony.conf /etc/chrony/chrony.conf
ucf --three-way /usr/share/chrony/chrony.keys /etc/chrony/chrony.keys
if [ -x "$(command -v ucfr)" ]; then
ucfr chrony /etc/chrony/chrony.conf
ucfr chrony /etc/chrony/chrony.keys
fi
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
# Automatically added by dh_apparmor/2.13.2-10
if [ "$1" = "configure" ]; then
APP_PROFILE="/etc/apparmor.d/usr.sbin.chronyd"
if [ -f "$APP_PROFILE" ]; then
# Add the local/ include
LOCAL_APP_PROFILE="/etc/apparmor.d/local/usr.sbin.chronyd"
test -e "$LOCAL_APP_PROFILE" || {
mkdir -p `dirname "$LOCAL_APP_PROFILE"`
install --mode 644 /dev/null "$LOCAL_APP_PROFILE"
}
# Reload the profile, including any abstraction updates
if aa-enabled --quiet 2>/dev/null; then
apparmor_parser -r -T -W "$APP_PROFILE" || true
fi
fi
fi
# End automatically added section
# Automatically added by dh_installdeb/12.1.1
dpkg-maintscript-helper rm_conffile /etc/apm/event.d/01chrony 2.4.1-3\~ chrony -- "$@"
# End automatically added section
# Automatically added by dh_installinit/12.1.1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -x "/etc/init.d/chrony" ]; then
update-rc.d chrony defaults >/dev/null
if [ -n "$2" ]; then
_dh_action=restart
else
_dh_action=start
fi
invoke-rc.d --skip-systemd-native chrony $_dh_action || exit 1
fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/12.1.1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'chrony.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'chrony.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'chrony.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'chrony.service' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/12.1.1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
if [ -n "$2" ]; then
_dh_action=restart
else
_dh_action=start
fi
deb-systemd-invoke $_dh_action 'chrony.service' >/dev/null || true
fi
fi
# End automatically added section
exit 0