D7net Mini Sh3LL v1
OFF | cURL : OFF | WGET : ON | Perl : ON | Python : OFF
Directory (0755) : /var/www/../lib/dpkg/info/ |
|
| Current File : /var/www/../lib/dpkg/info/ubuntu-advantage-tools.postinst |
#!/bin/sh
set -e
. /etc/os-release # For VERSION_ID
# Since UBUNTU_CODENAME isn't on trusty set it set a default if unknown
if [ "" = "${UBUNTU_CODENAME}" ]; then
case "$VERSION_ID" in
14.04) UBUNTU_CODENAME="trusty";;
*) UBUNTU_CODENAME="NO-UBUNTU_CODENAME-$VERSION_ID";;
esac
fi
# Needed even if this script doesn't call debconf, see:
# https://lintian.debian.org/tags/postinst-does-not-load-confmodule.html
. /usr/share/debconf/confmodule
APT_TRUSTED_KEY_DIR="/etc/apt/trusted.gpg.d"
UA_KEYRING_DIR="/usr/share/keyrings/"
ESM_INFRA_KEY_TRUSTY="ubuntu-advantage-esm-infra-trusty.gpg"
ESM_APPS_KEY="ubuntu-advantage-esm-apps.gpg"
APT_SRC_DIR="/etc/apt/sources.list.d"
APT_PREFERENCES_DIR="/etc/apt/preferences.d"
ESM_APT_SOURCE_FILE_PRECISE="$APT_SRC_DIR/ubuntu-esm-precise.list"
ESM_APT_SOURCE_FILE_TRUSTY="$APT_SRC_DIR/ubuntu-esm-trusty.list"
ESM_INFRA_OLD_APT_SOURCE_FILE_TRUSTY="$APT_SRC_DIR/ubuntu-esm-infra-trusty.list"
ESM_INFRA_APT_SOURCE_FILE="$APT_SRC_DIR/ubuntu-esm-infra.list"
ESM_APPS_APT_SOURCE_FILE="$APT_SRC_DIR/ubuntu-esm-apps.list"
FIPS_APT_SOURCE_FILE="$APT_SRC_DIR/ubuntu-fips.list"
OLD_CLIENT_FIPS_PPA="private-ppa.launchpad.net/ubuntu-advantage/fips/ubuntu"
UA_TIMER_NAME="ua-timer.timer"
OLD_MESSAGING_TIMER="ua-messaging.timer"
OLD_MESSAGING_TIMER_MASKED_LOCATION="/etc/systemd/system/timers.target.wants/$OLD_MESSAGING_TIMER"
ESM_APT_PREF_FILE_TRUSTY="$APT_PREFERENCES_DIR/ubuntu-esm-trusty"
ESM_INFRA_OLD_APT_PREF_FILE_TRUSTY="$APT_PREFERENCES_DIR/ubuntu-esm-infra-trusty"
ESM_INFRA_APT_PREF_FILE="$APT_PREFERENCES_DIR/ubuntu-esm-infra"
ESM_APPS_APT_PREF_FILE="$APT_PREFERENCES_DIR/ubuntu-esm-apps"
MYARCH="$(dpkg --print-architecture)"
ESM_SUPPORTED_ARCHS="i386 amd64"
SYSTEMD_WANTS_AUTO_ATTACH_LINK="/etc/systemd/system/multi-user.target.wants/ua-auto-attach.service"
SYSTEMD_HELPER_ENABLED_AUTO_ATTACH_DSH="/var/lib/systemd/deb-systemd-helper-enabled/ua-auto-attach.service.dsh-also"
SYSTEMD_HELPER_ENABLED_WANTS_LINK="/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/ua-auto-attach.service"
REBOOT_CMD_MARKER_FILE="/var/lib/ubuntu-advantage/marker-reboot-cmds-required"
LICENSE_CHECK_MARKER_FILE="/var/lib/ubuntu-advantage/marker-license-check"
MACHINE_TOKEN_FILE="/var/lib/ubuntu-advantage/private/machine-token.json"
# Rename apt config files for ua services removing ubuntu release names
redact_ubuntu_release_from_ua_apt_filenames() {
DIR=$1
UA_SERVICES=$(/usr/bin/python3 -c "
from uaclient.entitlements import valid_services
print(*valid_services(allow_beta=True, all_names=True), sep=' ')
")
for file in "$DIR"/*; do
release_name=""
case "$file" in
*-trusty*)
release_name=trusty;;
*-xenial*)
release_name=xenial;;
*-bionic*)
release_name=bionic;;
*-focal*)
release_name=focal;;
*-groovy*)
release_name=groovy;;
*) release_name="";;
esac
if [ "$release_name" ]; then
# We have a ubuntu release name in the apt config.
# Remove $release_name from original $file.
new_file=${file%-${release_name}*}${file#*${release_name}}
for service in ${UA_SERVICES}; do
if [ "${file#*$service}" != "$file" ]; then
# Valid apt cfg file for an ubuntu-advantage service
mv "$file" "$new_file"
fi
done
fi
done
}
# Ubuntu LTS release all support-esm
check_is_lts() {
release_name=$1
ubuntu-distro-info --supported-esm | grep -q "${release_name}"
}
# Check whether this series is under active ESM
check_is_active_esm() {
release_name=$1
# Trusty doesn't support --series param
if [ "${release_name}" = "trusty" ]; then
return 0
else
_DAYS_UNTIL_ESM=$(ubuntu-distro-info --series "${release_name}" -yeol)
if [ "${_DAYS_UNTIL_ESM}" -lt "1" ]; then
return 0
fi
fi
return 1
}
# Check whether a given service is beta
check_service_is_beta() {
service_name=$1
_IS_BETA_SVC=$(/usr/bin/python3 -c "
from uaclient.config import UAConfig
from uaclient.entitlements import entitlement_factory
try:
ent_cls = entitlement_factory('${service_name}')
cfg = UAConfig()
allow_beta = cfg.features.get('allow_beta', False)
print(all([ent_cls.is_beta, not allow_beta]))
except Exception:
print(True)
")
if [ "${_IS_BETA_SVC}" = "True" ]; then
return 0
else
return 1
fi
}
# Check cached service status from status.json and return 0 if enabled else 1
check_service_is_enabled() {
service_name=$1
_RET=$(/usr/bin/python3 -c "
import os
import json
from uaclient.config import UAConfig
cfg = UAConfig()
status = cfg.read_cache('status-cache')
if status:
for service in status.get('services', []):
if service.get('name', '') == '${service_name}':
print(service.get('status', ''))
")
if [ "${_RET}" = "enabled" ]; then
return 0
else
return 1
fi
}
unconfigure_esm() {
if ! check_service_is_enabled esm-infra; then
rm -f "$APT_TRUSTED_KEY_DIR/ubuntu-esm*gpg" # Remove previous esm keys
rm -f "$APT_TRUSTED_KEY_DIR/$ESM_INFRA_KEY_TRUSTY"
rm -f "$ESM_INFRA_APT_SOURCE_FILE"
rm -f "$ESM_INFRA_OLD_APT_SOURCE_FILE_TRUSTY"
rm -f "$ESM_APT_PREF_FILE_TRUSTY" "$ESM_INFRA_OLD_APT_PREF_FILE_TRUSTY"
rm -f "$ESM_INFRA_APT_PREF_FILE"
fi
if ! check_service_is_enabled esm-apps; then
rm -f "$APT_TRUSTED_KEY_DIR/$ESM_APPS_KEY"
rm -f "$ESM_APPS_APT_SOURCE_FILE"
rm -f "$ESM_APPS_APT_PREF_FILE"
fi
}
# Add visibility to a disabled ESM APT source by installing a GPG key and
# preferences file to Pin never so packages won't get installed by apt update.
install_esm_apt_key_and_source() {
service=$1 release=$2
apt_suite="${release}-${service}";
case "${service}" in
apps)
apt_origin="UbuntuESMApps"
apt_pref_file=${ESM_APPS_APT_PREF_FILE};
apt_source_file=${ESM_APPS_APT_SOURCE_FILE};
apt_key=${ESM_APPS_KEY};
;;
infra)
apt_origin="UbuntuESM"
apt_pref_file=${ESM_INFRA_APT_PREF_FILE};
apt_source_file=${ESM_INFRA_APT_SOURCE_FILE};
apt_key=${ESM_INFRA_KEY_TRUSTY};
;;
esac
# GPG key setup to avoid apt gpg key warnings
if [ ! -f "$APT_TRUSTED_KEY_DIR/$apt_key" ]; then
cp $UA_KEYRING_DIR/$apt_key $APT_TRUSTED_KEY_DIR
fi
# Migrate trusty legacy source list and preference file names
if [ "14.04" = "$VERSION_ID" ]; then
if [ -e "$ESM_APT_SOURCE_FILE_TRUSTY" ]; then
mv $ESM_APT_SOURCE_FILE_TRUSTY $ESM_INFRA_APT_SOURCE_FILE
fi
if [ -e "$ESM_APT_PREF_FILE_TRUSTY" ]; then
mv "$ESM_APT_PREF_FILE_TRUSTY" "$ESM_INFRA_APT_PREF_FILE"
fi
fi
# If preference file doesn't already exist, we aren't attached.
# Setup unauthenticated apt source list file and never-pin preference
if [ ! -e "${apt_source_file}" ]; then
# Unconfigured repo, so set it up as never-pinned
cat > ${apt_source_file} <<EOF
# Written by ubuntu-advantage-tools
deb https://esm.ubuntu.com/${service}/ubuntu ${apt_suite}-security main
# deb-src https://esm.ubuntu.com/${service}/ubuntu ${apt_suite}-security main
deb https://esm.ubuntu.com/${service}/ubuntu ${apt_suite}-updates main
# deb-src https://esm.ubuntu.com/${service}/ubuntu ${apt_suite}-updates main
EOF
# Automatically disable esm sources via apt preferences until enabled
cat > "${apt_pref_file}" <<EOF
# Written by ubuntu-advantage-tools
Package: *
Pin: release o=${apt_origin}, n=${release}
Pin-Priority: never
EOF
fi
}
configure_esm() {
rm -f $APT_TRUSTED_KEY_DIR/ubuntu-esm*gpg # Remove legacy esm keys
if check_is_active_esm "${UBUNTU_CODENAME}"; then
install_esm_apt_key_and_source "infra" "$UBUNTU_CODENAME"
fi
if ! check_service_is_beta esm-apps; then
if [ "${UBUNTU_CODENAME}" != "trusty" ]; then
install_esm_apt_key_and_source "apps" "$UBUNTU_CODENAME"
fi
fi
}
# If held fips packages exist, we are on a FIPS PRO machine with FIPS enabled
mark_reboot_for_fips_pro() {
FIPS_HOLDS=$(apt-mark showholds | grep -E 'fips|libssl1|openssh-client|openssh-server|linux-fips|openssl|strongswan' || exit 0)
if [ "$FIPS_HOLDS" ]; then
mark_reboot_cmds_as_needed FIPS_REBOOT_REQUIRED_MSG
fi
}
add_notice() {
module=$1
msg_name=$2
/usr/bin/python3 -c "
from uaclient.config import UAConfig
from uaclient.${module} import ${msg_name}
cfg = UAConfig()
cfg.add_notice(label='', description=${msg_name})
"
}
mark_reboot_cmds_as_needed() {
msg_name=$1
if [ ! -f "$REBOOT_CMD_MARKER_FILE" ]; then
touch $REBOOT_CMD_MARKER_FILE
fi
add_notice messages "$msg_name"
}
patch_status_json_0_1_for_non_root() {
# UA client 27.2 broke status.json schema backward-compatibility for
# non-root users. Apply a patch to allow non-root user to run `ua status`
# without Tracebacks
if dpkg --compare-versions "$PREVIOUS_PKG_VER" gt-nl "27.2"; then
return
fi
if [ ! -e "/var/lib/ubuntu-advantage/status.json" ]; then
return
fi
/usr/lib/ubuntu-advantage/patch_status_json.py || true
}
notify_wrong_fips_metapackage_on_cloud() {
# On xenial, we don't have FIPS optimized kernels on the clouds.
# Because of that, we block enabling FIPS on xenial clouds. However,
# we do have a config override that allows users to install the generic
# FIPS packages into the cloud instance. We don't want to notify those users
if [ "$VERSION_ID" = "16.04" ]; then
return
fi
fips_metapkg="ubuntu-fips"
cloud_id=$(cloud-id 2>/dev/null) || cloud_id=""
# If the package is not installed, we don't want the postinst script to fail
fips_installed=$(dpkg-query -W --showformat='${db:Status-Status}\n' $fips_metapkg 2>/dev/null || true)
if echo "$cloud_id" | grep -E -q "^(azure|aws)"; then
if echo "$fips_installed" | grep -E -q "installed"; then
add_notice status NOTICE_WRONG_FIPS_METAPACKAGE_ON_CLOUD
fi
fi
}
enable_periodic_license_check() {
cloud_id=$(cloud-id 2>/dev/null) || cloud_id=""
if echo "$cloud_id" | grep -q "^gce"; then
if check_is_lts "${UBUNTU_CODENAME}"; then
if [ ! -f $MACHINE_TOKEN_FILE ]; then
touch $LICENSE_CHECK_MARKER_FILE
fi
fi
fi
}
disable_new_timer_if_old_timer_already_disabled() {
# If the user has disabled the ua-messaging
# then we will assume that the user would want the
# ua-timer to be disabled as well. In that case, we will
# disable the ua-timer here.
PREVIOUS_PKG_VER=$1
# We should only perform this check on UA version that have the
# ua-messaging.timer: 27.0 until 27.2. This will also guarantee
# that on 27.3 and forward, we will not run this logic.
if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.0~" \
|| dpkg --compare-versions "$PREVIOUS_PKG_VER" ge "27.3~"; then
return
fi
if ! deb-systemd-helper --quiet was-enabled $OLD_MESSAGING_TIMER; then
# We have the following entry on our rules file:
# dh_systemd_enable -pubuntu-advantage-tools ua-timer.timer
# This rule will append some code at the end of the postinst script
# that checks if the ua-timer.timer was already enabled on the system.
# This means that if we manually disable the service here, that logic will
# still enable it in the end of the postinst script.
# Because of this logic we are now manually enabling ua-timer.timer here
# and then we manually disable it. This will guarantee that the was-enabled
# logic introduced by the rules file will not be triggered and we will not
# re-enable the ua-timer.timer service after calling this function.
echo "$OLD_MESSAGING_TIMER was disabled. Disabling $UA_TIMER_NAME." >&2
deb-systemd-helper enable $UA_TIMER_NAME > /dev/null 2>&1 || true
deb-systemd-helper disable $UA_TIMER_NAME > /dev/null 2>&1 || true
fi
}
remove_old_systemd_timers() {
# These are the commands that are run when the package is purged.
# Since we actually want to remove this service from now on
# we have replicated that behavior here
if [ -L $OLD_MESSAGING_TIMER_MASKED_LOCATION ]; then
if [ -x "/usr/bin/deb-systemd-helper" ]; then
deb-systemd-helper purge ua-messaging.timer > /dev/null || true
deb-systemd-helper unmask ua-messaging.timer > /dev/null || true
fi
fi
}
case "$1" in
configure)
PREVIOUS_PKG_VER=$2
# Special case: legacy precise creds allowed for trusty esm
# do-release-upgrade substitutes s/precise/trusty/ in all apt sources.
# So all we need to do is rename the precise sources file to trusty.
# https://github.com/CanonicalLtd/ubuntu-advantage-client/issues/693
if [ -e "$ESM_APT_SOURCE_FILE_PRECISE" ]; then
mv $ESM_APT_SOURCE_FILE_PRECISE \
$ESM_INFRA_APT_SOURCE_FILE
fi
# We changed the way we store public files in 19.5
if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt-nl "19.5~"; then
# Remove all publicly-readable files
find /var/lib/ubuntu-advantage/ -maxdepth 1 -type f -delete
fi
# Are we upgrading from a previously release Ubuntu Advantage Pro pkg?
# We broke package compatibility in 20.2 for any image with 19.7
if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt-nl "20.2~"; then
if dpkg --compare-versions "$PREVIOUS_PKG_VER" ge-nl "19.7~"; then
# Drop stale symlinks for migrated auto-attach-service
rm -f $SYSTEMD_WANTS_AUTO_ATTACH_LINK
rm -f $SYSTEMD_HELPER_ENABLED_AUTO_ATTACH_DSH
rm -f $SYSTEMD_HELPER_ENABLED_WANTS_LINK
fi
fi
patch_status_json_0_1_for_non_root
# UA service PPAs support all ubuntu releases, no need to
# specialize apt config filenames per ubuntu release.
redact_ubuntu_release_from_ua_apt_filenames $APT_SRC_DIR
redact_ubuntu_release_from_ua_apt_filenames $APT_PREFERENCES_DIR
# Repo for FIPS packages changed from old client
if [ -f $FIPS_APT_SOURCE_FILE ]; then
if grep -q $OLD_CLIENT_FIPS_PPA $FIPS_APT_SOURCE_FILE; then
add_notice messages FIPS_INSTALL_OUT_OF_DATE
fi
fi
notify_wrong_fips_metapackage_on_cloud
# CACHE_DIR is no longer present or used since 19.1
rm -rf /var/cache/ubuntu-advantage-tools
# machine-access cache files no longer present or used since 20.1
rm -f /var/lib/ubuntu-advantage/private/machine-access-*.json
if check_is_lts "${UBUNTU_CODENAME}"; then
if echo "$ESM_SUPPORTED_ARCHS" | grep -qw "$MYARCH"; then
configure_esm
else
# ESM supported release but unsupported arch
unconfigure_esm
fi
fi
# log files need to be world-readable
if [ ! -f /var/log/ubuntu-advantage.log ]; then
touch /var/log/ubuntu-advantage.log
# We are only making new log files world readable
chmod 0644 /var/log/ubuntu-advantage.log
fi
chown root:root /var/log/ubuntu-advantage.log
private_dir="/var/lib/ubuntu-advantage/private"
if [ -d "$private_dir" ]; then
chmod 0700 "$private_dir"
fi
if [ "$VERSION_ID" = "16.04" ]; then
if echo "$PREVIOUS_PKG_VER" | grep -q "14.04"; then
mark_reboot_cmds_as_needed LIVEPATCH_LTS_REBOOT_REQUIRED
fi
fi
mark_reboot_for_fips_pro
enable_periodic_license_check
disable_new_timer_if_old_timer_already_disabled $PREVIOUS_PKG_VER
remove_old_systemd_timers
;;
esac
# Automatically added by dh_python3:
if which py3compile >/dev/null 2>&1; then
py3compile -p ubuntu-advantage-tools
fi
if which pypy3compile >/dev/null 2>&1; then
pypy3compile -p ubuntu-advantage-tools || true
fi
# End automatically added section
# Automatically added by dh_systemd_enable/12.10ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'ua-reboot-cmds.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'ua-reboot-cmds.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'ua-reboot-cmds.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'ua-reboot-cmds.service' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_systemd_enable/12.10ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'ua-timer.timer' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'ua-timer.timer'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'ua-timer.timer' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'ua-timer.timer' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_systemd_enable/12.10ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'ua-license-check.path' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'ua-license-check.path'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'ua-license-check.path' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'ua-license-check.path' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_systemd_start/12.10ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
deb-systemd-invoke start 'ua-timer.timer' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_systemd_start/12.10ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
deb-systemd-invoke start 'ua-license-check.path' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_installdeb/12.10ubuntu1
dpkg-maintscript-helper rm_conffile /etc/update-motd.d/99-esm 19.1~ ubuntu-advantage-tools -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/12.10ubuntu1
dpkg-maintscript-helper rm_conffile /etc/update-motd.d/80-esm 19.1~ ubuntu-advantage-tools -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/12.10ubuntu1
dpkg-maintscript-helper rm_conffile /etc/update-motd.d/80-livepatch 19.1~ ubuntu-advantage-tools -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/12.10ubuntu1
dpkg-maintscript-helper rm_conffile /etc/cron.daily/ubuntu-advantage-tools 19.1~ ubuntu-advantage-tools -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/12.10ubuntu1
dpkg-maintscript-helper rm_conffile /etc/init/ua-auto-attach.conf 20.2~ ubuntu-advantage-tools -- "$@"
# End automatically added section
exit 0
AnonSec - 2021 | Recode By D7net