]> git.saurik.com Git - apt.git/blame - debian/apt.postinst
debian/rules: add hardening=+all
[apt.git] / debian / apt.postinst
CommitLineData
b3d44315
MV
1#! /bin/sh
2
3set -e
4
5# summary of how this script can be called:
6# * <postinst> `configure' <most-recently-configured-version>
7# * <old-postinst> `abort-upgrade' <new version>
8# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
9# <new-version>
10# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
11# <failed-install-package> <version> `removing'
12# <conflicting-package> <version>
13# for details, see http://www.debian.org/doc/debian-policy/ or
14# the debian-policy package
15
16case "$1" in
17 configure)
dacb75c6 18 if dpkg --compare-versions "$2" lt 1.1~exp4; then
1d240b5a
DK
19 # apt-key before 0.9.10 could leave empty keyrings around
20 find /etc/apt/trusted.gpg.d/ -name '*.gpg' | while read keyring; do
21 if ! test -s "$keyring"; then
22 rm -f "$keyring"
23 fi
24 done
25 fi
26
f9e64e7b
DK
27 if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then
28 # we are using tmpfiles for both
29 rm -f /etc/apt/trustdb.gpg
30 # this removal was done unconditional since 0.8.15.3
31 SECRING='/etc/apt/secring.gpg'
32 # test if secring is an empty normal file
33 if test -f $SECRING -a ! -s $SECRING; then
34 rm -f $SECRING
35 fi
285feb3c 36 fi
fb3ecf16 37
3927c6da 38 # add unprivileged user for the apt methods
b9823220
MV
39 adduser --force-badname --system -home /var/empty \
40 --no-create-home --quiet _apt || true
eed65c79 41 chown -R _apt:root \
3927c6da
MV
42 /var/lib/apt/lists \
43 /var/cache/apt/archives
44
fb3ecf16
MV
45 # ensure tighter permissons on the logs, see LP: #975199
46 if dpkg --compare-versions "$2" lt-nl 0.9.7.7; then
47 # ensure permissions are right
48 chmod -f 0640 /var/log/apt/term.log* || true
49 fi
50
d3213963 51 # create kernel autoremoval blacklist on update
5361a618 52 if dpkg --compare-versions "$2" lt 0.9.9.3; then
d3213963
MV
53 /etc/kernel/postinst.d/apt-auto-removal
54 fi
b3d44315
MV
55 ;;
56
57 abort-upgrade|abort-remove|abort-deconfigure)
58
59 ;;
60
61 *)
62 echo "postinst called with unknown argument \`$1'" >&2
63 exit 1
64 ;;
65esac
66
67# dh_installdeb will replace this with shell code automatically
68# generated by other debhelper scripts.
69
70#DEBHELPER#
71
72exit 0
73
74