]> git.saurik.com Git - apt.git/blob - debian/apt.postinst
ensure world-readability for trusted.gpg in postinst
[apt.git] / debian / apt.postinst
1 #! /bin/sh
2
3 set -e
4
5 # summary of how this script can be called:
6 # * <postinst> `configure' <most-recently-configured-version>
7 # * <old-postinst> `abort-upgrade' <new version>
8 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
9 # <new-version>
10 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
11 # <failed-install-package> <version> `removing'
12 # <conflicting-package> <version>
13 # for details, see http://www.debian.org/doc/debian-policy/ or
14 # the debian-policy package
15
16 case "$1" in
17 configure)
18 if dpkg --compare-versions "$2" lt 1.1~exp4; then
19 # apt-key before 0.9.10 could leave empty keyrings around
20 find /etc/apt/trusted.gpg.d/ -name '*.gpg' | while read keyring; do
21 if ! test -s "$keyring"; then
22 rm -f "$keyring"
23 fi
24 done
25 # apt-key before 0.9.8.2 could create 0600 trusted.gpg file
26 if test -e /etc/apt/trusted.gpg ; then
27 chmod -f 0644 /etc/apt/trusted.gpg || true
28 fi
29 fi
30
31 if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then
32 # we are using tmpfiles for both
33 rm -f /etc/apt/trustdb.gpg
34 # this removal was done unconditional since 0.8.15.3
35 SECRING='/etc/apt/secring.gpg'
36 # test if secring is an empty normal file
37 if test -f $SECRING -a ! -s $SECRING; then
38 rm -f $SECRING
39 fi
40 fi
41
42 # add unprivileged user for the apt methods
43 adduser --force-badname --system -home /var/empty \
44 --no-create-home --quiet _apt || true
45 chown -R _apt:root \
46 /var/lib/apt/lists \
47 /var/cache/apt/archives
48
49 # ensure tighter permissons on the logs, see LP: #975199
50 if dpkg --compare-versions "$2" lt-nl 0.9.7.7; then
51 # ensure permissions are right
52 chmod -f 0640 /var/log/apt/term.log* || true
53 fi
54
55 # create kernel autoremoval blacklist on update
56 if dpkg --compare-versions "$2" lt 0.9.9.3; then
57 /etc/kernel/postinst.d/apt-auto-removal
58 fi
59 ;;
60
61 abort-upgrade|abort-remove|abort-deconfigure)
62
63 ;;
64
65 *)
66 echo "postinst called with unknown argument \`$1'" >&2
67 exit 1
68 ;;
69 esac
70
71 # dh_installdeb will replace this with shell code automatically
72 # generated by other debhelper scripts.
73
74 #DEBHELPER#
75
76 exit 0
77
78