X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/0620365915671c718ae2cc181c161a254cbae67e..a2d40703e4a5590a689ace4466f92e590434944d:/debian/apt.postinst?ds=inline diff --git a/debian/apt.postinst b/debian/apt.postinst old mode 100644 new mode 100755 index bd814e1af..5820db587 --- a/debian/apt.postinst +++ b/debian/apt.postinst @@ -15,12 +15,36 @@ set -e case "$1" in configure) - SECRING='/etc/apt/secring.gpg' - # test if secring is an empty normal file - if test -f $SECRING -a ! -s $SECRING; then - rm -f $SECRING + if dpkg --compare-versions "$2" lt 1.1~exp4; then + # apt-key before 0.9.10 could leave empty keyrings around + find /etc/apt/trusted.gpg.d/ -name '*.gpg' | while read keyring; do + if ! test -s "$keyring"; then + rm -f "$keyring" + fi + done + # apt-key before 0.9.8.2 could create 0600 trusted.gpg file + if test -e /etc/apt/trusted.gpg ; then + chmod -f 0644 /etc/apt/trusted.gpg || true + fi fi - apt-key update + + if dpkg --compare-versions "$2" lt-nl 0.9.9.5; then + # we are using tmpfiles for both + rm -f /etc/apt/trustdb.gpg + # this removal was done unconditional since 0.8.15.3 + SECRING='/etc/apt/secring.gpg' + # test if secring is an empty normal file + if test -f $SECRING -a ! -s $SECRING; then + rm -f $SECRING + fi + fi + + # add unprivileged user for the apt methods + adduser --force-badname --system -home /var/empty \ + --no-create-home --quiet _apt || true + chown -R _apt:root \ + /var/lib/apt/lists \ + /var/cache/apt/archives # ensure tighter permissons on the logs, see LP: #975199 if dpkg --compare-versions "$2" lt-nl 0.9.7.7; then @@ -28,6 +52,10 @@ case "$1" in chmod -f 0640 /var/log/apt/term.log* || true fi + # create kernel autoremoval blacklist on update + if dpkg --compare-versions "$2" lt 0.9.9.3; then + /etc/kernel/postinst.d/apt-auto-removal + fi ;; abort-upgrade|abort-remove|abort-deconfigure)