diff options
| author | Balint Reczey <balint.reczey@canonical.com> | 2017-06-10 13:12:40 -0700 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2017-08-07 22:39:06 +0000 |
| commit | b44fb245f5cef586fae8a4d3d2492d50b0f90c93 (patch) | |
| tree | e101fa5971a19ea117ced98546e99e31e64a5ce6 | |
| parent | 44e117bf7340298584b449d0a313a2f7f388d1af (diff) | |
debian: Use debconf messages instead of "echo" in postinst/postrm
Change-Id: Ice41c3a723c2606c047ad59a1fde17dfe65f3ce7
Signed-off-by: Balint Reczey <balint.reczey@canonical.com>
LP: #1687344
Reviewed-on: https://code.wireshark.org/review/22968
Reviewed-by: Balint Reczey <balint@balintreczey.hu>
Petri-Dish: Balint Reczey <balint@balintreczey.hu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
| -rw-r--r-- | debian/templates | 38 | ||||
| -rw-r--r-- | debian/wireshark-common.postinst | 12 | ||||
| -rw-r--r-- | debian/wireshark-common.postrm | 8 |
3 files changed, 50 insertions, 8 deletions
diff --git a/debian/templates b/debian/templates index 5cbc112c09..dc47130770 100644 --- a/debian/templates +++ b/debian/templates @@ -21,3 +21,41 @@ _Description: Should non-superusers be able to capture packets? . Enabling this feature may be a security risk, so it is disabled by default. If in doubt, it is suggested to leave it disabled. + +Template: wireshark-common/addgroup-failed +Type: error +_Description: Creating the wireshark system group failed + The wireshark group does not exist, and creating it failed, so + Wireshark cannot be configured to capture traffic as an unprivileged + user. + . + Please create the wireshark system group and try configuring + wireshark-common again. + +Template: wireshark-common/group-is-user-group +Type: error +_Description: The wireshark group is a system group + The wireshark group exists as a user group, but the preferred + configuration is for it to be created as a system group. + . + As a result, purging wireshark-common will not remove the wireshark + group, but everything else should work properly. + +Template: wireshark-common/setcap-failed +Type: error +_Description: Setting capabilities for dumpcap failed + The attempt to use Linux capabilities to grant packet-capturing + privileges to the dumpcap binary failed. Instead, it has had the + set-user-id bit set. + +Template: wireshark-common/group-removal-failed +Type: error +_Description: Removal of the wireshark group failed + When the wireshark-common package is configured to allow + non-superusers to capture packets the postinst script of + wireshark-common creates the wireshark group as a system group. + . + However, on this system the wireshark group is a user group instead of + being a system group, so purging wireshark-common did not remove it. + . + If the group is no longer needed, please remove it manually. diff --git a/debian/wireshark-common.postinst b/debian/wireshark-common.postinst index f14c9fda8d..21d40f5741 100644 --- a/debian/wireshark-common.postinst +++ b/debian/wireshark-common.postinst @@ -15,19 +15,20 @@ if ! dpkg-statoverride --list $PROGRAM > /dev/null; then else if ! addgroup --quiet --system $GROUP; then if ! getent group wireshark > /dev/null; then - echo "Error: $GROUP group does not exist and executing \"addgroup --quiet --system $GROUP\" failed which prevents configuring Wireshark for capturing traffic as an unprivileged user." - echo "Please create the $GROUP system (or user) group and try configuring wireshark-common again." + db_input high wireshark-common/addgroup-failed || true + db_go exit 1 else - echo "Note: $GROUP is a user group, but the preferred configuration is setting it up as a system group. Purging wireshark-common will not remove the $GROUP group as a result, but otherwise everything should work properly." + db_input high wireshark-common/group-is-user-group || true + db_go fi fi chown root:$GROUP $PROGRAM if which setcap > /dev/null ; then chmod u=rwx,g=rx,o=r $PROGRAM if ! setcap cap_net_raw,cap_net_admin=eip $PROGRAM; then - echo "Error: Setting capabilities for dumpcap using Linux Capabilities failed." - echo "Falling back to setting set-user-id bit." + db_input high wireshark-common/setcap-failed || true + db_go chmod u=rwxs,g=rx,o=r $PROGRAM fi else @@ -36,7 +37,6 @@ if ! dpkg-statoverride --list $PROGRAM > /dev/null; then fi fi else - echo "Preserving owner and mode for $PROGRAM set by dpkg-statoverride:" dpkg-statoverride --list $PROGRAM fi diff --git a/debian/wireshark-common.postrm b/debian/wireshark-common.postrm index 2ea52f74d8..dea519833a 100644 --- a/debian/wireshark-common.postrm +++ b/debian/wireshark-common.postrm @@ -4,11 +4,15 @@ set -e GROUP=wireshark +. /usr/share/debconf/confmodule + if [ "$1" = "purge" ] ; then if getent group $GROUP >/dev/null; then if [ -x /usr/sbin/delgroup ]; then - echo "Removing wireshark group..." - delgroup --system $GROUP || echo "Could not remove wireshark group." + if ! delgroup --quiet --system $GROUP; then + db_input high wireshark-common/group-removal-failed || true + db_go + fi fi fi fi |