diff options
| author | Nick Mathewson <nickm@torproject.org> | 2010-08-04 12:21:48 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2010-08-04 12:21:48 -0400 |
| commit | e7d2a9b6c4407217780be3a0d0cbb29fd3812cf5 (patch) | |
| tree | 437fdab02dd55d51d1bb397f48c69ec1918dc974 /debian/tor.postinst | |
| parent | f206209abfc1f98bbbd0be5b6e36fdec6709953d (diff) | |
| download | tor-e7d2a9b6c4407217780be3a0d0cbb29fd3812cf5.tar tor-e7d2a9b6c4407217780be3a0d0cbb29fd3812cf5.tar.gz | |
Remove the debian directory from the main git repository
Once upon a time it made sense to keep all the Debian files in the
main Tor distribution, since repeatedly merging them back in was hard.
Now that we're on git, that's no longer so.
Peter's debian repository at debian/tor.git on our git server has the
most recent version of the tor-on-debian packaging stuff, and the versions
in our own repository have gotten out of date.
Resolves bug #1735.
Diffstat (limited to 'debian/tor.postinst')
| -rw-r--r-- | debian/tor.postinst | 123 |
1 files changed, 0 insertions, 123 deletions
diff --git a/debian/tor.postinst b/debian/tor.postinst deleted file mode 100644 index b9ac61596..000000000 --- a/debian/tor.postinst +++ /dev/null @@ -1,123 +0,0 @@ -#!/bin/sh -e - -# checking debian-tor account - -uid=`getent passwd debian-tor | cut -d ":" -f 3` -home=`getent passwd debian-tor | cut -d ":" -f 6` - -# if there is the uid the account is there and we can do -# the sanit(ar)y checks otherwise we can safely create it. - -if [ "$uid" ]; then - if [ "$home" = "/var/lib/tor" ]; then - : - #echo "debian-tor homedir check: ok" - else - echo "ERROR: debian-tor account has an unexpected home directory!" - echo "It should be '/var/lib/tor', but it is '$home'." - echo "Removing the debian-tor user might fix this, but the question" - echo "remains how you got into this mess to begin with." - exit 1 - fi -else - adduser --quiet \ - --system \ - --disabled-password \ - --home /var/lib/tor \ - --no-create-home \ - --shell /bin/bash \ - --group \ - debian-tor -fi - - -for i in lib run log; do - if ! [ -d "/var/$i/tor" ]; then - echo "Something or somebody made /var/$i/tor disappear." - echo "Creating one for you again." - mkdir "/var/$i/tor" - fi -done - -find /var/lib/tor \( \( ! -user debian-tor \) -o \( ! -group debian-tor \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:debian-tor -find /var/lib/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02700 -find /var/lib/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00600 - -if [ -e /var/run/tor ]; then - find /var/run/tor \( \( ! -user debian-tor \) -o \( ! -group debian-tor \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:debian-tor - find /var/run/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02750 - find /var/run/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00600 -fi - -find /var/log/tor \( \( ! -user debian-tor \) -o \( ! -group adm \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:adm -find /var/log/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02750 -find /var/log/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00640 - - -move_away_keys=0 - -if [ "$1" = "configure" ] && - [ -e /var/lib/tor/keys ] && - [ ! -z "$2" ]; then - if dpkg --compare-versions "$2" lt 0.1.2.19-2; then - move_away_keys=1 - elif dpkg --compare-versions "$2" gt 0.2.0 && - dpkg --compare-versions "$2" lt 0.2.0.26-rc; then - move_away_keys=1 - fi -fi -if [ "$move_away_keys" = "1" ]; then - echo "Retiring possibly compromised keys. See /usr/share/doc/tor/NEWS.Debian.gz" - echo "and /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY for" - echo "further information." - if ! [ -d /var/lib/tor/keys/moved-away-by-tor-package ]; then - mkdir /var/lib/tor/keys/moved-away-by-tor-package - cat > /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY << EOF -It has been discovered that the random number generator in Debian's -openssl package is predictable. This is caused by an incorrect -Debian-specific change to the openssl package (CVE-2008-0166). As a -result, cryptographic key material may be guessable. - -See Debian Security Advisory number 1571 (DSA-1571) for more information: -http://lists.debian.org/debian-security-announce/2008/msg00152.html - -The Debian package for Tor has moved away the onion keys upon package -upgrade, and it will have moved away your identity key if it was created -in the affected timeframe. There is no sure way to automatically tell -if your key was created with an affected openssl library, so this move -is done unconditionally. - -If you have restarted Tor since this change (and the package probably -did that for you already unless you configured your system differently) -then the Tor daemon already created new keys for itself and in all -likelyhood is already working just fine with new keys. - -If you are absolutely certain that your identity key was created with -a non-affected version of openssl and for some reason you have to retain -the old identity, then you can move back the copy of secret_id_key to -/var/lib/tor/keys. Do not move back the onion keys, they were created -only recently since they are temporary keys with a lifetime of only a few -days anyway. - -Sincerely, -Peter Palfrader, Tue, 13 May 2008 13:32:23 +0200 -EOF - fi - for f in secret_onion_key secret_onion_key.old; do - if [ -e /var/lib/tor/keys/"$f" ]; then - mv -v /var/lib/tor/keys/"$f" /var/lib/tor/keys/moved-away-by-tor-package/"$f" - fi - done - if [ -e /var/lib/tor/keys/secret_id_key ]; then - id_mtime=`/usr/bin/stat -c %Y /var/lib/tor/keys/secret_id_key` - sept=`date -d '2006-09-10' +%s` - if [ "$id_mtime" -gt "$sept" ] ; then - mv -v /var/lib/tor/keys/secret_id_key /var/lib/tor/keys/moved-away-by-tor-package/secret_id_key - fi - fi -fi - - -#DEBHELPER# - -exit 0 |