debian: Use debconf messages instead of "echo" in postinst/postrm

Change-Id: Ice41c3a723c2606c047ad59a1fde17dfe65f3ce7 Signed-off-by: Balint Reczey <balint.reczey@canonical.com> LP: #1687344 Reviewed-on: https://code.wireshark.org/review/22968 Reviewed-by: Balint Reczey <balint@balintreczey.hu> Petri-Dish: Balint Reczey <balint@balintreczey.hu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-06-10 13:12:40 -07:00 · 2017-06-10 13:12:40 -07:00 · b44fb245f5
parent 44e117bf73
commit b44fb245f5
3 changed files with 50 additions and 8 deletions
--- a/debian/templates
+++ b/debian/templates
@ -21,3 +21,41 @@ _Description: Should non-superusers be able to capture packets?
 .
 Enabling this feature may be a security risk, so it is disabled by
 default. If in doubt, it is suggested to leave it disabled.
+
+Template: wireshark-common/addgroup-failed
+Type: error
+_Description: Creating the wireshark system group failed
+ The wireshark group does not exist, and creating it failed, so
+ Wireshark cannot be configured to capture traffic as an unprivileged
+ user.
+ .
+ Please create the wireshark system group and try configuring
+ wireshark-common again.
+
+Template: wireshark-common/group-is-user-group
+Type: error
+_Description: The wireshark group is a system group
+ The wireshark group exists as a user group, but the preferred
+ configuration is for it to be created as a system group.
+ .
+ As a result, purging wireshark-common will not remove the wireshark
+ group, but everything else should work properly.
+
+Template: wireshark-common/setcap-failed
+Type: error
+_Description: Setting capabilities for dumpcap failed
+ The attempt to use Linux capabilities to grant packet-capturing
+ privileges to the dumpcap binary failed. Instead, it has had the
+ set-user-id bit set.
+
+Template: wireshark-common/group-removal-failed
+Type: error
+_Description: Removal of the wireshark group failed
+ When the wireshark-common package is configured to allow
+ non-superusers to capture packets the postinst script of
+ wireshark-common creates the wireshark group as a system group.
+ .
+ However, on this system the wireshark group is a user group instead of
+ being a system group, so purging wireshark-common did not remove it.
+ .
+ If the group is no longer needed, please remove it manually.
--- a/debian/wireshark-common.postinst
+++ b/debian/wireshark-common.postinst
@ -15,19 +15,20 @@ if ! dpkg-statoverride --list $PROGRAM > /dev/null; then
 	else
 	    if ! addgroup --quiet --system $GROUP; then
 	        if ! getent group wireshark > /dev/null; then
-		    echo "Error: $GROUP group does not exist and executing \"addgroup --quiet --system $GROUP\" failed which prevents configuring Wireshark for capturing traffic as an unprivileged user."
-                    echo "Please create the $GROUP system (or user) group and try configuring wireshark-common again."
+                    db_input high wireshark-common/addgroup-failed || true
+                    db_go
                    exit 1
                else
-                    echo "Note: $GROUP is a user group, but the preferred configuration is setting it up as a system group. Purging wireshark-common will not remove the $GROUP group as a result, but otherwise everything should work properly."
+                    db_input high wireshark-common/group-is-user-group || true
+                    db_go
                fi
 	    fi
 	    chown root:$GROUP $PROGRAM
 	    if which setcap > /dev/null ; then
                chmod u=rwx,g=rx,o=r $PROGRAM
                if ! setcap cap_net_raw,cap_net_admin=eip $PROGRAM; then
-		    echo "Error: Setting capabilities for dumpcap using Linux Capabilities failed."
-		    echo "Falling back to setting set-user-id bit."
+                    db_input high wireshark-common/setcap-failed || true
+                    db_go
 		    chmod u=rwxs,g=rx,o=r $PROGRAM
                fi
 	    else
@ -36,7 +37,6 @@ if ! dpkg-statoverride --list $PROGRAM > /dev/null; then
        fi
    fi
 else
-    echo "Preserving owner and mode for $PROGRAM set by dpkg-statoverride:"
    dpkg-statoverride --list $PROGRAM
 fi

--- a/debian/wireshark-common.postrm
+++ b/debian/wireshark-common.postrm
@ -4,11 +4,15 @@ set -e

 GROUP=wireshark

+. /usr/share/debconf/confmodule
+
 if [ "$1" = "purge" ] ; then
      if getent group $GROUP >/dev/null; then
                if [ -x /usr/sbin/delgroup ]; then
-                        echo "Removing wireshark group..."
-                        delgroup --system $GROUP || echo "Could not remove wireshark group."
+                    if ! delgroup --quiet --system $GROUP; then
+                        db_input high wireshark-common/group-removal-failed || true
+                        db_go
+                    fi
                fi
        fi
 fi