forked from osmocom/wireshark
debian: Use debconf messages instead of "echo" in postinst/postrm
Change-Id: Ice41c3a723c2606c047ad59a1fde17dfe65f3ce7 Signed-off-by: Balint Reczey <balint.reczey@canonical.com> LP: #1687344 Reviewed-on: https://code.wireshark.org/review/22968 Reviewed-by: Balint Reczey <balint@balintreczey.hu> Petri-Dish: Balint Reczey <balint@balintreczey.hu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
This commit is contained in:
parent
44e117bf73
commit
b44fb245f5
|
@ -21,3 +21,41 @@ _Description: Should non-superusers be able to capture packets?
|
|||
.
|
||||
Enabling this feature may be a security risk, so it is disabled by
|
||||
default. If in doubt, it is suggested to leave it disabled.
|
||||
|
||||
Template: wireshark-common/addgroup-failed
|
||||
Type: error
|
||||
_Description: Creating the wireshark system group failed
|
||||
The wireshark group does not exist, and creating it failed, so
|
||||
Wireshark cannot be configured to capture traffic as an unprivileged
|
||||
user.
|
||||
.
|
||||
Please create the wireshark system group and try configuring
|
||||
wireshark-common again.
|
||||
|
||||
Template: wireshark-common/group-is-user-group
|
||||
Type: error
|
||||
_Description: The wireshark group is a system group
|
||||
The wireshark group exists as a user group, but the preferred
|
||||
configuration is for it to be created as a system group.
|
||||
.
|
||||
As a result, purging wireshark-common will not remove the wireshark
|
||||
group, but everything else should work properly.
|
||||
|
||||
Template: wireshark-common/setcap-failed
|
||||
Type: error
|
||||
_Description: Setting capabilities for dumpcap failed
|
||||
The attempt to use Linux capabilities to grant packet-capturing
|
||||
privileges to the dumpcap binary failed. Instead, it has had the
|
||||
set-user-id bit set.
|
||||
|
||||
Template: wireshark-common/group-removal-failed
|
||||
Type: error
|
||||
_Description: Removal of the wireshark group failed
|
||||
When the wireshark-common package is configured to allow
|
||||
non-superusers to capture packets the postinst script of
|
||||
wireshark-common creates the wireshark group as a system group.
|
||||
.
|
||||
However, on this system the wireshark group is a user group instead of
|
||||
being a system group, so purging wireshark-common did not remove it.
|
||||
.
|
||||
If the group is no longer needed, please remove it manually.
|
||||
|
|
|
@ -15,19 +15,20 @@ if ! dpkg-statoverride --list $PROGRAM > /dev/null; then
|
|||
else
|
||||
if ! addgroup --quiet --system $GROUP; then
|
||||
if ! getent group wireshark > /dev/null; then
|
||||
echo "Error: $GROUP group does not exist and executing \"addgroup --quiet --system $GROUP\" failed which prevents configuring Wireshark for capturing traffic as an unprivileged user."
|
||||
echo "Please create the $GROUP system (or user) group and try configuring wireshark-common again."
|
||||
db_input high wireshark-common/addgroup-failed || true
|
||||
db_go
|
||||
exit 1
|
||||
else
|
||||
echo "Note: $GROUP is a user group, but the preferred configuration is setting it up as a system group. Purging wireshark-common will not remove the $GROUP group as a result, but otherwise everything should work properly."
|
||||
db_input high wireshark-common/group-is-user-group || true
|
||||
db_go
|
||||
fi
|
||||
fi
|
||||
chown root:$GROUP $PROGRAM
|
||||
if which setcap > /dev/null ; then
|
||||
chmod u=rwx,g=rx,o=r $PROGRAM
|
||||
if ! setcap cap_net_raw,cap_net_admin=eip $PROGRAM; then
|
||||
echo "Error: Setting capabilities for dumpcap using Linux Capabilities failed."
|
||||
echo "Falling back to setting set-user-id bit."
|
||||
db_input high wireshark-common/setcap-failed || true
|
||||
db_go
|
||||
chmod u=rwxs,g=rx,o=r $PROGRAM
|
||||
fi
|
||||
else
|
||||
|
@ -36,7 +37,6 @@ if ! dpkg-statoverride --list $PROGRAM > /dev/null; then
|
|||
fi
|
||||
fi
|
||||
else
|
||||
echo "Preserving owner and mode for $PROGRAM set by dpkg-statoverride:"
|
||||
dpkg-statoverride --list $PROGRAM
|
||||
fi
|
||||
|
||||
|
|
|
@ -4,11 +4,15 @@ set -e
|
|||
|
||||
GROUP=wireshark
|
||||
|
||||
. /usr/share/debconf/confmodule
|
||||
|
||||
if [ "$1" = "purge" ] ; then
|
||||
if getent group $GROUP >/dev/null; then
|
||||
if [ -x /usr/sbin/delgroup ]; then
|
||||
echo "Removing wireshark group..."
|
||||
delgroup --system $GROUP || echo "Could not remove wireshark group."
|
||||
if ! delgroup --quiet --system $GROUP; then
|
||||
db_input high wireshark-common/group-removal-failed || true
|
||||
db_go
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue