Linux lhjmq-records 5.15.0-118-generic #128-Ubuntu SMP Fri Jul 5 09:28:59 UTC 2024 x86_64
Your IP : 18.223.210.196
Current Path : /var/lib/dpkg/info/ |
| Current File : /var/lib/dpkg/info/ubuntu-advantage-tools.postinst |
#!/bin/sh
set -e
. /etc/os-release # For VERSION_ID
# Needed even if this script doesn't call debconf, see:
# https://lintian.debian.org/tags/postinst-does-not-load-confmodule.html
# Note: this may re-exec the postinst script.
. /usr/share/debconf/confmodule
if [ -z "${VERSION_ID}" ]; then
echo "Warning: missing VERSION_ID in /etc/os-release" >&2
VERSION_ID="NO-VERSION_ID"
fi
APT_TRUSTED_KEY_DIR="/etc/apt/trusted.gpg.d"
ESM_INFRA_KEY_TRUSTY="ubuntu-advantage-esm-infra-trusty.gpg"
ESM_APPS_KEY="ubuntu-advantage-esm-apps.gpg"
APT_SRC_DIR="/etc/apt/sources.list.d"
APT_PREFERENCES_DIR="/etc/apt/preferences.d"
ESM_INFRA_OLD_APT_SOURCE_FILE_TRUSTY="$APT_SRC_DIR/ubuntu-esm-infra-trusty.list"
ESM_INFRA_APT_SOURCE_FILE="$APT_SRC_DIR/ubuntu-esm-infra.list"
ESM_APPS_APT_SOURCE_FILE="$APT_SRC_DIR/ubuntu-esm-apps.list"
FIPS_APT_SOURCE_FILE="$APT_SRC_DIR/ubuntu-fips.list"
OLD_CLIENT_FIPS_PPA="private-ppa.launchpad.net/ubuntu-advantage/fips/ubuntu"
UA_TIMER_NAME="ua-timer.timer"
OLD_MESSAGING_TIMER="ua-messaging.timer"
OLD_MESSAGING_TIMER_MASKED_LOCATION="/etc/systemd/system/timers.target.wants/$OLD_MESSAGING_TIMER"
OLD_LICENSE_CHECK_PATH="ua-license-check.path"
OLD_LICENSE_CHECK_PATH_MASKED_LOCATION="/etc/systemd/system/multi-user.target.wants/$OLD_LICENSE_CHECK_PATH"
XENIAL_CLOUD_ID_SHIM_UNIT_LOCATION="/etc/systemd/system/multi-user.target.wants/ubuntu-advantage-cloud-id-shim.service"
ESM_APT_PREF_FILE_TRUSTY="$APT_PREFERENCES_DIR/ubuntu-esm-trusty"
ESM_INFRA_OLD_APT_PREF_FILE_TRUSTY="$APT_PREFERENCES_DIR/ubuntu-esm-infra-trusty"
ESM_INFRA_APT_PREF_FILE="$APT_PREFERENCES_DIR/ubuntu-esm-infra"
ESM_APPS_APT_PREF_FILE="$APT_PREFERENCES_DIR/ubuntu-esm-apps"
SYSTEMD_WANTS_AUTO_ATTACH_LINK="/etc/systemd/system/multi-user.target.wants/ua-auto-attach.service"
SYSTEMD_HELPER_ENABLED_AUTO_ATTACH_DSH="/var/lib/systemd/deb-systemd-helper-enabled/ua-auto-attach.service.dsh-also"
SYSTEMD_HELPER_ENABLED_WANTS_LINK="/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/ua-auto-attach.service"
REBOOT_CMD_MARKER_FILE="/var/lib/ubuntu-advantage/marker-reboot-cmds-required"
OLD_LICENSE_CHECK_MARKER_FILE="/var/lib/ubuntu-advantage/marker-license-check"
MACHINE_TOKEN_FILE="/var/lib/ubuntu-advantage/private/machine-token.json"
PUBLIC_MACHINE_TOKEN_FILE="/var/lib/ubuntu-advantage/machine-token.json"
UA_MESSAGES_DIR="/var/lib/ubuntu-advantage/messages"
APT_ESM_MESSAGE_FILE="$UA_MESSAGES_DIR/apt-pre-invoke-esm-service-status"
ESM_APPS_APT_MSG_FILES="$UA_MESSAGES_DIR/apt-pre-invoke-no-packages-apps.tmpl $UA_MESSAGES_DIR/apt-pre-invoke-no-packages-apps $UA_MESSAGES_DIR/apt-pre-invoke-packages-apps.tmpl $UA_MESSAGES_DIR/apt-pre-invoke-packages-apps"
UA_FLAGS_DIR="/var/lib/ubuntu-advantage/flags"
APT_NEWS_FLAG_FILE="$UA_FLAGS_DIR/show-apt-news"
TMP_CANDIDATE_CACHE_PATH="/tmp/ubuntu-advantage/candidate-version"
# Rename apt config files for ua services removing ubuntu release names
redact_ubuntu_release_from_ua_apt_filenames() {
DIR=$1
# It is okay if this list is outdated, because this function is only used for an old migration.
# Any services that were introduced after this migration was added won't need to be migrated.
UA_SERVICES="cc-eal cis esm-infra esm-apps fips fips-updates livepatch ros ros-updates"
for file in "$DIR"/*; do
release_name=""
case "$file" in
*-trusty*)
release_name=trusty;;
*-xenial*)
release_name=xenial;;
*-bionic*)
release_name=bionic;;
*-focal*)
release_name=focal;;
*-groovy*)
release_name=groovy;;
*) release_name="";;
esac
if [ "$release_name" ]; then
# We have a ubuntu release name in the apt config.
# Remove $release_name from original $file.
new_file=${file%-${release_name}*}${file#*${release_name}}
for service in ${UA_SERVICES}; do
if [ "${file#*$service}" != "$file" ]; then
# Valid apt cfg file for an ubuntu-advantage service
mv "$file" "$new_file"
fi
done
fi
done
}
# Check cached service status from status.json and return 0 if enabled else 1
check_service_is_enabled() {
service_name=$1
_RET=$(/usr/bin/python3 -c "
import os
import json
from uaclient.config import UAConfig
cfg = UAConfig()
status = cfg.read_cache('status-cache')
if status:
for service in status.get('services', []):
if service.get('name', '') == '${service_name}':
print(service.get('status', ''))
")
if [ "${_RET}" = "enabled" ]; then
return 0
else
return 1
fi
}
esm_infra_cleanup() {
if ! check_service_is_enabled esm-infra; then
rm -f "$APT_TRUSTED_KEY_DIR/ubuntu-esm*gpg" # Remove previous esm keys
rm -f "$APT_TRUSTED_KEY_DIR/$ESM_INFRA_KEY_TRUSTY"
rm -f "$ESM_INFRA_APT_SOURCE_FILE"
rm -f "$ESM_INFRA_OLD_APT_SOURCE_FILE_TRUSTY"
rm -f "$ESM_APT_PREF_FILE_TRUSTY" "$ESM_INFRA_OLD_APT_PREF_FILE_TRUSTY"
rm -f "$ESM_INFRA_APT_PREF_FILE"
fi
}
esm_apps_cleanup() {
if ! check_service_is_enabled esm-apps; then
rm -f "$APT_TRUSTED_KEY_DIR/$ESM_APPS_KEY"
rm -f "$ESM_APPS_APT_SOURCE_FILE"
rm -f "$ESM_APPS_APT_PREF_FILE"
fi
}
# If held fips packages exist, we are on a FIPS PRO machine with FIPS enabled
mark_reboot_for_fips_pro() {
FIPS_HOLDS=$(apt-mark showholds | grep -E 'fips|libssl1|openssh-client|openssh-server|linux-fips|openssl|strongswan' || exit 0)
if [ "$FIPS_HOLDS" ]; then
mark_reboot_cmds_as_needed FIPS_REBOOT_REQUIRED_MSG
fi
}
add_notice() {
msg_name=$1
/usr/bin/python3 -c "
from uaclient.config import UAConfig
from uaclient.messages import ${msg_name}
cfg = UAConfig(root_mode=True)
cfg.notice_file.add(label='', description=${msg_name})
"
}
mark_reboot_cmds_as_needed() {
msg_name=$1
if [ ! -f "$REBOOT_CMD_MARKER_FILE" ]; then
touch $REBOOT_CMD_MARKER_FILE
fi
add_notice "$msg_name"
}
patch_status_json_0_1_for_non_root() {
# UA client 27.2 broke status.json schema backward-compatibility for
# non-root users. Apply a patch to allow non-root user to run `ua status`
# without Tracebacks
if dpkg --compare-versions "$PREVIOUS_PKG_VER" gt-nl "27.2"; then
return
fi
if [ ! -e "/var/lib/ubuntu-advantage/status.json" ]; then
return
fi
/usr/lib/ubuntu-advantage/patch_status_json.py || true
}
notify_wrong_fips_metapackage_on_cloud() {
# On xenial, we don't have FIPS optimized kernels on the clouds.
# Because of that, we block enabling FIPS on xenial clouds. However,
# we do have a config override that allows users to install the generic
# FIPS packages into the cloud instance. We don't want to notify those users
if [ "$VERSION_ID" = "16.04" ]; then
return
fi
fips_metapkg="ubuntu-fips"
cloud_id=$(cloud-id 2>/dev/null) || cloud_id=""
# If the package is not installed, we don't want the postinst script to fail
fips_installed=$(dpkg-query -W --showformat='${db:Status-Status}\n' $fips_metapkg 2>/dev/null || true)
if echo "$cloud_id" | grep -E -q "^(azure|aws)"; then
if echo "$fips_installed" | grep -E -q "installed"; then
add_notice NOTICE_WRONG_FIPS_METAPACKAGE_ON_CLOUD
fi
fi
}
rm_old_license_check_marker() {
rm -f $OLD_LICENSE_CHECK_MARKER_FILE
}
disable_new_timer_if_old_timer_already_disabled() {
# If the user has disabled the ua-messaging
# then we will assume that the user would want the
# ua-timer to be disabled as well. In that case, we will
# disable the ua-timer here.
PREVIOUS_PKG_VER=$1
# We should only perform this check on UA version that have the
# ua-messaging.timer: 27.0 until 27.2. This will also guarantee
# that on 27.3 and forward, we will not run this logic.
if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.0~" \
|| dpkg --compare-versions "$PREVIOUS_PKG_VER" ge "27.3~"; then
return
fi
if ! deb-systemd-helper --quiet was-enabled $OLD_MESSAGING_TIMER; then
# We have the following entry on our rules file:
# dh_systemd_enable -pubuntu-advantage-tools ua-timer.timer
# This rule will append some code at the end of the postinst script
# that checks if the ua-timer.timer was already enabled on the system.
# This means that if we manually disable the service here, that logic will
# still enable it in the end of the postinst script.
# Because of this logic we are now manually enabling ua-timer.timer here
# and then we manually disable it. This will guarantee that the was-enabled
# logic introduced by the rules file will not be triggered and we will not
# re-enable the ua-timer.timer service after calling this function.
echo "$OLD_MESSAGING_TIMER was disabled. Disabling $UA_TIMER_NAME." >&2
deb-systemd-helper enable $UA_TIMER_NAME > /dev/null 2>&1 || true
deb-systemd-helper disable $UA_TIMER_NAME > /dev/null 2>&1 || true
fi
}
remove_old_systemd_units() {
PREVIOUS_PKG_VER=$1
# These are the commands that are run when the package is purged.
# Since we actually want to remove this service from now on
# we have replicated that behavior here
if [ -L $OLD_MESSAGING_TIMER_MASKED_LOCATION ]; then
deb-systemd-helper purge ua-messaging.timer > /dev/null || true
deb-systemd-helper unmask ua-messaging.timer > /dev/null || true
fi
if [ -L $OLD_LICENSE_CHECK_PATH_MASKED_LOCATION ]; then
if [ -d /run/systemd/system ]; then
# If the old ua-license-check.timer was running during upgrade
# then it will be in a failed state because the files were removed
# The failed state is ephemeral and only needs to be cleared if
# it is there so that the system doesn't say it is degraded.
# If the old timer was not running, then this is a noop.
systemctl --system daemon-reload > /dev/null || true
systemctl reset-failed ua-license-check.timer > /dev/null 2>&1 || true
# In rare race-condition scenarios, the service can also get into
# the same failed state.
systemctl reset-failed ua-license-check.service > /dev/null 2>&1 || true
fi
deb-systemd-helper purge ua-license-check.path > /dev/null || true
deb-systemd-helper unmask ua-license-check.path > /dev/null || true
fi
# If we're do-release-upgrad-ing to bionic, then clean up the xenial-only
# cloud-id-shim unit
if [ "$VERSION_ID" = "18.04" ]; then
if echo "$PREVIOUS_PKG_VER" | grep -q "16.04"; then
if [ -L $XENIAL_CLOUD_ID_SHIM_UNIT_LOCATION ]; then
deb-systemd-helper purge ubuntu-advantage-cloud-id-shim.service > /dev/null || true
deb-systemd-helper unmask ubuntu-advantage-cloud-id-shim.service > /dev/null || true
fi
fi
fi
}
create_public_machine_token_file() {
# When we perform the write operation through
# MachineTokenFile we already write the public
# version of the machine-token file with all the
# sensitive data removed.
/usr/bin/python3 -c "
from uaclient.files import MachineTokenFile
machine_token_file = MachineTokenFile()
content = machine_token_file.read()
machine_token_file.write(content=content)
"
}
migrate_ubuntu_pro_beta_banner() {
PREVIOUS_PKG_VER=$1
# This only shipped in 27.11.2~
if dpkg --compare-versions "$PREVIOUS_PKG_VER" ge "27.11.2~" \
&& dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.11.3~"; then
# if the banner was present, remove it and add the new flag file which is configurable
if [ -f $APT_ESM_MESSAGE_FILE ]; then
if cat $APT_ESM_MESSAGE_FILE | grep -q "Try Ubuntu Pro beta"; then
rm -f $APT_ESM_MESSAGE_FILE
rm -f $ESM_APPS_APT_MSG_FILES
mkdir -p $UA_FLAGS_DIR
touch $APT_NEWS_FLAG_FILE
fi
fi
fi
}
cleanup_candidate_version_stamp_permissions() {
if [ -f $TMP_CANDIDATE_CACHE_PATH ]; then
rm -f $TMP_CANDIDATE_CACHE_PATH
fi
}
cleanup_apt_news_flag_file() {
if [ -f $APT_NEWS_FLAG_FILE ]; then
rm -f $APT_NEWS_FLAG_FILE
fi
}
case "$1" in
configure)
PREVIOUS_PKG_VER=$2
# We changed the way we store public files in 19.5
if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt-nl "19.5~"; then
# Remove all publicly-readable files
find /var/lib/ubuntu-advantage/ -maxdepth 1 -type f -delete
fi
# Are we upgrading from a previously release Ubuntu Advantage Pro pkg?
# We broke package compatibility in 20.2 for any image with 19.7
if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt-nl "20.2~"; then
if dpkg --compare-versions "$PREVIOUS_PKG_VER" ge-nl "19.7~"; then
# Drop stale symlinks for migrated auto-attach-service
rm -f $SYSTEMD_WANTS_AUTO_ATTACH_LINK
rm -f $SYSTEMD_HELPER_ENABLED_AUTO_ATTACH_DSH
rm -f $SYSTEMD_HELPER_ENABLED_WANTS_LINK
fi
fi
patch_status_json_0_1_for_non_root
# UA service PPAs support all ubuntu releases, no need to
# specialize apt config filenames per ubuntu release.
redact_ubuntu_release_from_ua_apt_filenames $APT_SRC_DIR
redact_ubuntu_release_from_ua_apt_filenames $APT_PREFERENCES_DIR
# Repo for FIPS packages changed from old client
if [ -f $FIPS_APT_SOURCE_FILE ]; then
if grep -q $OLD_CLIENT_FIPS_PPA $FIPS_APT_SOURCE_FILE; then
add_notice FIPS_INSTALL_OUT_OF_DATE
fi
fi
notify_wrong_fips_metapackage_on_cloud
# CACHE_DIR is no longer present or used since 19.1
rm -rf /var/cache/ubuntu-advantage-tools
# machine-access cache files no longer present or used since 20.1
rm -f /var/lib/ubuntu-advantage/private/machine-access-*.json
# log files need to be world-readable
if [ ! -f /var/log/ubuntu-advantage.log ]; then
touch /var/log/ubuntu-advantage.log
# We are only making new log files world readable
chmod 0644 /var/log/ubuntu-advantage.log
fi
chown root:root /var/log/ubuntu-advantage.log
private_dir="/var/lib/ubuntu-advantage/private"
if [ -d "$private_dir" ]; then
chmod 0700 "$private_dir"
fi
if [ "$VERSION_ID" = "16.04" ]; then
if echo "$PREVIOUS_PKG_VER" | grep -q "14.04"; then
mark_reboot_cmds_as_needed LIVEPATCH_LTS_REBOOT_REQUIRED
fi
if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.13~"; then
# Clean any unauthenticated ESM infra files previously inserted
# on Xenial, unless the service is enabled
esm_infra_cleanup
fi
fi
if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.13.5~"; then
# esm-apps unauthenticated ESM should not be in any release
esm_apps_cleanup
fi
mark_reboot_for_fips_pro
rm_old_license_check_marker
disable_new_timer_if_old_timer_already_disabled $PREVIOUS_PKG_VER
remove_old_systemd_units $PREVIOUS_PKG_VER
/usr/lib/ubuntu-advantage/cloud-id-shim.sh || true
# On old version of ubuntu-advantange-tools, we don't have a public
# machine_token.json file on attached machines. Since the non-root
# status now needs that file, we need to create it during the upgrade
if [ -f $MACHINE_TOKEN_FILE ] && [ ! -f $PUBLIC_MACHINE_TOKEN_FILE ]; then
create_public_machine_token_file
fi
migrate_ubuntu_pro_beta_banner $PREVIOUS_PKG_VER
cleanup_candidate_version_stamp_permissions
if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.13~"; then
cleanup_apt_news_flag_file
fi
# LP: #2003977
# The version gate is open ended, and should be closed when the apt_news
# configuration is moved away from a conffile.
if dpkg --compare-versions "$2" ge 27.11.3~; then
if [ -f /var/lib/ubuntu-advantage/preinst-detected-apt-news-disabled ]; then
# The preinst has left us a note to tell us that apt-news was
# previously disabled and should be re-disabled, so disable it
# and discard the note.
pro config set apt_news=false
rm /var/lib/ubuntu-advantage/preinst-detected-apt-news-disabled
fi
# Remove the conffile backup if it exists now that an error unwind is
# no longer possible
rm -f /etc/ubuntu-advantage/uaclient.conf.preinst-remove
fi
;;
esac
# Automatically added by dh_python3
if command -v py3compile >/dev/null 2>&1; then
py3compile -p ubuntu-advantage-tools:amd64
fi
if command -v pypy3compile >/dev/null 2>&1; then
pypy3compile -p ubuntu-advantage-tools:amd64 || true
fi
# End automatically added section
# Automatically added by dh_systemd_enable/13.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'ua-reboot-cmds.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'ua-reboot-cmds.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'ua-reboot-cmds.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'ua-reboot-cmds.service' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_systemd_enable/13.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'ua-timer.timer' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'ua-timer.timer'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'ua-timer.timer' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'ua-timer.timer' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_systemd_enable/13.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'ubuntu-advantage.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'ubuntu-advantage.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'ubuntu-advantage.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'ubuntu-advantage.service' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_systemd_start/13.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -z "${DPKG_ROOT:-}" ] && [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
deb-systemd-invoke start 'ua-timer.timer' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_systemd_start/13.6ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -z "${DPKG_ROOT:-}" ] && [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
deb-systemd-invoke start 'ubuntu-advantage.service' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_installdeb/13.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/update-motd.d/99-esm 19.1~ ubuntu-advantage-tools -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/13.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/update-motd.d/80-esm 19.1~ ubuntu-advantage-tools -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/13.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/update-motd.d/80-livepatch 19.1~ ubuntu-advantage-tools -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/13.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/cron.daily/ubuntu-advantage-tools 19.1~ ubuntu-advantage-tools -- "$@"
# End automatically added section
# Automatically added by dh_installdeb/13.6ubuntu1
dpkg-maintscript-helper rm_conffile /etc/init/ua-auto-attach.conf 20.2~ ubuntu-advantage-tools -- "$@"
# End automatically added section
exit 0
|