aboutsummaryrefslogtreecommitdiff
path: root/debian/tor.postinst
diff options
context:
space:
mode:
Diffstat (limited to 'debian/tor.postinst')
-rw-r--r--debian/tor.postinst123
1 files changed, 0 insertions, 123 deletions
diff --git a/debian/tor.postinst b/debian/tor.postinst
deleted file mode 100644
index b9ac61596f..0000000000
--- a/debian/tor.postinst
+++ /dev/null
@@ -1,123 +0,0 @@
-#!/bin/sh -e
-
-# checking debian-tor account
-
-uid=`getent passwd debian-tor | cut -d ":" -f 3`
-home=`getent passwd debian-tor | cut -d ":" -f 6`
-
-# if there is the uid the account is there and we can do
-# the sanit(ar)y checks otherwise we can safely create it.
-
-if [ "$uid" ]; then
- if [ "$home" = "/var/lib/tor" ]; then
- :
- #echo "debian-tor homedir check: ok"
- else
- echo "ERROR: debian-tor account has an unexpected home directory!"
- echo "It should be '/var/lib/tor', but it is '$home'."
- echo "Removing the debian-tor user might fix this, but the question"
- echo "remains how you got into this mess to begin with."
- exit 1
- fi
-else
- adduser --quiet \
- --system \
- --disabled-password \
- --home /var/lib/tor \
- --no-create-home \
- --shell /bin/bash \
- --group \
- debian-tor
-fi
-
-
-for i in lib run log; do
- if ! [ -d "/var/$i/tor" ]; then
- echo "Something or somebody made /var/$i/tor disappear."
- echo "Creating one for you again."
- mkdir "/var/$i/tor"
- fi
-done
-
-find /var/lib/tor \( \( ! -user debian-tor \) -o \( ! -group debian-tor \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:debian-tor
-find /var/lib/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02700
-find /var/lib/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00600
-
-if [ -e /var/run/tor ]; then
- find /var/run/tor \( \( ! -user debian-tor \) -o \( ! -group debian-tor \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:debian-tor
- find /var/run/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02750
- find /var/run/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00600
-fi
-
-find /var/log/tor \( \( ! -user debian-tor \) -o \( ! -group adm \) \) -print0 | xargs -0 --no-run-if-empty chown debian-tor:adm
-find /var/log/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02750
-find /var/log/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00640
-
-
-move_away_keys=0
-
-if [ "$1" = "configure" ] &&
- [ -e /var/lib/tor/keys ] &&
- [ ! -z "$2" ]; then
- if dpkg --compare-versions "$2" lt 0.1.2.19-2; then
- move_away_keys=1
- elif dpkg --compare-versions "$2" gt 0.2.0 &&
- dpkg --compare-versions "$2" lt 0.2.0.26-rc; then
- move_away_keys=1
- fi
-fi
-if [ "$move_away_keys" = "1" ]; then
- echo "Retiring possibly compromised keys. See /usr/share/doc/tor/NEWS.Debian.gz"
- echo "and /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY for"
- echo "further information."
- if ! [ -d /var/lib/tor/keys/moved-away-by-tor-package ]; then
- mkdir /var/lib/tor/keys/moved-away-by-tor-package
- cat > /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY << EOF
-It has been discovered that the random number generator in Debian's
-openssl package is predictable. This is caused by an incorrect
-Debian-specific change to the openssl package (CVE-2008-0166). As a
-result, cryptographic key material may be guessable.
-
-See Debian Security Advisory number 1571 (DSA-1571) for more information:
-http://lists.debian.org/debian-security-announce/2008/msg00152.html
-
-The Debian package for Tor has moved away the onion keys upon package
-upgrade, and it will have moved away your identity key if it was created
-in the affected timeframe. There is no sure way to automatically tell
-if your key was created with an affected openssl library, so this move
-is done unconditionally.
-
-If you have restarted Tor since this change (and the package probably
-did that for you already unless you configured your system differently)
-then the Tor daemon already created new keys for itself and in all
-likelyhood is already working just fine with new keys.
-
-If you are absolutely certain that your identity key was created with
-a non-affected version of openssl and for some reason you have to retain
-the old identity, then you can move back the copy of secret_id_key to
-/var/lib/tor/keys. Do not move back the onion keys, they were created
-only recently since they are temporary keys with a lifetime of only a few
-days anyway.
-
-Sincerely,
-Peter Palfrader, Tue, 13 May 2008 13:32:23 +0200
-EOF
- fi
- for f in secret_onion_key secret_onion_key.old; do
- if [ -e /var/lib/tor/keys/"$f" ]; then
- mv -v /var/lib/tor/keys/"$f" /var/lib/tor/keys/moved-away-by-tor-package/"$f"
- fi
- done
- if [ -e /var/lib/tor/keys/secret_id_key ]; then
- id_mtime=`/usr/bin/stat -c %Y /var/lib/tor/keys/secret_id_key`
- sept=`date -d '2006-09-10' +%s`
- if [ "$id_mtime" -gt "$sept" ] ; then
- mv -v /var/lib/tor/keys/secret_id_key /var/lib/tor/keys/moved-away-by-tor-package/secret_id_key
- fi
- fi
-fi
-
-
-#DEBHELPER#
-
-exit 0
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion