From 7d8001ddc9801046289b2f4e31d25dfc3bca6cc5 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue, 10 Dec 2019 03:51:39 -0500
Subject: [PATCH] refactoring

---
 debian/security-misc.preinst | 42 ++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 19 deletions(-)

diff --git a/debian/security-misc.preinst b/debian/security-misc.preinst
index 7bb2c65..d0f0b7c 100644
--- a/debian/security-misc.preinst
+++ b/debian/security-misc.preinst
@@ -15,27 +15,29 @@ true "
 #####################################################################
 "
 
-## /usr/lib/security-misc/hide-hardware-info
-addgroup --system sysfs
-addgroup --system cpuinfo
+user_groups_modifications() {
+   ## /usr/lib/security-misc/hide-hardware-info
+   addgroup --system sysfs
+   addgroup --system cpuinfo
 
-## group 'sudo' membership required to use 'su'
-## /usr/share/pam-configs/wheel-security-misc
-addgroup root sudo
+   ## group 'sudo' membership required to use 'su'
+   ## /usr/share/pam-configs/wheel-security-misc
+   addgroup root sudo
 
-## Related to Console Lockdown.
-## /usr/share/pam-configs/console-lockdown-security-misc
-## /etc/security/access-security-misc.conf
-addgroup --system console
-addgroup --system console-unrestricted
-addgroup --system ssh
-## This has no effect since by default this package also ships and an
-## /etc/securetty configuration file that contains nothing but comments, i.e.
-## an "empty" /etc/securetty.
-## In case a system administrator edits /etc/securetty, there is no need to
-## block for this to be still blocked by console lockdown. See also:
-## https://www.whonix.org/wiki/Root#Root_Login
-addgroup root console
+   ## Related to Console Lockdown.
+   ## /usr/share/pam-configs/console-lockdown-security-misc
+   ## /etc/security/access-security-misc.conf
+   addgroup --system console
+   addgroup --system console-unrestricted
+   addgroup --system ssh
+   ## This has no effect since by default this package also ships and an
+   ## /etc/securetty configuration file that contains nothing but comments, i.e.
+   ## an "empty" /etc/securetty.
+   ## In case a system administrator edits /etc/securetty, there is no need to
+   ## block for this to be still blocked by console lockdown. See also:
+   ## https://www.whonix.org/wiki/Root#Root_Login
+   addgroup root console
+}
 
 sudo_users_check () {
    if command -v "qubesdb-read" &>/dev/null; then
@@ -162,6 +164,8 @@ ssh_users_check() {
    fi
 }
 
+user_groups_modifications
+
 if [ "$1" = "install" ] || [ "$1" = "upgrade" ]; then
    sudo_users_check
    console_users_check