Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-18 03:29:33 -04:00
Code Issues Projects Releases Packages Wiki Activity

Avoid impossible-to-satisfy dependency on helper-scripts, improve string handling robustness in postinst

Browse source
This commit is contained in:
Aaron Rainbolt 2025-01-15 19:10:41 -06:00
parent 597186972e
commit bf73f1f2b5
No known key found for this signature in database
GPG key ID: A709160D73C79109
1 changed files with 29 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

35
debian/security-misc.config vendored
View file

@ -21,6 +21,31 @@ true "
##################################################################### #####################################################################
" "
## Copied from helper-scripts/usr/libexec/helper-scripts/package_installed_check.bsh
pkg_installed() {
local package_name dpkg_query_output
local requested_action status error_state
package_name="$1"
## Cannot use '&>' because it is a bashism.
dpkg_query_output="$(dpkg-query --show --showformat='${Status}' "$package_name" 2>/dev/null)" || true
## dpkg_query_output Exampels:
## install ok half-configured
## install ok installed
requested_action=$(echo "$dpkg_query_output" | awk '{print $1}')
status=$(echo "$dpkg_query_output" | awk '{print $2}')
error_state=$(echo "$dpkg_query_output" | awk '{print $3}')
if [ "$requested_action" = 'install' ]; then
true "$0: INFO: $package_name is installed, ok."
return 0
fi
true "$0: INFO: $package_name is not installed, ok."
return 1
}
check_migrate_permission_hardener_state() { check_migrate_permission_hardener_state() {
local pkg_list modified_pkg_data_str custom_hardening_arr config_file local pkg_list modified_pkg_data_str custom_hardening_arr config_file
@ -35,8 +60,6 @@ check_migrate_permission_hardener_state() {
fi fi
mkdir --parents '/var/lib/security-misc/do_once' mkdir --parents '/var/lib/security-misc/do_once'
source /usr/libexec/helper-scripts/package_installed_check.bsh
orig_hardening_arr=( orig_hardening_arr=(
'/usr/lib/permission-hardener.d/25_default_passwd.conf' '/usr/lib/permission-hardener.d/25_default_passwd.conf'
'/usr/lib/permission-hardener.d/25_default_sudo.conf' '/usr/lib/permission-hardener.d/25_default_sudo.conf'
@ -86,17 +109,17 @@ check_migrate_permission_hardener_state() {
'/etc/permission-hardener.d/30_default.conf' '/etc/permission-hardener.d/30_default.conf'
) )
pkg_list="security-misc" pkg_list=( "security-misc" )
if pkg_installed user-sysmaint-split ; then if pkg_installed user-sysmaint-split ; then
pkg_list+=" user-sysmaint-split" pkg_list+=( "user-sysmaint-split" )
fi fi
if pkg_installed anon-apps-config ; then if pkg_installed anon-apps-config ; then
pkg_list+=" anon-apps-config" pkg_list+=( "anon-apps-config" )
fi fi
## This will exit non-zero if some of the packages don't exist, but we ## This will exit non-zero if some of the packages don't exist, but we
## don't care. The packages that *are* installed will still be scanned. ## don't care. The packages that *are* installed will still be scanned.
modified_pkg_data_str="$(dpkg --verify $pkg_list)" || true modified_pkg_data_str="$(dpkg --verify "${pkg_list[@]}")" || true
## Example modified_pkg_data_str: ## Example modified_pkg_data_str:
#modified_pkg_data_str='missing /usr/lib/permission-hardener.d/20_user-sysmaint-split.conf' #modified_pkg_data_str='missing /usr/lib/permission-hardener.d/20_user-sysmaint-split.conf'