notify if security-misc installation is forced

2024-10-01 08:25:45 -04:00 · 2020-03-30 18:39:23 -04:00 · 2020-03-30 18:39:23 -04:00 · c22adbd92f
commit c22adbd92f
parent 7ee5fc1b76
1 changed files with 60 additions and 26 deletions
--- a/debian/security-misc.preinst
+++ b/debian/security-misc.preinst
@ -48,13 +48,14 @@ user_groups_modifications() {
   addgroup root console
 }

+output_skip_checks() {
+   echo "security-misc '$0' INFO: Allow installation of security-misc anyway." >&2
+   echo "security-misc '$0' INFO: (technical reason: $@)" >&2
+   echo "security-misc '$0' INFO: If this is a chroot this is probably OK." >&2
+   echo "security-misc '$0' INFO: Otherwise you might not be able to login." >&2
+}
+
 sudo_users_check () {
-   if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
-      return 0
-   fi
-   if test -f /var/lib/security-misc/skip_install_check ; then
-      return 0
-   fi
   if command -v "qubesdb-read" &>/dev/null; then
      ## Qubes users can use dom0 to get a root terminal emulator.
      ## For example:
@ -86,26 +87,47 @@ sudo_users_check () {
   IFS="$OLD_IFS"
   export IFS

+   if [ "$are_there_any_sudo_users" = "yes" ]; then
+      return 0
+   fi
+
+   if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
+      output_skip_checks "Environment variable SECURITY_MISC_INSTALL is set to 'force'."
+      return 0
+   fi
+   if test -f "/var/lib/security-misc/skip_install_check" ; then
+      output_skip_checks "File '/var/lib/security-misc/skip_install_check' exists."
+      return 0
+   fi
+
   ## Prevent users from locking themselves out.
   ## https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
-   if [ ! "$are_there_any_sudo_users" = "yes" ]; then
-      echo "$0: ERROR: No user is a member of group 'sudo'. Installation aborted." >&2
-      echo "$0: ERROR: You probably want to run:" >&2
-      echo "" >&2
-      echo "sudo adduser user sudo" >&2
-      echo "sudo adduser user console" >&2
-      echo "" >&2
-      echo "$0: ERROR: See also installation instructions:" >&2
-      echo "https://www.whonix.org/wiki/security-misc#install" >&2
-      exit 200
+   echo "$0: ERROR: No user is a member of group 'sudo'. Installation aborted." >&2
+   echo "$0: ERROR: You probably want to run:" >&2
+   echo "" >&2
+   echo "sudo adduser user sudo" >&2
+   echo "sudo adduser user console" >&2
+   echo "" >&2
+   echo "$0: ERROR: See also installation instructions:" >&2
+   echo "https://www.whonix.org/wiki/security-misc#install" >&2
+
+   if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
+      output_skip_checks "Environment variable SECURITY_MISC_INSTALL is set to 'force'."
+      return 0
   fi
+   if test -f "/var/lib/security-misc/skip_install_check" ; then
+      output_skip_checks "File '/var/lib/security-misc/skip_install_check' exists."
+      return 0
+   fi
+
+   exit 200
 }

 console_users_check() {
   if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
      return 0
   fi
-   if test -f /var/lib/security-misc/skip_install_check ; then
+   if test -f "/var/lib/security-misc/skip_install_check" ; then
      return 0
   fi
   if command -v "qubesdb-read" &>/dev/null; then
@ -142,16 +164,28 @@ console_users_check() {

   ## Prevent users from locking themselves out.
   ## https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
-   if [ ! "$are_there_any_console_users" = "yes" ]; then
-      echo "$0: ERROR: No user is a member of group 'console'. Installation aborted." >&2
-      echo "$0: ERROR: You probably want to run:" >&2
-      echo "" >&2
-      echo "sudo adduser user console" >&2
-      echo "" >&2
-      echo "$0: ERROR: See also installation instructions:" >&2
-      echo "https://www.whonix.org/wiki/security-misc#install" >&2
-      exit 201
+   if [ "$are_there_any_console_users" = "yes" ]; then
+      return 0
   fi
+
+   echo "$0: ERROR: No user is a member of group 'console'. Installation aborted." >&2
+   echo "$0: ERROR: You probably want to run:" >&2
+   echo "" >&2
+   echo "sudo adduser user console" >&2
+   echo "" >&2
+   echo "$0: ERROR: See also installation instructions:" >&2
+   echo "https://www.whonix.org/wiki/security-misc#install" >&2
+
+   if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
+      output_skip_checks "Environment variable SECURITY_MISC_INSTALL is set to 'force'."
+      return 0
+   fi
+   if test -f "/var/lib/security-misc/skip_install_check" ; then
+      output_skip_checks "File '/var/lib/security-misc/skip_install_check' exists."
+      return 0
+   fi
+
+   exit 201
 }

 legacy() {