Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-23 08:54:09 -04:00
Code Issues Projects Releases Packages Wiki Activity

notify if security-misc installation is forced

Browse source
This commit is contained in:
Patrick Schleizer 2020-03-30 18:39:23 -04:00
parent 7ee5fc1b76
commit c22adbd92f
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 60 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

86
debian/security-misc.preinst vendored
View file

@ -48,13 +48,14 @@ user_groups_modifications() {
addgroup root console addgroup root console
} }
output_skip_checks() {
echo "security-misc '$0' INFO: Allow installation of security-misc anyway." >&2
echo "security-misc '$0' INFO: (technical reason: $@)" >&2
echo "security-misc '$0' INFO: If this is a chroot this is probably OK." >&2
echo "security-misc '$0' INFO: Otherwise you might not be able to login." >&2
}
sudo_users_check () { sudo_users_check () {
if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
return 0
fi
if test -f /var/lib/security-misc/skip_install_check ; then
return 0
fi
if command -v "qubesdb-read" &>/dev/null; then if command -v "qubesdb-read" &>/dev/null; then
## Qubes users can use dom0 to get a root terminal emulator. ## Qubes users can use dom0 to get a root terminal emulator.
## For example: ## For example:
@ -86,26 +87,47 @@ sudo_users_check () {
IFS="$OLD_IFS" IFS="$OLD_IFS"
export IFS export IFS
if [ "$are_there_any_sudo_users" = "yes" ]; then
return 0
fi
if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
output_skip_checks "Environment variable SECURITY_MISC_INSTALL is set to 'force'."
return 0
fi
if test -f "/var/lib/security-misc/skip_install_check" ; then
output_skip_checks "File '/var/lib/security-misc/skip_install_check' exists."
return 0
fi
## Prevent users from locking themselves out. ## Prevent users from locking themselves out.
## https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4 ## https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
if [ ! "$are_there_any_sudo_users" = "yes" ]; then echo "$0: ERROR: No user is a member of group 'sudo'. Installation aborted." >&2
echo "$0: ERROR: No user is a member of group 'sudo'. Installation aborted." >&2 echo "$0: ERROR: You probably want to run:" >&2
echo "$0: ERROR: You probably want to run:" >&2 echo "" >&2
echo "" >&2 echo "sudo adduser user sudo" >&2
echo "sudo adduser user sudo" >&2 echo "sudo adduser user console" >&2
echo "sudo adduser user console" >&2 echo "" >&2
echo "" >&2 echo "$0: ERROR: See also installation instructions:" >&2
echo "$0: ERROR: See also installation instructions:" >&2 echo "https://www.whonix.org/wiki/security-misc#install" >&2
echo "https://www.whonix.org/wiki/security-misc#install" >&2
exit 200 if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
output_skip_checks "Environment variable SECURITY_MISC_INSTALL is set to 'force'."
return 0
fi fi
if test -f "/var/lib/security-misc/skip_install_check" ; then
output_skip_checks "File '/var/lib/security-misc/skip_install_check' exists."
return 0
fi
exit 200
} }
console_users_check() { console_users_check() {
if [ "$SECURITY_MISC_INSTALL" = "force" ]; then if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
return 0 return 0
fi fi
if test -f /var/lib/security-misc/skip_install_check ; then if test -f "/var/lib/security-misc/skip_install_check" ; then
return 0 return 0
fi fi
if command -v "qubesdb-read" &>/dev/null; then if command -v "qubesdb-read" &>/dev/null; then
@ -142,16 +164,28 @@ console_users_check() {
## Prevent users from locking themselves out. ## Prevent users from locking themselves out.
## https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4 ## https://forums.whonix.org/t/is-security-misc-suitable-for-hardening-bridges-and-relays/8299/4
if [ ! "$are_there_any_console_users" = "yes" ]; then if [ "$are_there_any_console_users" = "yes" ]; then
echo "$0: ERROR: No user is a member of group 'console'. Installation aborted." >&2 return 0
echo "$0: ERROR: You probably want to run:" >&2
echo "" >&2
echo "sudo adduser user console" >&2
echo "" >&2
echo "$0: ERROR: See also installation instructions:" >&2
echo "https://www.whonix.org/wiki/security-misc#install" >&2
exit 201
fi fi
echo "$0: ERROR: No user is a member of group 'console'. Installation aborted." >&2
echo "$0: ERROR: You probably want to run:" >&2
echo "" >&2
echo "sudo adduser user console" >&2
echo "" >&2
echo "$0: ERROR: See also installation instructions:" >&2
echo "https://www.whonix.org/wiki/security-misc#install" >&2
if [ "$SECURITY_MISC_INSTALL" = "force" ]; then
output_skip_checks "Environment variable SECURITY_MISC_INSTALL is set to 'force'."
return 0
fi
if test -f "/var/lib/security-misc/skip_install_check" ; then
output_skip_checks "File '/var/lib/security-misc/skip_install_check' exists."
return 0
fi
exit 201
} }
legacy() { legacy() {