#!/bin/bash ## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. if [ -f /usr/lib/helper-scripts/pre.bsh ]; then source /usr/lib/helper-scripts/pre.bsh fi set -e true " ##################################################################### ## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@ ##################################################################### " case "$1" in configure) ## /usr/share/glib-2.0/schemas/30_security-misc.gschema.override glib-compile-schemas /usr/share/glib-2.0/schemas || true ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "$DPKG_MAINTSCRIPT_NAME called with unknown argument \`$1'" >&2 exit 1 ;; esac ## /usr/lib/security-misc/hide-hardware-info addgroup --system sysfs addgroup --system cpuinfo ## group 'sudo' membership required to use 'su' ## /usr/share/pam-configs/wheel-security-misc addgroup root sudo ## Related to Console Lockdown. ## /usr/share/pam-configs/console-lockdown-security-misc ## /etc/security/access-security-misc.conf addgroup --system console addgroup --system console-unrestricted addgroup --system ssh ## This has no effect since by default this package also ships and an ## /etc/securetty configuration file that contains nothing but comments, i.e. ## an "empty" /etc/securetty. ## In case a system administrator edits /etc/securetty, there is no need to ## block for this to be still blocked by console lockdown. See also: ## https://www.whonix.org/wiki/Root#Root_Login addgroup root console pam-auth-update --package /usr/lib/security-misc/permission-lockdown ## https://phabricator.whonix.org/T377 ## Debian has no update-grub trigger yet: ## https://bugs.debian.org/481542 if command -v update-grub >/dev/null 2>&1; then update-grub || \ echo "$DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME ERROR: Running \ 'update-grub' failed with exit code $?. $DPKG_MAINTSCRIPT_PACKAGE is most \ likely only the trigger, not the cause. Unless you know this is not an issue, \ you should fix running 'update-grub', otherwise your system might no longer \ boot." >&2 fi true "INFO: debhelper beginning here." #DEBHELPER# true "INFO: Done with debhelper." true " ##################################################################### ## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@ ##################################################################### " ## Explicitly "exit 0", so eventually trapped errors can be ignored. exit 0