2 # postinst script for kernel-cn
4 # see: dh_installdeb(1)
8 # summary of how this script can be called:
9 # * <postinst> `configure' <most-recently-configured-version>
10 # * <old-postinst> `abort-upgrade' <new version>
11 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
13 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
14 # <failed-install-package> <version> `removing'
15 # <conflicting-package> <version>
16 # for details, see http://www.debian.org/doc/debian-policy/ or
17 # the debian-policy package
21 configure|reconfigure)
30 # Source debconf library.
31 . /usr/share/debconf/confmodule
34 . /usr/share/carnet-tools/functions.sh
36 # import GRUB helper functions
37 . /usr/share/kernel-cn/grub-functions.sh
39 ################################################################################
42 echo -n "CN: Backed up to /var/backups:"
45 if [ -e /etc/lilo.conf ]; then
46 cp_backup_conffile /etc/lilo.conf
50 # backup old kernel params
51 if [ -e /etc/sysctl.conf ]; then
52 cp_backup_conffile /etc/sysctl.conf
53 echo -n " sysctl.conf"
56 # backup old kernel params
57 if [ -e /etc/kernel-img.conf ]; then
58 cp_backup_conffile /etc/kernel-img.conf
59 echo -n " kernel-img.conf"
65 ################################################################################
67 # remove obsolete symlinks and kernels
68 rm -f /boot/vmlinuz /boot/vmlinuz.old /boot/vmlinuz.old2 \
69 /boot/vmlinuz.plain /vmlinuz /vmlinuz.old /boot/vmlinuz.plain \
70 /boot/vmlinuz.generic /boot/vmlinuz-generic /boot/vmlinuz-old
71 echo "CN: Removed old symlinks in / and /boot."
73 ################################################################################
75 DIVERT_TO="grub grub-probe"
77 echo -n "CN: Undiverting binaries if necessary:"
78 for i in $DIVERT_TO; do
79 if [ -e /usr/sbin/$i.real ]; then
80 dpkg-divert --remove --rename --package 'kernel-2.6-cn' \
81 --divert /usr/sbin/$i.real /usr/sbin/$i >/dev/null
87 ################################################################################
89 # detect existing Grub2 installation
92 if [ \( -e /boot/grub/grub.cfg \) -o \( -e /boot/grub/core.img \) -o \( -e /usr/lib/grub/i386-pc/ext2.mod \) ]; then
93 echo "CN: Detected GRUB2 installation, will try to use it."
95 if [ -e /boot/grub/menu.lst ]; then
96 echo "CN: Oops, GRUB1 (Legacy) installation detected. Will try to upgrade to GRUB2."
99 echo "CN: No GRUB2 detected, will continue with GRUB1 as default option."
102 ################################################################################
104 # check if we are under Xen DomU PV
105 # (perhaps check /sys/hypervisor/uuid in the future)
108 if [ \( -w /dev/xvda \) -o \( -w /dev/xvdb \) ]; then
109 echo "CN: Detected DomU instance, won't install Grub MBR."
113 ################################################################################
116 echo -n "CN: Configuring system (this will take a while):"
118 # generate kernel-img.conf
119 if [ ! -e /etc/kernel-img.conf ]; then
120 touch /etc/kernel-img.conf
123 # update postinst_hook for grub/grub2
124 if grep -q postinst_hook /etc/kernel-img.conf; then
125 cp_check_and_sed '^postinst_hook' \
126 's;^postinst_hook[[:blank:]]*=.*;postinst_hook = /usr/sbin/update-grub;g' \
127 /etc/kernel-img.conf || true
129 echo "postinst_hook = /usr/sbin/update-grub" >> /etc/kernel-img.conf
132 # update postrm_hook for grub/grub2
133 if grep -q postrm_hook /etc/kernel-img.conf; then
134 cp_check_and_sed '^postrm_hook' \
135 's;^postrm_hook[[:blank:]]*=.*;postrm_hook = /usr/sbin/update-grub;g' \
136 /etc/kernel-img.conf || true
138 echo "postrm_hook = /usr/sbin/update-grub" >> /etc/kernel-img.conf
142 if grep -q do_initrd /etc/kernel-img.conf; then
143 cp_check_and_sed '^do_initrd' \
144 's/^do_initrd[[:blank:]]*=.*/do_initrd = yes/g' \
145 /etc/kernel-img.conf || true
147 echo "do_initrd = yes" >> /etc/kernel-img.conf
150 echo -n " kernel-img.conf"
152 # generate initial grub loaders
153 if [ "x$GRUB2" = "xno" ]; then
155 if [ ! -d "$grub_dir" ]; then
158 if [ -d /usr/lib/grub/i386-pc ]; then
159 cp -a /usr/lib/grub/i386-pc/* "$grub_dir"
161 elif [ -d /usr/lib/grub/x86_64-pc ]; then
162 cp -a /usr/lib/grub/x86_64-pc/* "$grub_dir"
167 if [ ! -d /boot/grub ]; then
169 if [ -d /usr/lib/grub/i386-pc ]; then
170 cp -a /usr/lib/grub/i386-pc/* /boot/grub
176 # create/update grub configuration
177 if [ "x$GRUB2" = "xno" ]; then
179 if [ -e "$menu_file" ]; then
180 # is there uncompatibile grub conf present?
181 if ! grep -q 'AUTOMAGIC KERNELS LIST' "$menu_file"; then
182 mv -f "$menu_file" "$menu_file.old"
185 if [ ! -e "$menu_file" ]; then
186 yes | update-grub >/dev/null 2>&1 || true
188 update-grub >/dev/null 2>&1 || true
192 touch /boot/grub/grub.cfg
193 update-grub >/dev/null 2>&1 || true
198 if uname -a | grep -q grsec; then
199 if [ -x /sbin/chpax ]; then
201 if [ -x /usr/sbin/grub.real ]; then
202 chpax -spmrx /usr/sbin/grub.real >/dev/null 2>&1 || true
203 elif [ -x /usr/sbin/grub ]; then
204 chpax -spmrx /usr/sbin/grub >/dev/null 2>&1 || true
208 if [ -x /usr/sbin/grub-probe.real ]; then
209 chpax -spmrx /usr/sbin/grub-probe.real >/dev/null 2>&1 || true
210 elif [ -x /usr/sbin/grub-probe ]; then
211 chpax -spmrx /usr/sbin/grub-probe >/dev/null 2>&1 || true
218 # remove obsolete devfs/compat links and restore normal udev behaviour
219 rm -f /etc/udev/rules.d/devfs.rules /etc/udev/rules.d/compat.rules \
220 /etc/udev/rules.d/compat-full.rules
221 #if [ ! -e /etc/udev/rules.d/udev.rules ]; then
222 # ln -s ../udev.rules /etc/udev/rules.d/udev.rules
224 udevadm control --reload_rules >/dev/null 2>&1 || true
225 udevadm settle || true
228 # update device map if possible
229 if [ "x$GRUB2" = "xno" ]; then
231 if [ -f "$device_map" ]; then
232 mv -f "$device_map" "$device_map.old"
234 # possible situation when upgrading from Grub1 to Grub2
235 if [ ! -x /usr/sbin/grub ]; then
237 echo "CN: FATAL ERROR while trying to execute GRUB1!"
238 echo "CN: Do not reboot your server and report this to syshelp@carnet.hr immediately!"
241 grub --batch --no-floppy --device-map="$device_map" <<'EOF' >/dev/null 2>&1 || true
244 if [ ! -s "$device_map" ]; then
245 if [ -f "$device_map.old" ]; then
246 mv -f "$device_map.old" "$device_map"
250 rm -f "$device_map.old"
254 grub-mkdevicemap --no-floppy >/dev/null 2>&1 || true
255 grub-install --no-floppy --grub-setup=/bin/true "$(grub-probe -t drive /boot/grub)" >/dev/null 2>&1 || true
259 # import GRUB helper functions (again, updated device map)
260 . /usr/share/kernel-cn/grub-functions.sh
262 if [ "x$GRUB2" = "xno" ]; then
264 # get install device (0x80 BIOS device)
265 install_device=$(grep '^(hd0)' "$device_map" | \
266 sed -e 's%[^[:space:]]*[[:space:]]*\([^[:space:]]*\)%\1%')
267 if [ -z "$install_device" ]; then
269 echo "CN: FATAL ERROR while detecting boot disk!"
270 echo "CN: Do not reboot your server and report this to syshelp@carnet.hr immediately!"
274 # oops, install device is a symlink...
275 if [ -h "$install_device" ]; then
276 install_device_resolved=$(resolve_symlink "$install_device")
277 if [ -z "$install_device_resolved" ]; then
278 install_device_resolved="$install_device"
281 # try to fix device map with symlink resolved device
282 if [ "x$install_device_resolved" != "x$install_device" ]; then
283 cp_check_and_sed '^\(hd0\)' \
284 "s;^(hd0).*;(hd0) $install_device_resolved;" "$device_map" \
290 install_device="(hd0)"
294 # install GRUB loader: this will work for both Grub1 and Grub2
295 if [ "x$GRUB_MBR" = "xyes" ]; then
296 if ! grub-install --no-floppy "$install_device" >/dev/null 2>&1; then
298 echo "CN: FATAL ERROR while running grub-install on $install_device!"
299 echo "CN: Do not reboot your server and report this to syshelp@carnet.hr immediately!"
305 # fix possible wrong params in menu.lst
306 if [ "x$GRUB2" = "xno" ]; then
308 cp_check_and_sed '^# groot=' \
309 "s;^# groot=.*;# groot=$grub_root_device;g" \
311 cp_check_and_sed '^# kopt=' \
312 "s;^# kopt=\(.*\)root=[^[:space:]]*\(.*\);# kopt=\1root=$root_device\2;g" \
315 update-grub >/dev/null 2>&1 || true
318 # fix possible wrong params in menu.lst
319 if [ "x$GRUB2" = "xno" ]; then
321 # ... and final stage of devfs/udev brokeness fix
322 if [ "x$install_device_resolved" != "x$install_device" ]; then
323 # get original (symlinked device)
324 root_device=$(find_device_nonresolved "/")
325 if [ -z "$root_device" ]; then
326 root_device=$(find_root_device)
330 cp_check_and_sed '^\(hd0\)' \
331 "s;^(hd0).*;(hd0) $install_device;" "$device_map" \
334 # fix global root= invocation
335 cp_check_and_sed '^# kopt=' \
336 "s;^# kopt=\(.*\)root=[^[:space:]]*\(.*\);# kopt=\1root=$root_device\2;g" \
339 # fix root= invocation for individual kernel profiles
340 cp_check_and_sed '^kernel' \
341 "s;\(^kernel.*\)root=[^[:space:]]*\(.*\);\1root=$root_device\2;g" \
347 # install to other boot sectors if needed (better safe than sorry)
348 if [ "x$GRUB_MBR" = "xyes" ]; then
349 if [ "x$GRUB2" = "xyes" ]; then
351 db_get grub-pc/install_devices
352 for i in `echo $RET | sed -e 's/,/ /g'`; do
353 real_device="$(readlink -f "$i")"
354 if [ -e "$real_device" ]; then
355 grub-install --force --no-floppy $real_device \
356 >/dev/null 2>&1 || true
364 if [ -e /etc/lilo.conf ]; then
365 mv -f /etc/lilo.conf /etc/lilo.conf.old
370 if [ -x /usr/share/mdadm/mkconf ]; then
371 if [ ! -e /etc/mdadm/mdadm.conf ]; then
372 touch /etc/mdadm/mdadm.conf
375 /usr/share/mdadm/mkconf > /etc/mdadm/mdadm.conf.$$
376 if ! cmp -s /etc/mdadm/mdadm.conf.$$ /etc/mdadm/mdadm.conf; then
377 mv /etc/mdadm/mdadm.conf.$$ /etc/mdadm/mdadm.conf
379 rm -f /etc/mdadm/mdadm.conf.$$ /etc/initramfs-tools/hooks/md \
380 /var/lib/mdadm/CONF-UNCHECKED
384 # update initramfs accordingly (because of mdadm and udev)
385 update-initramfs -u -k all >/dev/null 2>&1 || true
391 ################################################################################
393 # rest of configuration...
394 echo -n "CN: Modifying the neccessary system files:"
397 if getent group proc >/dev/null 2>&1; then
398 groupdel proc >/dev/null 2>&1
402 # remove oidentd from oident group
403 if getent group oident >/dev/null 2>&1; then
405 cp_check_and_sed '^OIDENT_GROUP[[:blank:]]*=[[:blank:]]*nogroup' \
406 's/^OIDENT_GROUP[[:blank:]]*=[[:blank:]]*nogroup/OIDENT_GROUP=oident/g' \
407 /etc/default/oidentd || true
409 # old kernel-2.6-cn default
410 cp_check_and_sed '^OIDENT_GROUP[[:blank:]]*=[[:blank:]]*proc' \
411 's/^OIDENT_GROUP[[:blank:]]*=[[:blank:]]*proc/OIDENT_GROUP=oident/g' \
412 /etc/default/oidentd || true
417 # default kernel parameters
418 rm -f /etc/sysctl.conf.$$
420 # old kernel params (skipping some of the obsolete or overrided entries)
421 if [ -e /etc/sysctl.conf ]; then
422 egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies|kernel\.exec-shield|net\.ipv4\.tcp_max_syn_backlog|net\.ipv4\.tcp_congestion_control|kernel\.maps_protect' \
423 /etc/sysctl.conf >> /etc/sysctl.conf.$$
426 # finished with merging, move into sysctl.conf
427 cp_mv /etc/sysctl.conf.$$ /etc/sysctl.conf
428 echo -n " sysctl.conf"
431 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
432 invoke-rc.d procps restart >/dev/null 2>&1 || true
434 /etc/init.d/procps restart >/dev/null 2>&1 || true
437 # finished with basic kernel-cn stuff
440 ################################################################################
443 echo -n "CN: Setting up PAM configurations:"
445 # update pam_limits accordingly
446 if [ -e /etc/security/limits.conf ]; then
447 rm -f /etc/security/limits.conf.$$
448 cp /etc/security/limits.conf /etc/security/limits.conf.$$
449 cp-update kernel-cn /etc/security/limits.conf.$$ <<'EOF'
453 @users soft nproc 100
454 @users hard nproc 150
456 cp_mv /etc/security/limits.conf.$$ /etc/security/limits.conf
461 if [ -e /etc/pam.d/login ]; then
462 cp_check_and_sed '^#.*session.+required.+pam_limits.so' \
463 's/^#.*session.+required.+pam_limits.so/session required pam_limits.so/' \
464 /etc/pam.d/login || true
469 if [ -e /etc/pam.d/ssh ]; then
470 cp_check_and_sed '^#.*session.+required.+pam_limits.so' \
471 's/^#.*session.+required.+pam_limits.so/session required pam_limits.so/' \
472 /etc/pam.d/ssh || true
479 ################################################################################
481 # dh_installdeb will replace this with shell code automatically
482 # generated by other debhelper scripts.