#!/bin/sh
-# postinst script for spamassassin-cn
+# postinst script for kernel-2.6-cn
#
# see: dh_installdeb(1)
# import CN-functions
. /usr/share/carnet-tools/functions.sh
+# import GRUB helper functions
+. /usr/share/kernel-2.6-cn/grub-functions.sh
+
################################################################################
# starting up backup
# backup lilo.conf
if [ -e /etc/lilo.conf ]; then
- cp_backup_conffile /etc/lilo.conf
- echo -n " lilo.conf"
+ cp_backup_conffile /etc/lilo.conf
+ echo -n " lilo.conf"
fi
# backup old kernel params
if [ -e /etc/sysctl.conf ]; then
- cp_backup_conffile /etc/sysctl.conf
- echo -n " sysctl.conf"
+ cp_backup_conffile /etc/sysctl.conf
+ echo -n " sysctl.conf"
fi
# backup old kernel params
if [ -e /etc/kernel-img.conf ]; then
- cp_backup_conffile /etc/kernel-img.conf
- echo -n " kernel-img.conf"
+ cp_backup_conffile /etc/kernel-img.conf
+ echo -n " kernel-img.conf"
fi
# finished
################################################################################
+# remove obsolete symlinks and kernels
+rm -f /boot/vmlinuz /boot/vmlinuz.old /boot/vmlinuz.old2 \
+ /boot/vmlinuz.plain /vmlinuz /vmlinuz.old /boot/vmlinuz.plain \
+ /boot/vmlinuz.generic /boot/vmlinuz-generic /boot/vmlinuz-old
+echo "CN: Removed old symlinks in / and /boot."
+
+################################################################################
+
# intro msg
echo -n "CN: Configuring system (this will take a while):"
# update postinst_hook for grub
if grep -q postinst_hook /etc/kernel-img.conf; then
cp_check_and_sed '^postinst_hook' \
- 's;^postinst_hook[[:blank:]]*=.*;postinst_hook = /usr/sbin/update-grub;g' \
- /etc/kernel-img.conf || true
+ 's;^postinst_hook[[:blank:]]*=.*;postinst_hook = /usr/sbin/update-grub;g' \
+ /etc/kernel-img.conf || true
else
echo "postinst_hook = /usr/sbin/update-grub" >> /etc/kernel-img.conf
fi
# update postrm_hook for grub
if grep -q postrm_hook /etc/kernel-img.conf; then
cp_check_and_sed '^postrm_hook' \
- 's;^postrm_hook[[:blank:]]*=.*;postrm_hook = /usr/sbin/update-grub;g' \
- /etc/kernel-img.conf || true
+ 's;^postrm_hook[[:blank:]]*=.*;postrm_hook = /usr/sbin/update-grub;g' \
+ /etc/kernel-img.conf || true
else
echo "postrm_hook = /usr/sbin/update-grub" >> /etc/kernel-img.conf
fi
# enable initrd
if grep -q do_initrd /etc/kernel-img.conf; then
cp_check_and_sed '^do_initrd' \
- 's/^do_initrd[[:blank:]]*=.*/do_initrd = yes/g' \
- /etc/kernel-img.conf || true
+ 's/^do_initrd[[:blank:]]*=.*/do_initrd = yes/g' \
+ /etc/kernel-img.conf || true
else
echo "do_initrd = yes" >> /etc/kernel-img.conf
fi
cp -a /usr/lib/grub/i386-pc/* /boot/grub
fi
fi
+echo -n " grub1"
# create/update grub configuration
if [ -e /boot/grub/menu.lst ]; then
else
/usr/sbin/update-grub >/dev/null 2>&1 || true
fi
+echo -n " grub2"
+
+# workaround grsec
+if [ -x /sbin/chpax ]; then
+ if [ -x /usr/sbin/grub ]; then
+ chpax -spmrx /usr/sbin/grub || true
+ fi
+ if [ -x /usr/sbin/grub-probe ]; then
+ chpax -spmrx /usr/sbin/grub-probe || true
+ fi
+fi
+echo -n " grub3"
-# install grub loader
+# workaround execshield
SHIELD=$(sysctl -e -n kernel.exec-shield)
if [ ! -z "$SHIELD" ]; then
sysctl -w -e kernel.exec-shield=0 >/dev/null 2>&1
+ echo -n " execshield1"
+fi
+
+# remove obsolete devfs/compat links and restore normal udev behaviour
+rm -f /etc/udev/rules.d/devfs.rules /etc/udev/rules.d/compat.rules \
+ /etc/udev/rules.d/compat-full.rules
+if [ ! -e /etc/udev/rules.d/udev.rules ]; then
+ ln -s ../udev.rules /etc/udev/rules.d/udev.rules
+fi
+udevcontrol reload_rules >/dev/null 2>&1 || true
+echo -n " udev"
+
+# update device map if possible
+device_map=/boot/grub/device.map
+if [ -f $device_map ]; then
+ mv -f $device_map $device_map.old
fi
-if ! grub-install --no-floppy '(hd0)' >/dev/null 2>&1; then
+grub --batch --no-floppy --device-map=$device_map <<EOF >/dev/null 2>&1
+quit
+EOF
+if [ ! -s $device_map ]; then
+ if [ -f $device_map.old ]; then
+ mv -f $device_map.old $device_map
+ fi
+else
+ rm -f $device_map.old
+fi
+echo -n " grub4"
+
+# install GRUB loader
+install_device=$(grep '^(hd0)' $device_map | \
+ sed -e 's%[^[:space:]]*[[:space:]]*\([^[:space:]]*\)%\1%')
+if [ -z "$install_device" ]; then
+ echo "."
+ echo "CN: FATAL ERROR while detecting boot disk!"
+ echo "CN: Do not reboot your server and report this to OTRS immediately!"
+ exit 1
+fi
+if ! grub-install --no-floppy "$install_device" >/dev/null 2>&1; then
echo "."
- echo "CN: FATAL ERROR running grub-install!"
+ echo "CN: FATAL ERROR while running grub-install!"
echo "CN: Do not reboot your server and report this to OTRS immediately!"
exit 1
fi
+echo -n " grub5"
+
+# fix possible wrong params in menu.lst
+cp_check_and_sed '^# groot=' \
+ "s;^# groot=.*;# groot=$grub_root_device;g" \
+ /boot/grub/menu.lst || true
+cp_check_and_sed '^# kopt=' \
+ "s;^# kopt=\(.*\)root=[^[:space:]]*\(.*\);# kopt=\1root=$root_device\2;g" \
+ /boot/grub/menu.lst || true
+/usr/sbin/update-grub >/dev/null 2>&1 || true
+echo -n " grub6"
+
+# restore execshield state
if [ ! -z "$SHIELD" ]; then
sysctl -w -e "kernel.exec-shield=$SHIELD" >/dev/null 2>&1
+ echo -n " execshield2"
fi
# disable lilo
if [ -e /etc/lilo.conf ]; then
mv -f /etc/lilo.conf /etc/lilo.conf.old
+ echo -n " lilo"
fi
-echo -n " lilo"
# mdadm
if [ -x /usr/share/mdadm/mkconf ]; then
# remove group 99
if getent group proc >/dev/null 2>&1; then
groupdel proc >/dev/null 2>&1
+ echo -n " proc"
fi
-echo -n " proc"
# remove oidentd from oident group
if getent group oident >/dev/null 2>&1; then
# old kernel params
if [ -e /etc/sysctl.conf ]; then
- #cat /etc/sysctl.conf >> /etc/sysctl.conf.$$
- #ignore some of 2.4 stuff
- egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies' \
- /etc/sysctl.conf >> /etc/sysctl.conf.$$
+ egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies' \
+ /etc/sysctl.conf >> /etc/sysctl.conf.$$
fi
# add sysctl.conf Debian headers
# update pam_limits accordingly
if [ -e /etc/security/limits.conf ]; then
- rm -f /etc/security/limits.conf.$$
- cp /etc/security/limits.conf /etc/security/limits.conf.$$
- cp-update kernel-2.6-cn /etc/security/limits.conf.$$ <<EOF
+ rm -f /etc/security/limits.conf.$$
+ cp /etc/security/limits.conf /etc/security/limits.conf.$$
+ cp-update kernel-2.6-cn /etc/security/limits.conf.$$ <<EOF
* soft core 0
* hard nofile 4096
* soft nofile 4096
EOF
- cp_mv /etc/security/limits.conf.$$ /etc/security/limits.conf
- echo -n " limits"
+ cp_mv /etc/security/limits.conf.$$ /etc/security/limits.conf
+ echo -n " limits"
fi
# check pam.d/login
if [ -e /etc/pam.d/login ]; then
- cp_check_and_sed '^#.*session.+required.+pam_limits.so' \
- 's/^#.*session.+required.+pam_limits.so/session required pam_limits.so/' \
- /etc/pam.d/login || true
- echo -n " login"
+ cp_check_and_sed '^#.*session.+required.+pam_limits.so' \
+ 's/^#.*session.+required.+pam_limits.so/session required pam_limits.so/' \
+ /etc/pam.d/login || true
+ echo -n " login"
fi
# check pam.d/ssh
if [ -e /etc/pam.d/ssh ]; then
- cp_check_and_sed '^#.*session.+required.+pam_limits.so' \
- 's/^#.*session.+required.+pam_limits.so/session required pam_limits.so/' \
- /etc/pam.d/ssh || true
- echo -n " ssh"
+ cp_check_and_sed '^#.*session.+required.+pam_limits.so' \
+ 's/^#.*session.+required.+pam_limits.so/session required pam_limits.so/' \
+ /etc/pam.d/ssh || true
+ echo -n " ssh"
fi
# finished with PAM
################################################################################
-# remove obsolete links
-rm -f /boot/vmlinuz /boot/vmlinuz.old /boot/vmlinuz.old2 \
- /boot/vmlinuz.plain /vmlinuz /vmlinuz.old /boot/vmlinuz.plain
-echo "CN: Removed old symlinks in / and /boot."
-
-################################################################################
-
# fix old kernel-2.4-cn postrm
if [ -e /var/lib/dpkg/info/kernel-2.4-cn.postrm ]; then
echo "CN: Fixed old kernel-2.4-cn postrm."
projects / kernel-cn.git / blobdiff