One Hat Cyber Team
Your IP :
3.137.154.13
Server IP :
104.21.80.1
Server :
Linux agrigation-prod 5.15.0-67-generic #74-Ubuntu SMP Wed Feb 22 14:14:39 UTC 2023 x86_64
Server Software :
nginx/1.24.0
PHP Version :
7.4.33
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
thread-self
/
root
/
var
/
lib
/
dpkg
/
info
/
Edit File:
ubuntu-advantage-tools.postinst
#!/bin/sh set -e . /etc/os-release # For VERSION_ID # Needed even if this script doesn't call debconf, see: # https://lintian.debian.org/tags/postinst-does-not-load-confmodule.html # Note: this may re-exec the postinst script. . /usr/share/debconf/confmodule if [ -z "${VERSION_ID}" ]; then echo "Warning: missing VERSION_ID in /etc/os-release" >&2 VERSION_ID="NO-VERSION_ID" fi APT_TRUSTED_KEY_DIR="/etc/apt/trusted.gpg.d" ESM_INFRA_KEY_TRUSTY="ubuntu-advantage-esm-infra-trusty.gpg" ESM_APPS_KEY="ubuntu-advantage-esm-apps.gpg" APT_SRC_DIR="/etc/apt/sources.list.d" APT_PREFERENCES_DIR="/etc/apt/preferences.d" ESM_INFRA_OLD_APT_SOURCE_FILE_TRUSTY="$APT_SRC_DIR/ubuntu-esm-infra-trusty.list" ESM_INFRA_APT_SOURCE_FILE="$APT_SRC_DIR/ubuntu-esm-infra.list" ESM_APPS_APT_SOURCE_FILE="$APT_SRC_DIR/ubuntu-esm-apps.list" FIPS_APT_SOURCE_FILE="$APT_SRC_DIR/ubuntu-fips.list" OLD_CLIENT_FIPS_PPA="private-ppa.launchpad.net/ubuntu-advantage/fips/ubuntu" UA_TIMER_NAME="ua-timer.timer" OLD_MESSAGING_TIMER="ua-messaging.timer" OLD_MESSAGING_TIMER_MASKED_LOCATION="/etc/systemd/system/timers.target.wants/$OLD_MESSAGING_TIMER" OLD_LICENSE_CHECK_PATH="ua-license-check.path" OLD_LICENSE_CHECK_PATH_MASKED_LOCATION="/etc/systemd/system/multi-user.target.wants/$OLD_LICENSE_CHECK_PATH" XENIAL_CLOUD_ID_SHIM_UNIT_LOCATION="/etc/systemd/system/multi-user.target.wants/ubuntu-advantage-cloud-id-shim.service" ESM_APT_PREF_FILE_TRUSTY="$APT_PREFERENCES_DIR/ubuntu-esm-trusty" ESM_INFRA_OLD_APT_PREF_FILE_TRUSTY="$APT_PREFERENCES_DIR/ubuntu-esm-infra-trusty" ESM_INFRA_APT_PREF_FILE="$APT_PREFERENCES_DIR/ubuntu-esm-infra" ESM_APPS_APT_PREF_FILE="$APT_PREFERENCES_DIR/ubuntu-esm-apps" SYSTEMD_WANTS_AUTO_ATTACH_LINK="/etc/systemd/system/multi-user.target.wants/ua-auto-attach.service" SYSTEMD_HELPER_ENABLED_AUTO_ATTACH_DSH="/var/lib/systemd/deb-systemd-helper-enabled/ua-auto-attach.service.dsh-also" SYSTEMD_HELPER_ENABLED_WANTS_LINK="/var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/ua-auto-attach.service" REBOOT_CMD_MARKER_FILE="/var/lib/ubuntu-advantage/marker-reboot-cmds-required" OLD_LICENSE_CHECK_MARKER_FILE="/var/lib/ubuntu-advantage/marker-license-check" MACHINE_TOKEN_FILE="/var/lib/ubuntu-advantage/private/machine-token.json" PUBLIC_MACHINE_TOKEN_FILE="/var/lib/ubuntu-advantage/machine-token.json" UA_MESSAGES_DIR="/var/lib/ubuntu-advantage/messages" APT_ESM_MESSAGE_FILE="$UA_MESSAGES_DIR/apt-pre-invoke-esm-service-status" ESM_APPS_APT_MSG_FILES="$UA_MESSAGES_DIR/apt-pre-invoke-no-packages-apps.tmpl $UA_MESSAGES_DIR/apt-pre-invoke-no-packages-apps $UA_MESSAGES_DIR/apt-pre-invoke-packages-apps.tmpl $UA_MESSAGES_DIR/apt-pre-invoke-packages-apps" UA_FLAGS_DIR="/var/lib/ubuntu-advantage/flags" APT_NEWS_FLAG_FILE="$UA_FLAGS_DIR/show-apt-news" TMP_CANDIDATE_CACHE_PATH="/tmp/ubuntu-advantage/candidate-version" # Rename apt config files for ua services removing ubuntu release names redact_ubuntu_release_from_ua_apt_filenames() { DIR=$1 # It is okay if this list is outdated, because this function is only used for an old migration. # Any services that were introduced after this migration was added won't need to be migrated. UA_SERVICES="cc-eal cis esm-infra esm-apps fips fips-updates livepatch ros ros-updates" for file in "$DIR"/*; do release_name="" case "$file" in *-trusty*) release_name=trusty;; *-xenial*) release_name=xenial;; *-bionic*) release_name=bionic;; *-focal*) release_name=focal;; *-groovy*) release_name=groovy;; *) release_name="";; esac if [ "$release_name" ]; then # We have a ubuntu release name in the apt config. # Remove $release_name from original $file. new_file=${file%-${release_name}*}${file#*${release_name}} for service in ${UA_SERVICES}; do if [ "${file#*$service}" != "$file" ]; then # Valid apt cfg file for an ubuntu-advantage service mv "$file" "$new_file" fi done fi done } # Check cached service status from status.json and return 0 if enabled else 1 check_service_is_enabled() { service_name=$1 _RET=$(/usr/bin/python3 -c " import os import json from uaclient.config import UAConfig cfg = UAConfig() status = cfg.read_cache('status-cache') if status: for service in status.get('services', []): if service.get('name', '') == '${service_name}': print(service.get('status', '')) ") if [ "${_RET}" = "enabled" ]; then return 0 else return 1 fi } esm_infra_cleanup() { if ! check_service_is_enabled esm-infra; then rm -f "$APT_TRUSTED_KEY_DIR/ubuntu-esm*gpg" # Remove previous esm keys rm -f "$APT_TRUSTED_KEY_DIR/$ESM_INFRA_KEY_TRUSTY" rm -f "$ESM_INFRA_APT_SOURCE_FILE" rm -f "$ESM_INFRA_OLD_APT_SOURCE_FILE_TRUSTY" rm -f "$ESM_APT_PREF_FILE_TRUSTY" "$ESM_INFRA_OLD_APT_PREF_FILE_TRUSTY" rm -f "$ESM_INFRA_APT_PREF_FILE" fi } esm_apps_cleanup() { if ! check_service_is_enabled esm-apps; then rm -f "$APT_TRUSTED_KEY_DIR/$ESM_APPS_KEY" rm -f "$ESM_APPS_APT_SOURCE_FILE" rm -f "$ESM_APPS_APT_PREF_FILE" fi } # If held fips packages exist, we are on a FIPS PRO machine with FIPS enabled mark_reboot_for_fips_pro() { FIPS_HOLDS=$(apt-mark showholds | grep -E 'fips|libssl1|openssh-client|openssh-server|linux-fips|openssl|strongswan' || exit 0) if [ "$FIPS_HOLDS" ]; then mark_reboot_cmds_as_needed FIPS_REBOOT_REQUIRED_MSG fi } add_notice() { msg_name=$1 /usr/bin/python3 -c " from uaclient.config import UAConfig from uaclient.messages import ${msg_name} cfg = UAConfig(root_mode=True) cfg.notice_file.add(label='', description=${msg_name}) " } mark_reboot_cmds_as_needed() { msg_name=$1 if [ ! -f "$REBOOT_CMD_MARKER_FILE" ]; then touch $REBOOT_CMD_MARKER_FILE fi add_notice "$msg_name" } patch_status_json_0_1_for_non_root() { # UA client 27.2 broke status.json schema backward-compatibility for # non-root users. Apply a patch to allow non-root user to run `ua status` # without Tracebacks if dpkg --compare-versions "$PREVIOUS_PKG_VER" gt-nl "27.2"; then return fi if [ ! -e "/var/lib/ubuntu-advantage/status.json" ]; then return fi /usr/lib/ubuntu-advantage/patch_status_json.py || true } notify_wrong_fips_metapackage_on_cloud() { # On xenial, we don't have FIPS optimized kernels on the clouds. # Because of that, we block enabling FIPS on xenial clouds. However, # we do have a config override that allows users to install the generic # FIPS packages into the cloud instance. We don't want to notify those users if [ "$VERSION_ID" = "16.04" ]; then return fi fips_metapkg="ubuntu-fips" cloud_id=$(cloud-id 2>/dev/null) || cloud_id="" # If the package is not installed, we don't want the postinst script to fail fips_installed=$(dpkg-query -W --showformat='${db:Status-Status}\n' $fips_metapkg 2>/dev/null || true) if echo "$cloud_id" | grep -E -q "^(azure|aws)"; then if echo "$fips_installed" | grep -E -q "installed"; then add_notice NOTICE_WRONG_FIPS_METAPACKAGE_ON_CLOUD fi fi } rm_old_license_check_marker() { rm -f $OLD_LICENSE_CHECK_MARKER_FILE } disable_new_timer_if_old_timer_already_disabled() { # If the user has disabled the ua-messaging # then we will assume that the user would want the # ua-timer to be disabled as well. In that case, we will # disable the ua-timer here. PREVIOUS_PKG_VER=$1 # We should only perform this check on UA version that have the # ua-messaging.timer: 27.0 until 27.2. This will also guarantee # that on 27.3 and forward, we will not run this logic. if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.0~" \ || dpkg --compare-versions "$PREVIOUS_PKG_VER" ge "27.3~"; then return fi if ! deb-systemd-helper --quiet was-enabled $OLD_MESSAGING_TIMER; then # We have the following entry on our rules file: # dh_systemd_enable -pubuntu-advantage-tools ua-timer.timer # This rule will append some code at the end of the postinst script # that checks if the ua-timer.timer was already enabled on the system. # This means that if we manually disable the service here, that logic will # still enable it in the end of the postinst script. # Because of this logic we are now manually enabling ua-timer.timer here # and then we manually disable it. This will guarantee that the was-enabled # logic introduced by the rules file will not be triggered and we will not # re-enable the ua-timer.timer service after calling this function. echo "$OLD_MESSAGING_TIMER was disabled. Disabling $UA_TIMER_NAME." >&2 deb-systemd-helper enable $UA_TIMER_NAME > /dev/null 2>&1 || true deb-systemd-helper disable $UA_TIMER_NAME > /dev/null 2>&1 || true fi } remove_old_systemd_units() { PREVIOUS_PKG_VER=$1 # These are the commands that are run when the package is purged. # Since we actually want to remove this service from now on # we have replicated that behavior here if [ -L $OLD_MESSAGING_TIMER_MASKED_LOCATION ]; then deb-systemd-helper purge ua-messaging.timer > /dev/null || true deb-systemd-helper unmask ua-messaging.timer > /dev/null || true fi if [ -L $OLD_LICENSE_CHECK_PATH_MASKED_LOCATION ]; then if [ -d /run/systemd/system ]; then # If the old ua-license-check.timer was running during upgrade # then it will be in a failed state because the files were removed # The failed state is ephemeral and only needs to be cleared if # it is there so that the system doesn't say it is degraded. # If the old timer was not running, then this is a noop. systemctl --system daemon-reload > /dev/null || true systemctl reset-failed ua-license-check.timer > /dev/null 2>&1 || true # In rare race-condition scenarios, the service can also get into # the same failed state. systemctl reset-failed ua-license-check.service > /dev/null 2>&1 || true fi deb-systemd-helper purge ua-license-check.path > /dev/null || true deb-systemd-helper unmask ua-license-check.path > /dev/null || true fi # If we're do-release-upgrad-ing to bionic, then clean up the xenial-only # cloud-id-shim unit if [ "$VERSION_ID" = "18.04" ]; then if echo "$PREVIOUS_PKG_VER" | grep -q "16.04"; then if [ -L $XENIAL_CLOUD_ID_SHIM_UNIT_LOCATION ]; then deb-systemd-helper purge ubuntu-advantage-cloud-id-shim.service > /dev/null || true deb-systemd-helper unmask ubuntu-advantage-cloud-id-shim.service > /dev/null || true fi fi fi } create_public_machine_token_file() { # When we perform the write operation through # MachineTokenFile we already write the public # version of the machine-token file with all the # sensitive data removed. /usr/bin/python3 -c " from uaclient.files import MachineTokenFile machine_token_file = MachineTokenFile() content = machine_token_file.read() machine_token_file.write(content=content) " } migrate_ubuntu_pro_beta_banner() { PREVIOUS_PKG_VER=$1 # This only shipped in 27.11.2~ if dpkg --compare-versions "$PREVIOUS_PKG_VER" ge "27.11.2~" \ && dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.11.3~"; then # if the banner was present, remove it and add the new flag file which is configurable if [ -f $APT_ESM_MESSAGE_FILE ]; then if cat $APT_ESM_MESSAGE_FILE | grep -q "Try Ubuntu Pro beta"; then rm -f $APT_ESM_MESSAGE_FILE rm -f $ESM_APPS_APT_MSG_FILES mkdir -p $UA_FLAGS_DIR touch $APT_NEWS_FLAG_FILE fi fi fi } cleanup_candidate_version_stamp_permissions() { if [ -f $TMP_CANDIDATE_CACHE_PATH ]; then rm -f $TMP_CANDIDATE_CACHE_PATH fi } cleanup_apt_news_flag_file() { if [ -f $APT_NEWS_FLAG_FILE ]; then rm -f $APT_NEWS_FLAG_FILE fi } case "$1" in configure) PREVIOUS_PKG_VER=$2 # We changed the way we store public files in 19.5 if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt-nl "19.5~"; then # Remove all publicly-readable files find /var/lib/ubuntu-advantage/ -maxdepth 1 -type f -delete fi # Are we upgrading from a previously release Ubuntu Advantage Pro pkg? # We broke package compatibility in 20.2 for any image with 19.7 if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt-nl "20.2~"; then if dpkg --compare-versions "$PREVIOUS_PKG_VER" ge-nl "19.7~"; then # Drop stale symlinks for migrated auto-attach-service rm -f $SYSTEMD_WANTS_AUTO_ATTACH_LINK rm -f $SYSTEMD_HELPER_ENABLED_AUTO_ATTACH_DSH rm -f $SYSTEMD_HELPER_ENABLED_WANTS_LINK fi fi patch_status_json_0_1_for_non_root # UA service PPAs support all ubuntu releases, no need to # specialize apt config filenames per ubuntu release. redact_ubuntu_release_from_ua_apt_filenames $APT_SRC_DIR redact_ubuntu_release_from_ua_apt_filenames $APT_PREFERENCES_DIR # Repo for FIPS packages changed from old client if [ -f $FIPS_APT_SOURCE_FILE ]; then if grep -q $OLD_CLIENT_FIPS_PPA $FIPS_APT_SOURCE_FILE; then add_notice FIPS_INSTALL_OUT_OF_DATE fi fi notify_wrong_fips_metapackage_on_cloud # CACHE_DIR is no longer present or used since 19.1 rm -rf /var/cache/ubuntu-advantage-tools # machine-access cache files no longer present or used since 20.1 rm -f /var/lib/ubuntu-advantage/private/machine-access-*.json # log files need to be world-readable if [ ! -f /var/log/ubuntu-advantage.log ]; then touch /var/log/ubuntu-advantage.log # We are only making new log files world readable chmod 0644 /var/log/ubuntu-advantage.log fi chown root:root /var/log/ubuntu-advantage.log private_dir="/var/lib/ubuntu-advantage/private" if [ -d "$private_dir" ]; then chmod 0700 "$private_dir" fi if [ "$VERSION_ID" = "16.04" ]; then if echo "$PREVIOUS_PKG_VER" | grep -q "14.04"; then mark_reboot_cmds_as_needed LIVEPATCH_LTS_REBOOT_REQUIRED fi if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.13~"; then # Clean any unauthenticated ESM infra files previously inserted # on Xenial, unless the service is enabled esm_infra_cleanup fi fi if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.13.5~"; then # esm-apps unauthenticated ESM should not be in any release esm_apps_cleanup fi mark_reboot_for_fips_pro rm_old_license_check_marker disable_new_timer_if_old_timer_already_disabled $PREVIOUS_PKG_VER remove_old_systemd_units $PREVIOUS_PKG_VER /usr/lib/ubuntu-advantage/cloud-id-shim.sh || true # On old version of ubuntu-advantange-tools, we don't have a public # machine_token.json file on attached machines. Since the non-root # status now needs that file, we need to create it during the upgrade if [ -f $MACHINE_TOKEN_FILE ] && [ ! -f $PUBLIC_MACHINE_TOKEN_FILE ]; then create_public_machine_token_file fi migrate_ubuntu_pro_beta_banner $PREVIOUS_PKG_VER cleanup_candidate_version_stamp_permissions if dpkg --compare-versions "$PREVIOUS_PKG_VER" lt "27.13~"; then cleanup_apt_news_flag_file fi # LP: #2003977 # The version gate is open ended, and should be closed when the apt_news # configuration is moved away from a conffile. if dpkg --compare-versions "$2" ge 27.11.3~; then if [ -f /var/lib/ubuntu-advantage/preinst-detected-apt-news-disabled ]; then # The preinst has left us a note to tell us that apt-news was # previously disabled and should be re-disabled, so disable it # and discard the note. pro config set apt_news=false rm /var/lib/ubuntu-advantage/preinst-detected-apt-news-disabled fi # Remove the conffile backup if it exists now that an error unwind is # no longer possible rm -f /etc/ubuntu-advantage/uaclient.conf.preinst-remove fi ;; esac # Automatically added by dh_python3 if command -v py3compile >/dev/null 2>&1; then py3compile -p ubuntu-advantage-tools:amd64 fi if command -v pypy3compile >/dev/null 2>&1; then pypy3compile -p ubuntu-advantage-tools:amd64 || true fi # End automatically added section # Automatically added by dh_systemd_enable/13.6ubuntu1 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then # This will only remove masks created by d-s-h on package removal. deb-systemd-helper unmask 'ua-reboot-cmds.service' >/dev/null || true # was-enabled defaults to true, so new installations run enable. if deb-systemd-helper --quiet was-enabled 'ua-reboot-cmds.service'; then # Enables the unit on first installation, creates new # symlinks on upgrades if the unit file has changed. deb-systemd-helper enable 'ua-reboot-cmds.service' >/dev/null || true else # Update the statefile to add new symlinks (if any), which need to be # cleaned up on purge. Also remove old symlinks. deb-systemd-helper update-state 'ua-reboot-cmds.service' >/dev/null || true fi fi # End automatically added section # Automatically added by dh_systemd_enable/13.6ubuntu1 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then # This will only remove masks created by d-s-h on package removal. deb-systemd-helper unmask 'ua-timer.timer' >/dev/null || true # was-enabled defaults to true, so new installations run enable. if deb-systemd-helper --quiet was-enabled 'ua-timer.timer'; then # Enables the unit on first installation, creates new # symlinks on upgrades if the unit file has changed. deb-systemd-helper enable 'ua-timer.timer' >/dev/null || true else # Update the statefile to add new symlinks (if any), which need to be # cleaned up on purge. Also remove old symlinks. deb-systemd-helper update-state 'ua-timer.timer' >/dev/null || true fi fi # End automatically added section # Automatically added by dh_systemd_enable/13.6ubuntu1 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then # This will only remove masks created by d-s-h on package removal. deb-systemd-helper unmask 'ubuntu-advantage.service' >/dev/null || true # was-enabled defaults to true, so new installations run enable. if deb-systemd-helper --quiet was-enabled 'ubuntu-advantage.service'; then # Enables the unit on first installation, creates new # symlinks on upgrades if the unit file has changed. deb-systemd-helper enable 'ubuntu-advantage.service' >/dev/null || true else # Update the statefile to add new symlinks (if any), which need to be # cleaned up on purge. Also remove old symlinks. deb-systemd-helper update-state 'ubuntu-advantage.service' >/dev/null || true fi fi # End automatically added section # Automatically added by dh_systemd_start/13.6ubuntu1 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then if [ -z "${DPKG_ROOT:-}" ] && [ -d /run/systemd/system ]; then systemctl --system daemon-reload >/dev/null || true deb-systemd-invoke start 'ua-timer.timer' >/dev/null || true fi fi # End automatically added section # Automatically added by dh_systemd_start/13.6ubuntu1 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then if [ -z "${DPKG_ROOT:-}" ] && [ -d /run/systemd/system ]; then systemctl --system daemon-reload >/dev/null || true deb-systemd-invoke start 'ubuntu-advantage.service' >/dev/null || true fi fi # End automatically added section # Automatically added by dh_installdeb/13.6ubuntu1 dpkg-maintscript-helper rm_conffile /etc/update-motd.d/99-esm 19.1~ ubuntu-advantage-tools -- "$@" # End automatically added section # Automatically added by dh_installdeb/13.6ubuntu1 dpkg-maintscript-helper rm_conffile /etc/update-motd.d/80-esm 19.1~ ubuntu-advantage-tools -- "$@" # End automatically added section # Automatically added by dh_installdeb/13.6ubuntu1 dpkg-maintscript-helper rm_conffile /etc/update-motd.d/80-livepatch 19.1~ ubuntu-advantage-tools -- "$@" # End automatically added section # Automatically added by dh_installdeb/13.6ubuntu1 dpkg-maintscript-helper rm_conffile /etc/cron.daily/ubuntu-advantage-tools 19.1~ ubuntu-advantage-tools -- "$@" # End automatically added section # Automatically added by dh_installdeb/13.6ubuntu1 dpkg-maintscript-helper rm_conffile /etc/init/ua-auto-attach.conf 20.2~ ubuntu-advantage-tools -- "$@" # End automatically added section exit 0
Simpan