Echo
8952589efd
Some checks failed
CI/CD Pipeline / Code Format (push) Successful in 4s
CI/CD Pipeline / Clippy Lints (push) Successful in 44s
CI/CD Pipeline / All Unit Tests (push) Successful in 1m12s
CI/CD Pipeline / Security Audit (push) Successful in 5s
CI/CD Pipeline / Enrollment Tests (push) Successful in 1m15s
CI/CD Pipeline / Build Debian Package (push) Has been cancelled
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Has been cancelled
CI/CD Pipeline / Build Arch Package (push) Has been cancelled
CI/CD Pipeline / Build RPM Package (push) Has been cancelled
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Has been cancelled
CI/CD Pipeline / Build Alpine Package (push) Has been cancelled
- Arch: remove system user creation, root:root ownership, fix $startdir path in PKGBUILD - RPM: uncomment BuildRequires, add runtime deps (openssl-libs, ca-certificates), remove system user, root:root ownership - Alpine: remove system user creation, root:root ownership, co-locate install script with APKBUILD - All platforms now match Debian: no system user, root:root, create dirs, copy example configs, enable service
82 lines
2.7 KiB
Plaintext
82 lines
2.7 KiB
Plaintext
# Arch Linux install hooks for linux-patch-api
|
|
# Matches Debian preinst/postinst behavior: no system user, root:root ownership
|
|
|
|
post_install() {
|
|
# Create required directories
|
|
mkdir -p /etc/linux_patch_api/certs
|
|
mkdir -p /var/lib/linux_patch_api
|
|
mkdir -p /var/log/linux_patch_api
|
|
|
|
# Set proper ownership (service runs as root)
|
|
chown -R root:root /var/lib/linux_patch_api
|
|
chown -R root:root /var/log/linux_patch_api
|
|
|
|
# Set secure permissions
|
|
chmod 750 /etc/linux_patch_api
|
|
chmod 750 /etc/linux_patch_api/certs
|
|
chmod 755 /var/lib/linux_patch_api
|
|
chmod 755 /var/log/linux_patch_api
|
|
|
|
# Copy example configs if they don't exist
|
|
if [ ! -f "/etc/linux_patch_api/config.yaml" ]; then
|
|
cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml
|
|
chmod 640 /etc/linux_patch_api/config.yaml
|
|
chown root:root /etc/linux_patch_api/config.yaml
|
|
fi
|
|
|
|
if [ ! -f "/etc/linux_patch_api/whitelist.yaml" ]; then
|
|
cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml
|
|
chmod 640 /etc/linux_patch_api/whitelist.yaml
|
|
chown root:root /etc/linux_patch_api/whitelist.yaml
|
|
fi
|
|
|
|
# Reload systemd daemon
|
|
systemctl daemon-reload
|
|
|
|
# Enable the service (but don't start automatically - admin should configure first)
|
|
systemctl enable linux-patch-api.service
|
|
|
|
echo ""
|
|
echo "linux-patch-api installed successfully!"
|
|
echo ""
|
|
echo "Next steps:"
|
|
echo " 1. Configure /etc/linux_patch_api/config.yaml with your settings"
|
|
echo " 2. Place TLS certificates in /etc/linux_patch_api/certs/"
|
|
echo " 3. Configure IP whitelist in /etc/linux_patch_api/whitelist.yaml"
|
|
echo " 4. Start the service: systemctl start linux-patch-api"
|
|
echo " 5. Check status: systemctl status linux-patch-api"
|
|
echo ""
|
|
}
|
|
|
|
post_upgrade() {
|
|
# Reload systemd daemon on upgrade
|
|
systemctl daemon-reload
|
|
}
|
|
|
|
pre_remove() {
|
|
# Stop the service before removal
|
|
if systemctl is-active --quiet linux-patch-api.service; then
|
|
systemctl stop linux-patch-api.service
|
|
echo "Service stopped successfully"
|
|
else
|
|
echo "Service was not running"
|
|
fi
|
|
|
|
# Disable the service
|
|
if systemctl is-enabled --quiet linux-patch-api.service 2>/dev/null; then
|
|
systemctl disable linux-patch-api.service
|
|
echo "Service disabled"
|
|
fi
|
|
}
|
|
|
|
post_remove() {
|
|
# Reload systemd to remove service file
|
|
systemctl daemon-reload 2>/dev/null || true
|
|
|
|
# Remove directories only if empty (preserve user data on upgrade/reinstall)
|
|
rmdir --ignore-fail-on-non-empty /var/lib/linux_patch_api 2>/dev/null || true
|
|
rmdir --ignore-fail-on-non-empty /var/log/linux_patch_api 2>/dev/null || true
|
|
|
|
echo "linux-patch-api removed"
|
|
}
|