-
Notifications
You must be signed in to change notification settings - Fork 1
/
postinst
executable file
·66 lines (54 loc) · 2.14 KB
/
postinst
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/sh
set -e
case "$1" in
configure)
# creating tss group if he isn't already there
if ! getent group tss >/dev/null; then
addgroup --system tss
fi
# creating tss user if he isn't already there
if ! getent passwd tss >/dev/null; then
adduser --system --ingroup tss --shell /bin/false \
--home /var/lib/tpm --no-create-home \
--gecos "TPM software stack" \
tss
fi
# creating keylime user if he isn't already there
if ! getent passwd keylime >/dev/null; then
adduser --system --ingroup tss --shell /bin/false \
--home /var/lib/keylime --no-create-home \
--gecos "Keylime remote attestation" \
keylime
fi
# Create keylime operational directory
if [ ! -d /var/lib/keylime ]; then mkdir -p /var/lib/keylime/secure
fi
# Only root can mount tmpfs with `-o`
if ! grep -qs '/var/lib/keylime/secure ' /proc/mounts ; then mount -t tmpfs -o size=1m,mode=0700 tmpfs /var/lib/keylime/secure
fi
# Setting owner
if [ -d /var/lib/keylime ] && getent passwd keylime >/dev/null; then
chown -R keylime:tss /var/lib/keylime
fi
# The "keylime" user belongs to tss, and we need to give access to /sys/kernel/security/<x>
if [ -d /sys/kernel/security/tpm0 ] ; then
chown -R tss:tss /sys/kernel/security/tpm0
fi
if [ -d /sys/kernel/security/ima ] ; then
chown -R tss:tss /sys/kernel/security/ima
fi
# # ask udev to check for new udev rules (and fix device permissions)
# if udevadm --version > /dev/null; then
# udevadm control --reload-rules ||:
# udevadm trigger --sysname-match="tpm[0-9]*" ||:
# udevadm trigger --action=add --subsystem-match=tpm ||:
# udevadm trigger --action=add --subsystem-match=tpmrm ||:
# fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac