Re: help with packaging (preinst scripts)
Hi
On Wed, Aug 22, 2012 at 01:54:44PM +0100, David Cho-Lerat wrote:
> Hi all,
>
> I've done some RTFM, but can't yet find where the helper
> scripts to use in maintainer scripts (preinst/postrm/..) are
> described.
>
> How does one automate the following in the preinst scripts,
> for instance :
Pre-inst? It is quite uncommon do need to do much in the
PRE-installation script. Most things end up in the post-installation
scripts - e.g. many of the existing packages which create users do so
in their post-installation scripts.
>
> 1. create a user *and* set their password
Hm... Try looking in the exim4-base postinst script (if you have exim
installed, you should have a copy in
/var/lib/dpkg/info/exim4-base.postinst)
Basically a fragment in the style of:
if ! getent passwd yournewuser > /dev/null ; then
adduser ...
fi
Setting a password for the user: That's a very strange thing to do in
an installation script, as it implies that the password is
predictable. Which is probably a very bad idea for security. However,
you can probably get the installation to generate a random password
and set it (but this still leaves the problem of communicating the
password out in a secure fasion):
password=$( perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)' )
echo "newuser:$password" | chpasswd
If it is a system-type user, then the user should not be able to log
in anyway, so it will be not be necessary to create a password. Just
create it with:
adduser --system --disabled-login ...
> 2. ssh-keygen with no user input ("Enter passphrase")
If this is to give the user an SSH key, then this is a probably a bad
idea: The private part of the key should really never leave his
desktop.
But generating user-keys is really no different than generating server
keys - have a look in the preinst/postinst scripts of
e.g. openssh-server for inspiration.
> 3. add/edit some MySQL tables without knowing the MySQL root password
Another odd case, but not entirely unheard of. You may be able to use
the 'debian-sys-maint' user:
mysql --defaults-file=/etc/mysql/debian.cnf < yourscript.sql
But I'm not convinced that this is the "correct" usage of the
debian-sys-maint user.
> I've fooled around with Expect for 1. and 2., and tried
> mysqld_safe --skip-grant-tables for 3., but I feel
> lame (and I have to have my preinst script stop/start the
> MySQL server during install) ..
Sounds pretty bad if you need to restart the MySQL server. And during
PRE-INST? As I hinted at earlier, doing this in the post-inst script
is much more common (if common at all). There is always the
possibility that installation may fail - and then you're left with
figuring out how to revert things out that the preinst script did.
> If I'm not asking the correct list, I'm sorry, but could you please
> direct me to the documentation I should read or other mailing list
> I should contact ?
debian-devel would probably be a better place, as many of the package
maintainers hang out there...
Hope this helps
--
Karl E. Jorgensen
Reply to: