#!/bin/sh # Postinst script for varnish. # Stig Sandbeck Mathisen set -e set -u # Settings daemon_group="varnish" daemon_user="varnish" worker_user="vcache" log_user="varnishlog" daemon_dir=/var/lib/varnish/$(uname -n) log_dir="/var/log/varnish" secret_file=/etc/varnish/secret ensure_users() { # Daemon user and group if ! getent passwd $daemon_user > /dev/null 2>&1; then adduser --quiet --system --no-create-home --home /nonexistent --group $daemon_user fi # Extra users in daemon group for user in $worker_user $log_user; do if ! getent passwd $user > /dev/null 2>&1; then adduser --quiet --system --no-create-home --home /nonexistent --ingroup $daemon_group $user fi done } varnish_create_storagedir() { if ! [ -d "$daemon_dir" ]; then install -o $daemon_user -g $daemon_user -d $daemon_dir fi } varnish_setup_logdir() { if ! dpkg-statoverride --list $log_dir >/dev/null; then dpkg-statoverride --update --add $log_user $daemon_group 0750 $log_dir fi } varnish_create_secret() { if ! [ -f "${secret_file}" ]; then if [ -f /proc/sys/kernel/random/uuid ]; then install -m 0600 /proc/sys/kernel/random/uuid "${secret_file}" else install -m 0600 /dev/null "${secret_file}" dd if=/dev/urandom count=1 bs=128 2>/dev/null \ | tr -dc "A-Za-z0-9" > "${secret_file}" fi fi } # In varnish 4.1, the varnish shared memory log is readable by the "varnish" # group, instead of by everyone. We need to update the "varnishlog" user to # reflect this, as well as the permissions on /var/log/varnish change_group_for_varnishlog_user() { usermod -g $daemon_group $log_user dpkg-statoverride --remove $log_dir dpkg-statoverride --update --add $log_user $daemon_group 0750 $log_dir } case ${1:-} in configure) ensure_users varnish_create_storagedir varnish_setup_logdir varnish_create_secret if dpkg --compare-versions "4.1.0-2~" "gt-nl" "${2:-}"; then change_group_for_varnishlog_user fi ;; esac # Automatically added by dh_installinit/13.15.3 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then if [ -z "${DPKG_ROOT:-}" ] && [ -x "/etc/init.d/varnish" ]; then update-rc.d varnish defaults >/dev/null if [ -n "$2" ]; then _dh_action=restart else _dh_action=start fi invoke-rc.d --skip-systemd-native varnish $_dh_action || exit 1 fi fi # End automatically added section # Automatically added by dh_installinit/13.15.3 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then if [ -z "${DPKG_ROOT:-}" ] && [ -x "/etc/init.d/varnishncsa" ]; then update-rc.d varnishncsa defaults >/dev/null if [ -n "$2" ]; then _dh_action=restart else _dh_action=start fi invoke-rc.d --skip-systemd-native varnishncsa $_dh_action || exit 1 fi fi # End automatically added section # Automatically added by dh_installsystemd/13.15.3 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then # The following line should be removed in trixie or trixie+1 deb-systemd-helper unmask 'varnish.service' >/dev/null || true # was-enabled defaults to true, so new installations run enable. if deb-systemd-helper --quiet was-enabled 'varnish.service'; then # Enables the unit on first installation, creates new # symlinks on upgrades if the unit file has changed. deb-systemd-helper enable 'varnish.service' >/dev/null || true else # Update the statefile to add new symlinks (if any), which need to be # cleaned up on purge. Also remove old symlinks. deb-systemd-helper update-state 'varnish.service' >/dev/null || true fi fi # End automatically added section # Automatically added by dh_installsystemd/13.15.3 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then if [ -d /run/systemd/system ]; then systemctl --system daemon-reload >/dev/null || true if [ -n "$2" ]; then _dh_action=restart else _dh_action=start fi deb-systemd-invoke $_dh_action 'varnish.service' >/dev/null || true fi fi # End automatically added section # Automatically added by dh_installsystemd/13.15.3 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then # The following line should be removed in trixie or trixie+1 deb-systemd-helper unmask 'varnishncsa.service' >/dev/null || true # was-enabled defaults to true, so new installations run enable. if deb-systemd-helper --quiet was-enabled 'varnishncsa.service'; then # Enables the unit on first installation, creates new # symlinks on upgrades if the unit file has changed. deb-systemd-helper enable 'varnishncsa.service' >/dev/null || true else # Update the statefile to add new symlinks (if any), which need to be # cleaned up on purge. Also remove old symlinks. deb-systemd-helper update-state 'varnishncsa.service' >/dev/null || true fi fi # End automatically added section # Automatically added by dh_installsystemd/13.15.3 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then if [ -d /run/systemd/system ]; then systemctl --system daemon-reload >/dev/null || true if [ -n "$2" ]; then _dh_action=restart else _dh_action=start fi deb-systemd-invoke $_dh_action 'varnishncsa.service' >/dev/null || true fi fi # End automatically added section