crowdsec/debian/postinst

#!/bin/bash

COLLECTIONS=false
set -e

# Source debconf library.
. /usr/share/debconf/confmodule

if [ "$1" = configure ]; then
    if [[ ! -d /var/lib/crowdsec/data ]]; then
        mkdir -p /var/lib/crowdsec/data
    fi

    if [[ -d /var/lib/crowdsec/backup ]]; then
        cscli config restore /var/lib/crowdsec/backup/backup.config
        rm -rf /var/lib/crowdsec/backup
        /usr/bin/cscli hub update
        /usr/bin/cscli hub upgrade
        systemctl start crowdsec
    fi

    . /usr/share/crowdsec/wizard.sh -n
    if ! [[ -f /etc/crowdsec/acquis.yaml ]]; then
        echo Creating /etc/crowdsec/acquis.yaml
        set +e
        SILENT=true detect_services
        SILENT=true TMP_ACQUIS_FILE_SKIP=skip genacquisition
        set -e
        COLLECTIONS=true
    fi

    if [[ -f /etc/crowdsec/local_api_credentials.yaml ]] ; then
        chmod 600 /etc/crowdsec/local_api_credentials.yaml
    fi

    if [[ -f /etc/crowdsec/online_api_credentials.yaml ]]; then
        chmod 600 /etc/crowdsec/online_api_credentials.yaml
    fi

    if [[ ! -f /etc/crowdsec/local_api_credentials.yaml ]] || [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]]; then
        if [[ ! -f /etc/crowdsec/local_api_credentials.yaml ]] ; then
            install -m 600 /dev/null  /etc/crowdsec/local_api_credentials.yaml
        fi
        if [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]] ; then
            install -m 600 /dev/null  /etc/crowdsec/online_api_credentials.yaml
        fi

        db_input medium crowdsec/lapi || true
        db_go || true

        db_get crowdsec/lapi
        LAPI=$RET

        if  [ "$LAPI" = true ]; then
            db_input medium crowdsec/capi || true
            db_go || true

            db_get crowdsec/capi
            CAPI=$RET

            [ -s /etc/crowdsec/local_api_credentials.yaml ] || cscli machines add -a --force --error

            if [ "$CAPI" = true ]; then
                cscli capi register
            fi

        else
            db_input medium crowdsec/lapi_host || true
            db_go || true

            db_get crowdsec/lapi_host
            LAPI_HOST=$RET
            sed -i "s/127.0.0.1:8080/$LAPI_HOST/g" /etc/crowdsec/config.yaml
        fi
    fi

    echo Updating hub
    /usr/bin/cscli hub update
    if [ "$COLLECTIONS" = true ]; then
        set +e
        CSCLI_BIN_INSTALLED="/usr/bin/cscli" SILENT=true install_collection
        set -e
    fi


    if [[ -f /var/lib/crowdsec/data/crowdsec.db.backup ]]; then
        cp /var/lib/crowdsec/data/crowdsec.db.backup /var/lib/crowdsec/data/crowdsec.db
        rm -f /var/lib/crowdsec/data/crowdsec.db.backup
    fi

    systemctl --quiet is-enabled crowdsec || systemctl unmask crowdsec && systemctl enable crowdsec

    API=$(cscli config show --key "Config.API.Server")
    if [ "$API" = "<nil>" ] ; then
        LAPI=false
    else
        PORT=$(cscli config show --key "Config.API.Server.ListenURI"|cut -d ":" -f2)
    fi
    if [ "$LAPI" = false ] || [ -z "$(ss -nlt "sport = ${PORT}" | grep -v ^State)" ]  ; then
        systemctl start crowdsec
    else
        echo "Not attempting to start crowdsec, port ${PORT} is already used or lapi was disabled"
        echo "This port is configured through /etc/crowdsec/config.yaml and /etc/crowdsec/local_api_credentials.yaml"
    fi
fi

echo "You can always run the configuration again interactively by using '/usr/share/crowdsec/wizard.sh -c'"
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`#!/bin/bash`

			`COLLECTIONS=false`
			`set -e`

			`# Source debconf library.`
			`. /usr/share/debconf/confmodule`

			`if [ "$1" = configure ]; then`
			`if [[ ! -d /var/lib/crowdsec/data ]]; then`
			`mkdir -p /var/lib/crowdsec/data`
			`fi`

			`if [[ -d /var/lib/crowdsec/backup ]]; then`
			`cscli config restore /var/lib/crowdsec/backup/backup.config`
			`rm -rf /var/lib/crowdsec/backup`
			`/usr/bin/cscli hub update`
			`/usr/bin/cscli hub upgrade`
			`systemctl start crowdsec`
			`fi`
string comparison fix (#1220) 2022-02-01 08:55:28 +00:00
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`. /usr/share/crowdsec/wizard.sh -n`
fucntional tests fix (#952) * add patch for the user used for starting plugins * fix postinst * fix fucn tests to make it work with ansible * group_wait to 5s * small fixes Co-authored-by: sabban <15465465+sabban@users.noreply.github.com> 2021-09-09 14:24:59 +00:00			`if ! [[ -f /etc/crowdsec/acquis.yaml ]]; then`
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`echo Creating /etc/crowdsec/acquis.yaml`
			`set +e`
			`SILENT=true detect_services`
replace wizard patch for .deb & .rpm packages with an envvar check (#1630) 2022-08-16 12:59:59 +00:00			`SILENT=true TMP_ACQUIS_FILE_SKIP=skip genacquisition`
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`set -e`
			`COLLECTIONS=true`
			`fi`
fix perms in package installation (#1012) * fix perms Co-authored-by: sabban <15465465+sabban@users.noreply.github.com> 2021-10-22 08:14:15 +00:00
			`if [[ -f /etc/crowdsec/local_api_credentials.yaml ]] ; then`
			`chmod 600 /etc/crowdsec/local_api_credentials.yaml`
			`fi`

			`if [[ -f /etc/crowdsec/online_api_credentials.yaml ]]; then`
			`chmod 600 /etc/crowdsec/online_api_credentials.yaml`
			`fi`
string comparison fix (#1220) 2022-02-01 08:55:28 +00:00
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`if [[ ! -f /etc/crowdsec/local_api_credentials.yaml ]] \|\| [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]]; then`
fix perms in package installation (#1012) * fix perms Co-authored-by: sabban <15465465+sabban@users.noreply.github.com> 2021-10-22 08:14:15 +00:00			`if [[ ! -f /etc/crowdsec/local_api_credentials.yaml ]] ; then`
			`install -m 600 /dev/null /etc/crowdsec/local_api_credentials.yaml`
			`fi`
			`if [[ ! -f /etc/crowdsec/online_api_credentials.yaml ]] ; then`
			`install -m 600 /dev/null /etc/crowdsec/online_api_credentials.yaml`
			`fi`

import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`db_input medium crowdsec/lapi \|\| true`
			`db_go \|\| true`
string comparison fix (#1220) 2022-02-01 08:55:28 +00:00
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`db_get crowdsec/lapi`
			`LAPI=$RET`

			`if [ "$LAPI" = true ]; then`
			`db_input medium crowdsec/capi \|\| true`
			`db_go \|\| true`
string comparison fix (#1220) 2022-02-01 08:55:28 +00:00
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`db_get crowdsec/capi`
			`CAPI=$RET`
string comparison fix (#1220) 2022-02-01 08:55:28 +00:00
cscli machines: lint + write output to stdout instead of log (#2657) * feedback on stdout, not log.Info * rename parameters to silence warnings from "unusedparams" * debian postinst: skip duplicate warnings with 'cscli machines add' * rpm postinst: skip duplicate warnings in 'cscli machines add' * update func tests * debian prerm: if dashboard remove fails, explain it's ok * debian prerm: suppress warnings about wal, capi when attempting to remove the dashboard * wizard.sh: log format like crowdsec 2023-12-13 14:43:46 +00:00			`[ -s /etc/crowdsec/local_api_credentials.yaml ] \|\| cscli machines add -a --force --error`
string comparison fix (#1220) 2022-02-01 08:55:28 +00:00
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`if [ "$CAPI" = true ]; then`
			`cscli capi register`
			`fi`
string comparison fix (#1220) 2022-02-01 08:55:28 +00:00
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`else`
			`db_input medium crowdsec/lapi_host \|\| true`
			`db_go \|\| true`
string comparison fix (#1220) 2022-02-01 08:55:28 +00:00
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`db_get crowdsec/lapi_host`
			`LAPI_HOST=$RET`
			`sed -i "s/127.0.0.1:8080/$LAPI_HOST/g" /etc/crowdsec/config.yaml`
			`fi`
			`fi`
string comparison fix (#1220) 2022-02-01 08:55:28 +00:00
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`echo Updating hub`
			`/usr/bin/cscli hub update`
string comparison fix (#1220) 2022-02-01 08:55:28 +00:00			`if [ "$COLLECTIONS" = true ]; then`
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`set +e`
			`CSCLI_BIN_INSTALLED="/usr/bin/cscli" SILENT=true install_collection`
			`set -e`
string comparison fix (#1220) 2022-02-01 08:55:28 +00:00			`fi`

Hub auto update cronjob (#1817) Add hub cron installation to install scripts Plus remove on uninstall 2022-10-17 15:04:01 +00:00
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`if [[ -f /var/lib/crowdsec/data/crowdsec.db.backup ]]; then`
			`cp /var/lib/crowdsec/data/crowdsec.db.backup /var/lib/crowdsec/data/crowdsec.db`
			`rm -f /var/lib/crowdsec/data/crowdsec.db.backup`
			`fi`

			`systemctl --quiet is-enabled crowdsec \|\| systemctl unmask crowdsec && systemctl enable crowdsec`

Fix 1314 (#1320) * fix https://github.com/crowdsecurity/crowdsec/issues/1314 * fix postinst logic * fix in rpm as well Co-authored-by: sabban <15465465+sabban@users.noreply.github.com> 2022-03-10 12:57:04 +00:00			`API=$(cscli config show --key "Config.API.Server")`
			`if [ "$API" = "<nil>" ] ; then`
			`LAPI=false`
			`else`
			`PORT=$(cscli config show --key "Config.API.Server.ListenURI"\|cut -d ":" -f2)`
			`fi`
			`if [ "$LAPI" = false ] \|\| [ -z "$(ss -nlt "sport = ${PORT}" \| grep -v ^State)" ] ; then`
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`systemctl start crowdsec`
			`else`
fix upgrade when somthing is already listening on 8080 (#1258) * this should fix issue #1245 * change cmdline for getting port Co-authored-by: sabban <15465465+sabban@users.noreply.github.com> 2022-02-15 10:20:52 +00:00			`echo "Not attempting to start crowdsec, port ${PORT} is already used or lapi was disabled"`
import debian & rpm sources (#898) 2021-08-18 11:57:06 +00:00			`echo "This port is configured through /etc/crowdsec/config.yaml and /etc/crowdsec/local_api_credentials.yaml"`
			`fi`
			`fi`

cscli machines: lint + write output to stdout instead of log (#2657) * feedback on stdout, not log.Info * rename parameters to silence warnings from "unusedparams" * debian postinst: skip duplicate warnings with 'cscli machines add' * rpm postinst: skip duplicate warnings in 'cscli machines add' * update func tests * debian prerm: if dashboard remove fails, explain it's ok * debian prerm: suppress warnings about wal, capi when attempting to remove the dashboard * wizard.sh: log format like crowdsec 2023-12-13 14:43:46 +00:00			`echo "You can always run the configuration again interactively by using '/usr/share/crowdsec/wizard.sh -c'"`