[pve-devel] [PATCH v3 access-control 2/2] add postinst script

Fabian Gr├╝nbichler f.gruenbichler at proxmox.com
Wed Mar 13 15:01:31 CET 2019


to reset auth key age until the first rotation has happened, otherwise
all currently existing tickets get invalidated immediately once the
rotation code gets enabled.

disabled until first PVE 6.0 package release

Signed-off-by: Fabian Gr├╝nbichler <f.gruenbichler at proxmox.com>
---
Notes:
    new in v3

 debian/postinst | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100755 debian/postinst

diff --git a/debian/postinst b/debian/postinst
new file mode 100755
index 0000000..a9b0331
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+case "$1" in
+  configure)
+        # TODO: enable for PVE 6.0
+#    if test -n "$2"; then
+#
+#        # TODO: remove once PVE 7.0 is released
+#        if dpkg --compare-versions "$2" 'lt' '6.0-1'; then
+#            if test ! -e /etc/pve/authkey.pub.old; then
+#                # reset key age to prevent immediate invalidation of all current tickets
+#                touch -d "-2h" /etc/pve/authkey.pub  2>/dev/null || true
+#            fi
+#       fi
+#
+#    fi
+    ;;
+
+esac
+
+exit 0
-- 
2.20.1




More information about the pve-devel mailing list