[pve-devel] [PATCH v3 access-control 2/2] add postinst script
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Mar 14 11:04:15 CET 2019
On 3/13/19 3:01 PM, Fabian Grünbichler wrote:
> to reset auth key age until the first rotation has happened, otherwise
> all currently existing tickets get invalidated immediately once the
> rotation code gets enabled.
>
> disabled until first PVE 6.0 package release
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> ---
> Notes:
> new in v3
>
> debian/postinst | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
> create mode 100755 debian/postinst
>
> diff --git a/debian/postinst b/debian/postinst
> new file mode 100755
> index 0000000..a9b0331
> --- /dev/null
> +++ b/debian/postinst
> @@ -0,0 +1,25 @@
> +#!/bin/sh
> +
> +set -e
> +
> +#DEBHELPER#
> +
> +case "$1" in
> + configure)
> + # TODO: enable for PVE 6.0
> +# if test -n "$2"; then
> +#
> +# # TODO: remove once PVE 7.0 is released
> +# if dpkg --compare-versions "$2" 'lt' '6.0-1'; then
> +# if test ! -e /etc/pve/authkey.pub.old; then
> +# # reset key age to prevent immediate invalidation of all current tickets
> +# touch -d "-2h" /etc/pve/authkey.pub 2>/dev/null || true
doesn't works here, if I remove the stderr redirection I also get:
> Setting up libpve-access-control (5.1-3) ...
> touch: invalid date format ‘-2h’
what _would_ work is: -d '-2hours' or '-2 hours'
are you sure you tested this at all? For such critical things I'd
expect more than a "it builds" test...
> +# fi
> +# fi
> +#
> +# fi
> + ;;
> +
> +esac
> +
> +exit 0
>
More information about the pve-devel
mailing list