[pve-devel] [PATCH v3 access-control 2/2] add postinst script

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Mar 14 11:04:15 CET 2019


On 3/13/19 3:01 PM, Fabian Grünbichler wrote:
> to reset auth key age until the first rotation has happened, otherwise
> all currently existing tickets get invalidated immediately once the
> rotation code gets enabled.
> 
> disabled until first PVE 6.0 package release
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> ---
> Notes:
>     new in v3
> 
>  debian/postinst | 25 +++++++++++++++++++++++++
>  1 file changed, 25 insertions(+)
>  create mode 100755 debian/postinst
> 
> diff --git a/debian/postinst b/debian/postinst
> new file mode 100755
> index 0000000..a9b0331
> --- /dev/null
> +++ b/debian/postinst
> @@ -0,0 +1,25 @@
> +#!/bin/sh
> +
> +set -e
> +
> +#DEBHELPER#
> +
> +case "$1" in
> +  configure)
> +        # TODO: enable for PVE 6.0
> +#    if test -n "$2"; then
> +#
> +#        # TODO: remove once PVE 7.0 is released
> +#        if dpkg --compare-versions "$2" 'lt' '6.0-1'; then
> +#            if test ! -e /etc/pve/authkey.pub.old; then
> +#                # reset key age to prevent immediate invalidation of all current tickets
> +#                touch -d "-2h" /etc/pve/authkey.pub  2>/dev/null || true

doesn't works here, if I remove the stderr redirection I also get:

> Setting up libpve-access-control (5.1-3) ...
> touch: invalid date format ‘-2h’

what _would_ work is: -d '-2hours' or '-2 hours'

are you sure you tested this at all? For such critical things I'd
expect more than a "it builds" test...

> +#            fi
> +#       fi
> +#
> +#    fi
> +    ;;
> +
> +esac
> +
> +exit 0
> 





More information about the pve-devel mailing list