Clean up properly when purging installed packages on Ubuntu.

Rework default behavior of rpki-sql-setup to be less dangerous. svn path=/trunk/; revision=5291
author: Rob Austein <sra@hactrn.net> 2013-04-07 01:58:54 +0000
committer: Rob Austein <sra@hactrn.net> 2013-04-07 01:58:54 +0000
commit: 7fd30f9f2f8e9d4d5aad64f3c4a5d0f20d9bb4e5 (patch)
tree: 937aca98b46445bd4a8888529b55a8ccf2c12782 /buildtools
parent: 317a2d1df24bc1fd60234255cdcb46ea59cb0644 (diff)
5 files changed, 107 insertions, 19 deletions
diff --git a/buildtools/build-ubuntu-ports.py b/buildtools/build-ubuntu-ports.py
index e748c86b..bb60af8a 100644
--- a/buildtools/build-ubuntu-ports.py
+++ b/buildtools/build-ubuntu-ports.py
@@ -32,13 +32,14 @@ import os
 
 def usage(status):
     f = sys.stderr if status else sys.stdout
-    f.write("Usage: %s [--debuild]\n" % sys.argv[0])
+    f.write("Usage: %s [--debuild] [--debi]\n" % sys.argv[0])
     sys.exit(status)
 
 debuild = False
+debi    = False
 
 try:
-    opts, argv = getopt.getopt(sys.argv[1:], "-bh?", ["debuild", "help"])
+    opts, argv = getopt.getopt(sys.argv[1:], "-bih?", ["debuild", "debi", "help"])
 except getopt.GetoptError:
     usage(1)
 for o, a in opts:
@@ -46,6 +47,8 @@ for o, a in opts:
         usage(0)
     elif o in ("-b", "--debuild"):
         debuild = not debuild
+    elif o in ("-i", "--debi"):
+        debi = not debi
 if argv:
     usage(1)
 
@@ -69,5 +72,8 @@ subprocess.check_call(("dch", "--create", "--package", "rpki", "--newversion",
                                  TZ       = "UTC",
                                  DEBEMAIL = "APT Builder Robot <aptbot@rpki.net>"))
 
-if debuild:
+if debuild or debi:
     subprocess.check_call(("debuild", "-us", "-uc"))
+
+if debi:
+    subprocess.check_call(("sudo", "debi", "--with-depends"))
diff --git a/buildtools/debian-skeleton/rpki-ca.postinst b/buildtools/debian-skeleton/rpki-ca.postinst
index 35c77cf7..397b879b 100644
--- a/buildtools/debian-skeleton/rpki-ca.postinst
+++ b/buildtools/debian-skeleton/rpki-ca.postinst
@@ -20,33 +20,51 @@ setup_rpkid_group() {
 }
 
 setup_apache() {
-    # Edit existing file
+
+    # Whack our config into existing config file for default SSL
+    # vhost; if you want this to run in a different vhost, you'll have
+    # to do that yourself.
     f=/etc/apache2/sites-available/default-ssl
-    conf=/etc/rpki/apache.conf
     cmd=no
-    if test "$(grep "[^#]*Include $conf" $f 2>/dev/null)" = ""
+    awk < $f > ${f}.tmp '
+	BEGIN {
+	    conf_file = "/etc/rpki/apache.conf";
+	    conf_regexp = "^[ \t]*Include[ \t]+" conf_file "[ \t]*$";
+	    conf_line = "\tInclude " conf_file;
+	}
+	/^[ \t]*<\/VirtualHost>/ {
+	    print conf_line;
+	}
+	$0 !~ conf_regexp {
+	    print;
+	}'
+    if cmp -s $f ${f}.tmp
     then
-        awk < $f > ${f}.tmp -v conf=$conf '
-	    $0 ~ /[^#]*<\/VirtualHost>/ { print "Include", conf }
-            { print }
-	'
+	rm -f ${f}.tmp
+    else
         if test ! -f ${f}.orig
         then
             ln $f ${f}.orig
         fi
-        mv ${f}.tmp $f
+        mv -f ${f}.tmp $f
         cmd=reload
     fi
+
+    # Enable default SSL vhost if necessary.
     if test ! -f /etc/apache2/sites-enabled/default-ssl
     then
         a2ensite default-ssl
         cmd=reload
     fi
+
+    # Enable mod_ssl if necessary.
     if test ! -f /etc/apache2/mods-enabled/ssl.conf
     then
         a2enmod ssl
         cmd=restart
     fi
+
+    # Whack Apache if we've changed anything here.
     if test $cmd != no
     then
         service apache2 $cmd
@@ -81,7 +99,7 @@ setup_rpki_conf() {
 }
 
 setup_mysql() {
-    rpki-sql-setup --missing_only --mysql_defaults /etc/mysql/debian.cnf
+    rpki-sql-setup --mysql_defaults /etc/mysql/debian.cnf
 }
 
 setup_bpki() {
diff --git a/buildtools/debian-skeleton/rpki-ca.postrm b/buildtools/debian-skeleton/rpki-ca.postrm
index 14c14dab..c5e9179a 100644
--- a/buildtools/debian-skeleton/rpki-ca.postrm
+++ b/buildtools/debian-skeleton/rpki-ca.postrm
@@ -22,13 +22,12 @@ set -e
 case "$1" in
 
     purge)
-
-	# If we had an rpki-purge-sql script, we might call it here to
-	# whack the SQL databases before we whack the configuration
-	# file that tells us what their names and passwords are.  Then
-	# again, we might not.
-
-	rm -f /etc/rpki.conf /etc/rpki.conf.sample
+	sql=/etc/rpki/drop_databases.sql
+	if test -f $sql
+	then
+	    mysql --defaults-file=/etc/mysql/debian.cnf --execute "source $sql"
+	fi
+	rm -f /etc/rpki.conf /etc/rpki.conf.sample $sql
     ;;
 
     remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/buildtools/debian-skeleton/rpki-ca.prerm b/buildtools/debian-skeleton/rpki-ca.prerm
index 5b83de2f..6992153a 100644
--- a/buildtools/debian-skeleton/rpki-ca.prerm
+++ b/buildtools/debian-skeleton/rpki-ca.prerm
@@ -26,6 +26,29 @@ case "$1" in
 	rm -f /usr/share/rpki/pubd.key
 	rm -f /usr/share/rpki/rpkid.cer
 	rm -f /usr/share/rpki/rpkid.key
+
+	rpki-sql-setup --mysql_defaults /etc/mysql/debian.cnf --script_purge >/etc/rpki/drop_databases.sql
+
+	f=/etc/apache2/sites-available/default-ssl
+	awk < $f > ${f}.tmp '
+	    BEGIN {
+		conf_file = "/etc/rpki/apache.conf";
+		conf_regexp = "^[ \t]*Include[ \t]+" conf_file "[ \t]*$";
+	    }
+	    $0 !~ conf_regexp {
+		print;
+	    }'
+
+	if cmp -s ${f}.tmp ${f}.orig
+	then
+	    mv -f ${f}.orig $f
+	    rm -f ${f}.tmp
+	else
+	    mv -f ${f}.tmp $f
+	fi
+	# At this point we've cleaned up our config mess.
+	# Not sure whether we should do "service apache2 reload"
+	# here, one could make a case either way.  Skip for now.
 	;;
 
     upgrade|deconfigure)
diff --git a/buildtools/debian-skeleton/rpki-rp.postrm b/buildtools/debian-skeleton/rpki-rp.postrm
new file mode 100644
index 00000000..ad4ed1b9
--- /dev/null
+++ b/buildtools/debian-skeleton/rpki-rp.postrm
@@ -0,0 +1,42 @@
+#!/bin/sh
+# postrm script for #PACKAGE#
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <overwriter>
+#          <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+
+    purge)
+	rm -rf /var/rcynic
+    ;;
+
+    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
author	Rob Austein <sra@hactrn.net>	2013-04-07 01:58:54 +0000
committer	Rob Austein <sra@hactrn.net>	2013-04-07 01:58:54 +0000
commit	7fd30f9f2f8e9d4d5aad64f3c4a5d0f20d9bb4e5 (patch)
tree	937aca98b46445bd4a8888529b55a8ccf2c12782 /buildtools
parent	317a2d1df24bc1fd60234255cdcb46ea59cb0644 (diff)