| Path : /var/lib/dpkg/info/ |
|
|
| Current File : /var/lib/dpkg/info/ds-agent.preinst |
#!/bin/bash
#DS-76499 check Agent cert is sha1 or not
isWeakCert() {
if [ -x "`which openssl 2>/dev/null`" ]; then
local sigAlgo=$(openssl x509 -in "$1" -noout -text 2>&1 | grep -m 1 -o "Signature Algorithm: .*")
case "$sigAlgo" in
*sha1With*Encryption*)
return 0
;;
esac
fi
return 1
}
# DS-76499 check existing Agent weak cert for upgrade
if [ "$1" = "upgrade" ] ; then
if [ ! -f /tmp/ignore_agent_cert_check ]; then
echo "Begin Agent weak cert validation ..."
cert="/var/opt/ds_agent/dsa_core/ds_agent.crt"
if isWeakCert "$cert"; then
echo "Certificate signature algorithm of '$cert' seems too weak, stopping upgrade.";
rm -f /opt/ds_agent/*.dsp
exit 1
fi
fi
fi
# Stop before an upgrade
if [ "$1" = "upgrade" ] ; then
# net-filter would copy the NIC bypass information into /etc/ds_filter.conf
PROC_DRIVER_DSA_IGNORE_DEVICE='/proc/driver/dsa/ignore_device'
INTERFACE_BYPASS_PATTERN='INTERFACE_BYPASS_LIST='
DS_FILTER_CONF=/etc/ds_filter.conf
if [ -f "$PROC_DRIVER_DSA_IGNORE_DEVICE" ]; then
if ! grep -q ^$INTERFACE_BYPASS_PATTERN $DS_FILTER_CONF 2>/dev/null && \
grep -q ^ $PROC_DRIVER_DSA_IGNORE_DEVICE 2>/dev/null ; then
cat $PROC_DRIVER_DSA_IGNORE_DEVICE | xargs | tr ' ' ',' | xargs -I {} echo $INTERFACE_BYPASS_PATTERN{} >> $DS_FILTER_CONF
fi
fi
if [ -x "/etc/init.d/ds_agent" ]; then
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d ds_agent stop || exit $?
else
/etc/init.d/ds_agent stop || exit $?
fi
fi
if [ -f "/usr/lib/systemd/system/ds_agent.service" ]; then
/bin/systemctl stop ds_agent
fi
fi
mvplugfiles() {
d=$1; shift; test -d "$d" || mkdir -p "$d"
for f in $*; do test -f $f && mv $f $d; done
}
# if the package had some configuration files from a previous version installed (i.e., it is in the "Config-Files" state)
# dpkg will invoke "new-preinst install old-version" so treat that the same as upgrade as far as data files are concerned
if [ "$1" = "upgrade" ] || { [ "$1" = "install" ] && [ -n "$2" ]; } then
if [ -d "/var/opt/ds_agent" ];then
echo "Moving data files from previous release"
pushd /var/opt/ds_agent > /dev/null
shopt -s nullglob
mvplugfiles im si.*
mvplugfiles wrs wrs.*
mvplugfiles dsa_core ds_agent.* diag *.crt
mvplugfiles am am.db*
mvplugfiles li lca.db*
rm -f config.bin preload.tbf log.ini relaylist
rm -rf li_roll
rm -rf /var/opt/ds_agent/lib
popd > /dev/null
fi
#case DS-3279 remove execution permission of /var/opt/ds_agent/diag for others
#If we're upgrading, remove the permission here
if [ -d "/var/opt/ds_agent/diag" ]; then
chmod 0700 /var/opt/ds_agent/diag
fi
# We remove lua extensions to avoid old disabled plugins from starting.
# The agent will have already downloaded any new extensions, and will install on startup.
rm -rf /opt/ds_agent/ext
# We remove old drivers to avoid new agents use the old drivers. It will cause system hang.
# The driver will be downloaded later.
# We need not to find the driver remnant if the DSA has not been installed.
if [ -d "/opt/ds_agent" ]; then
find /opt/ds_agent -name gsch.ko.version -exec dirname {} \; | xargs rm -rf
fi
fi