Add debconf question to enable automatic service restarts

5 files changed, 122 insertions, 0 deletions

diff --git a/debian/config b/debian/config
new file mode 100644
index 0000000..7497f7d
--- /dev/null
+++ b/debian/config
@@ -0,0 +1,21 @@
+#!/bin/sh -e
+
+APT_CONF=/etc/apt/apt.conf.d/20services
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+if [ -f $APT_CONF ]; then
+    CURRENT=$(sed -ne 's,^\s*Whatmaps::Enable-Restart\s\+"\(\S\+\)"\s*;,\1,p' $APT_CONF)
+    case $CURRENT in
+        1|true)
+           CURRENT="true"
+           ;;
+        *) CURRENT="false"
+           ;;
+    esac
+    db_set whatmaps/enable_service_restarts $CURRENT
+fi
+
+db_input medium whatmaps/enable_service_restarts || true
+db_go
diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in
new file mode 100644
index 0000000..cef83a3
--- /dev/null
+++ b/debian/po/POTFILES.in
@@ -0,0 +1 @@
+[type: gettext/rfc822deb] templates
diff --git a/debian/po/templates.pot b/debian/po/templates.pot
new file mode 100644
index 0000000..3c0783d
--- /dev/null
+++ b/debian/po/templates.pot
@@ -0,0 +1,42 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: whatmaps\n"
+"Report-Msgid-Bugs-To: whatmaps@packages.debian.org\n"
+"POT-Creation-Date: 2014-07-15 13:22+0200\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid "Automatically restart services after shared library security updates?"
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid ""
+"Services need to be restarted to benefit from updates of shared libraries "
+"they depend on. Without that they remain vulnerable to security bugs fixed "
+"in these updates."
+msgstr ""
+
+#. Type: boolean
+#. Description
+#: ../templates:1001
+msgid ""
+"Automatic service restarts are only done if apt fetched the library from a "
+"source providing security updates. This also affects packages installed via "
+"unattended-upgrades."
+msgstr ""
diff --git a/debian/postinst b/debian/postinst
new file mode 100644
index 0000000..9965480
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+set -e
+
+APT_CONF=/etc/apt/apt.conf.d/20services
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+case "$1" in
+    configure)
+        db_get whatmaps/enable_service_restarts || true
+        DBVAL="$RET"
+
+        # Configuration file doesn't exist but user wants updates enabled so
+        # recreate it:
+        if [ ! -f $APT_CONF ] && [ $DBVAL = "true" ]; then
+            cat << EOF > $APT_CONF
+// Set to 1 or true to enable service restarts on security updates
+Whatmaps::Enable-Restart "1";
+
+// What updates are considered security updates
+Whatmaps::Security-Update-Origins {
+   "\${distro_id} stable";
+   "\${distro_id} \${distro_codename}-security";
+};
+EOF
+        else
+            case $DBVAL in
+                "true") VAL=1;;
+                     *) VAL=0;;
+            esac
+            sed -ie "s,^\(\s*Whatmaps::Enable-Restart\s\+\"\)\S\+\(\"\s*;\),\1${VAL}\2," $APT_CONF
+        fi
+    ;;
+        abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 0
+    ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/templates b/debian/templates
new file mode 100644
index 0000000..83e32c1
--- /dev/null
+++ b/debian/templates
@@ -0,0 +1,11 @@
+Template: whatmaps/enable_service_restarts
+Type: boolean
+Default: false
+_Description: Automatically restart services after shared library security updates?
+ Services need to be restarted to benefit from updates of shared libraries they
+ depend on. Without that they remain vulnerable to security bugs fixed in these
+ updates.
+ .
+ Automatic service restarts are only done if apt fetched the library from a
+ source providing security updates. This also affects packages installed
+ via unattended-upgrades.