Move some setup code into postinst script

debian/sandbox-app-launcher.postinst

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+## Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
+## See the file COPYING for copying conditions.
+
+if [ -f /usr/lib/helper-scripts/pre.bsh ]; then
+   source /usr/lib/helper-scripts/pre.bsh
+fi
+
+set -e
+
+true "
+#####################################################################
+## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@
+#####################################################################
+"
+
+main_app_dir="/usr/share/sandbox-app-launcher"
+auto_dir="/var/cache/sandbox-app-launcher-autogenerated"
+wrapper_dir="${auto_dir}/wrappers"
+wrapper_dir_wx="${wrapper_dir}-wx"
+appdata_dir="/home/sandbox-app-launcher-appdata"
+shared_dir="${appdata_dir}/shared"
+
+for dir in "${main_app_dir}" "${auto_dir}" "${wrapper_dir}" "${wrapper_dir_wx}" "${appdata_dir}"; do
+  if ! [ -d "${dir}" ]; then
+    mkdir -m 755 "${dir}"
+  fi
+done
+
+if ! [ -d "${shared_dir}" ]; then
+  mkdir -m 1777 "${shared_dir}"
+fi
+
+## Generate seccomp filter.
+compiler_flags="-lseccomp -ldl -D_GNU_SOURCE -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-all -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now"
+
+"${main_app_dir}/autogen-seccomp" "${main_app_dir}/seccomp-whitelist" > "${auto_dir}/seccomp.c"
+"${main_app_dir}/autogen-seccomp" "${main_app_dir}/seccomp-whitelist-wx" > "${auto_dir}/seccomp-wx.c"
+str_replace "seccomp-filter.bpf" "seccomp-filter-wx.bpf" "${auto_dir}/seccomp-wx.c" >/dev/null
+
+gcc "${auto_dir}/seccomp.c" -o "${auto_dir}/seccomp" ${compiler_flags}
+gcc "${auto_dir}/seccomp-wx.c" -o "${auto_dir}/seccomp-wx" ${compiler_flags}
+
+chmod 700 "${auto_dir}/seccomp" "${auto_dir}/seccomp-wx"
+"${auto_dir}/seccomp"
+"${auto_dir}/seccomp-wx"
+
+true "INFO: debhelper beginning here."
+
+#DEBHELPER#
+
+true "INFO: Done with debhelper."
+
+true "
+#####################################################################
+## INFO: END  : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@
+#####################################################################
+"
+
+## Explicitly "exit 0", so eventually trapped errors can be ignored.
+exit 0

usr/bin/sandbox-app-launcher

@@ -126,20 +126,12 @@ setup() {
     exit 1
   fi
 
-  for dir in "${main_app_dir}" "${auto_dir}" "${wrapper_dir}" "${wrapper_dir_wx}" "${appdata_dir}"; do
-    if ! [ -d "${dir}" ]; then
-      mkdir -m 755 "${dir}"
-    fi
-  done
   for dir in "${main_app_dir}" "${auto_dir}" "${wrapper_dir}" "${wrapper_dir_wx}" "${appdata_dir}"; do
     if ! [ "$(stat -c %a "${dir}")" = "755" ]; then
         chmod 755 "${dir}"
     fi
   done
 
-  if ! [ -d "${shared_dir}" ]; then
-    mkdir -m 1777 "${shared_dir}"
-  fi
   if ! [ "$(stat -c %a "${shared_dir}")" = "1777" ]; then
     chmod 1777 "${dir}"
   fi
@@ -181,24 +173,6 @@ setup() {
     touch /etc/machine-id
   fi
 
-  ## Generate seccomp filter.
-  compiler_flags="-lseccomp -ldl -D_GNU_SOURCE -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-all -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now"
-
-  if ! [ -f "${seccomp_filter}" ]; then
-    "${main_app_dir}/autogen-seccomp" "${main_app_dir}/seccomp-whitelist" > "${auto_dir}/seccomp.c"
-    gcc "${auto_dir}/seccomp.c" -o "${auto_dir}/seccomp" ${compiler_flags}
-    chmod 700 "${auto_dir}/seccomp"
-    "${auto_dir}/seccomp"
-  fi
-
-  if ! [ -f "${main_app_dir}/seccomp-filter-wx.bpf" ]; then
-    "${main_app_dir}/autogen-seccomp" "${main_app_dir}/seccomp-whitelist-wx" > "${auto_dir}/seccomp-wx.c"
-    str_replace "seccomp-filter.bpf" "seccomp-filter-wx.bpf" "${auto_dir}/seccomp-wx.c" >/dev/null
-    gcc "${auto_dir}/seccomp-wx.c" -o "${auto_dir}/seccomp-wx" ${compiler_flags}
-    chmod 700 "${auto_dir}/seccomp-wx"
-    "${auto_dir}/seccomp-wx"
-  fi
-
   ## Create wrapper.
   rm --force "${wrapper_script}"
   touch "${wrapper_script}"