Fix #150: Update ignores skipfw = True, remove deprecated postinst code.

debian/postinst

@@ -2,7 +2,7 @@
 #
 # postinst script for linuxmuster-base
 # thomas@linuxmuster.net
-# 20230801
+# 20240220
 # GPL v3
 #
 
@@ -72,14 +72,6 @@ case "$1" in
   # skip subsequent actions on configured systems
   [ -s "$SETUPINI" ] || exit 0
 
-  # create firewall fullchain pem file
-  fwcert="$(echo "$FWFULLCHAIN" | sed -e 's|.fullchain.|.cert.|')"
-  if [ ! -s "$FWFULLCHAIN" -a -s "$fwcert" ]; then
-    echo "Creating $(basename "$FWFULLCHAIN")."
-    cat "$fwcert" "$CACERT" > "$FWFULLCHAIN"
-    chmod 640 "$FWFULLCHAIN"
-  fi
-
   # provide cacert.pem for clients if not present
   if [ -n "$domainname" -a -s "$CACERT" ]; then
     sysvoltlsdir="$(echo "$SYSVOLTLSDIR" | sed -e 's|@@domainname@@|'"$domainname"'|')"
@@ -103,45 +95,6 @@ case "$1" in
     fi
   fi
 
-  # create dns-admin account
-  if ! id dns-admin &> /dev/null; then
-    echo "Creating dns-admin account."
-    # create user password
-    conf="$DNSADMINSECRET"
-    dnspw="$(python3 -c 'from functions import randomPassword; print(randomPassword(16))')"
-    echo "$dnspw" > "$conf"
-    chgrp dhcpd "$conf"
-    chmod 440 "$conf"
-    # create account
-    desc="Unprivileged user for DNS updates via DHCP server"
-    auth="-U administrator --password="$(cat "$ADADMINSECRET")""
-    samba-tool user create dns-admin "$dnspw" --description="$desc" $auth
-    samba-tool user setexpiry dns-admin --noexpiry $auth
-    samba-tool group addmembers DnsAdmins dns-admin $auth
-  fi
-
-  # dhcpd updates
-  conf='/etc/dhcp/events.conf'
-  if [ ! -e "$conf" ] || ! grep -q '# 20220119' "$conf" ; then
-    echo "Updating dhcp configuration."
-    cp "$TPLDIR/dhcpd.events.conf" "$conf"
-    conf='/etc/dhcp/dhcpd.conf'
-    cp "$conf" "$conf".dpkg-bak."$datestr"
-    tpl="$TPLDIR/dhcpd.conf"
-    sed -e "s|@@servername@@|$servername|g
-            s|@@domainname@@|$domainname|g
-            s|@@serverip@@|$serverip|g" "$tpl" > "$conf"
-    systemctl restart isc-dhcp-server.service
-  fi
-  # apparmor dhcp update
-  conf="/etc/apparmor.d/local/usr.sbin.dhcpd"
-  if ! grep -q dhcpd-update-samba-dns.py "$conf"; then
-    echo "Updating apparmor configuration."
-    cp "$conf" "$conf".dpkg-bak."$datestr"
-    cp "$TPLDIR/dhcpd.apparmor.d" "$conf"
-    systemctl restart apparmor.service
-  fi
-
   # enable ntp service, change firewall name to ip (#88)
   if timedatectl status | grep -qi 'active: yes'; then
     echo "Disabling timesyncd service."
@@ -153,59 +106,6 @@ case "$1" in
     systemctl start ntp.service
   fi
 
-  # remove obsolete sudo users for webui (#90)
-  for i in student teacher; do
-    id "$i" &> /dev/null && userdel "$i"
-    [ -e "/etc/sudoers.d/$i" ] && rm "/etc/sudoers.d/$i"
-  done
-
-  # install necessary sudoers config for webui (#91)
-  tpl="$TPLDIR/webui-sudoers"
-  conf="$(head -1 $tpl | awk '{ print $2 }')"
-  search="# 20200720"
-  if [ ! -e "$conf" ] || ! grep -q ^"$search" "$conf"; then
-    echo "Updating webui sudoers."
-    sed -e "s|@@sambadomain@@|$sambadomain|g" "$tpl" > "$conf"
-    chmod 400 "$conf"
-  fi
-
-  # fix #83, patch opnsense's web-proxy sso configuration (only if system is configured)
-  if [ -e "$FWAPIKEYS" ]; then
-    # test ssh link to firewall
-    if ssh -q -oBatchMode=yes -oStrictHostKeyChecking=accept-new "$firewallip" exit; then
-      echo "SSH connection to firewall $firewallip successfully established."
-    else
-      echo "SSH connection to firewall $firewallip failed!"
-      exit 0
-    fi
-    # remove obsolete configs
-    squiddir="/usr/local/etc/squid"
-    confs="$squiddir/auth/credentialsttl.conf $squiddir/pre-auth/50-linuxmuster.auth.conf"
-    for conf in $confs; do
-      if ssh -q -oBatchMode=yes -oStrictHostKeyChecking=accept-new "$firewallip" ls "$conf" &> /dev/null; then
-        echo "Removing obsolete opnsense configfile $(basename $conf)."
-        ssh "$firewallip" rm -f "$conf"
-        restart="yes"
-      fi
-    done
-    # create new config file
-    conf="$(head -1 $FWAUTHCFG | awk '{ print $2 }')"
-    if ! ssh -q -oBatchMode=yes -oStrictHostKeyChecking=accept-new "$firewallip" ls "$conf" &> /dev/null; then
-      echo "Creating new opnsense configfile $(basename $conf)."
-      # create config file
-      "$FWSHAREDIR/create-auth-config.py"
-      conftmp="/tmp/$(basename $FWAUTHCFG)"
-      [ -s "$conftmp" ] || exit 0
-      scp "$conftmp" "$firewallip":"$conf"
-      rm -f "$conftmp"
-      restart="yes"
-    fi
-    if [ -n "$restart" ]; then
-      echo "Restarting proxy:"
-      ssh "$firewallip" pluginctl -s squid restart
-    fi
-  fi
-
  ;;
 
  abort-upgrade|abort-remove|abort-deconfigure)