| 12
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 
 | #!/bin/sh
set -e
[ "$DPKG_MAINTSCRIPT_PACKAGE" ] && . /usr/share/debconf/confmodule
SSL_ROOT=/etc/postgresql-common/root.crt
setup_createclusterconf ()
{
    [ "$DPKG_MAINTSCRIPT_PACKAGE" ] || return 0
    db_get postgresql-common/ssl
    case $RET in
        true) SSL=on ;;
        false) SSL=off ;;
        *) return ;;
    esac
    CCTEMPLATE="/usr/share/postgresql-common/createcluster.conf"
    CCTMP=`mktemp --tmpdir postgresql-common.XXXXXX`
    trap "rm -f $CCTMP" 0 2 3 15
    sed -e "s/^ssl =.*/ssl = $SSL/" $CCTEMPLATE > $CCTMP
    chmod 644 $CCTMP
    CCCONFIG="/etc/postgresql-common/createcluster.conf"
    ucf --debconf-ok $CCTMP $CCCONFIG
    ucfr postgresql-common $CCCONFIG
    rm -f $CCTMP
}
if [ "$1" = configure ]; then
    [ "$DPKG_MAINTSCRIPT_PACKAGE" ] && quiet="--quiet" # RedHat doesn't have this
    # Make sure the administrative user exists
    if ! getent passwd postgres > /dev/null; then
        adduser --system $quiet --home /var/lib/postgresql --no-create-home \
            --shell /bin/bash --group --gecos "PostgreSQL administrator" postgres
    fi
    # if the user was created manually, make sure the group is there as well
    if ! getent group postgres > /dev/null; then
        addgroup --system $quiet postgres
    fi
    # make sure postgres is in the postgres group
    if ! id -Gn postgres | grep -qw postgres; then
        adduser $quiet postgres postgres
    fi
    # check validity of postgres user and group
    if [ "`id -u postgres`" -eq 0 ]; then
        echo "The postgres system user must not have uid 0 (root).
Please fix this and reinstall this package." >&2
        exit 1
    fi
    if [ "`id -g postgres`" -eq 0 ]; then
        echo "The postgres system user must not have root as primary group.
Please fix this and reinstall this package." >&2
        exit 1
    fi
    # ensure home directory ownership
    mkdir -p /var/lib/postgresql
    su -s /bin/sh postgres -c "test -O /var/lib/postgresql &&
            test -G /var/lib/postgresql" || \
        chown postgres:postgres /var/lib/postgresql
    # config directory permissions
    chown postgres:postgres /etc/postgresql
    # nicer log directory permissions
    mkdir -p /var/log/postgresql
    chmod 1775 /var/log/postgresql
    chown root:postgres /var/log/postgresql
    # create socket directory
    [ -d /var/run/postgresql ] || \
       install -d -m 2775 -o postgres -g postgres /var/run/postgresql
    # create default dummy root.crt if not present
    if ! [ -e "$SSL_ROOT" ]; then
        cat > "$SSL_ROOT" <<EOF
This is a dummy root certificate file for PostgreSQL. To enable client side
authentication, add some certificates to it. Client certificates must be signed
with any certificate in this file to be accepted.
A reasonable choice is to just symlink this file to
/etc/ssl/certs/ssl-cert-snakeoil.pem; in this case, client certificates need to
be signed by the postgresql server certificate, which might be desirable in
many cases. See chapter "Server Setup and Operation" in the PostgreSQL
documentation for details (in package postgresql-doc-9.2).
  file:///usr/share/doc/postgresql-doc-9.2/html/ssl-tcp.html
EOF
    fi
    # Add postgres user to the ssl-cert group on fresh installs
    if [ -z "$2" ]; then
	if getent group ssl-cert >/dev/null; then
	    adduser $quiet postgres ssl-cert
	fi
    fi
    if [ "$2" ]; then
        /usr/share/postgresql-common/run-upgrade-scripts "$2" || true
    fi
    /usr/share/postgresql-common/pg_checksystem || true
    # Create createcluster.conf from debconf
    setup_createclusterconf
    # Forget about ucf logrotate config handling
    if dpkg --compare-versions "$2" lt 183~; then
        LRCONFIG="/etc/logrotate.d/postgresql-common"
        ucf --purge $LRCONFIG
        ucfr --purge postgresql-common $LRCONFIG
    fi
    # Create tsearch dictionaries on first install
    if [ -z "$2" ]; then
        pg_updatedicts
    fi
fi
if [ "$1" = triggered ]; then
    pg_updatedicts || true
    db_stop
    exit 0  # skip daemon restart below
fi
[ "$DPKG_MAINTSCRIPT_PACKAGE" ] && db_stop
#DEBHELPER#
exit 0
 |