ensure that /usr/local/pf/conf/system_init_key is created

inverse-inc · Feb 26, 2025 · d3bca92 · d3bca92
1 parent 3be0b6d
commit d3bca92
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 4 deletions.
diff --git a/debian/packetfence-config.postinst b/debian/packetfence-config.postinst
@@ -19,6 +19,12 @@ set -e
 
 DIST=$(lsb_release -c -s)
 
+setup_system_init_key() {
+    if [ ! -f /usr/local/pf/conf/system_init_key ]; then
+        hexdump -e '/1 "%x"' < /dev/urandom | head -c 32 > /usr/local/pf/conf/system_init_key
+    fi
+}
+
 case "$1" in
     configure)
         if [ ! -f /usr/local/pf/conf/pfconfig.conf ]; then
@@ -29,10 +35,7 @@ case "$1" in
             echo "pfconfig.conf already exists, won't touch it!"
         fi
 
-        if [ ! -f /usr/local/pf/conf/system_init_key ]; then
-            hexdump -e '/1 "%x"' < /dev/urandom | head -c 32 > /usr/local/pf/conf/system_init_key
-        fi
-
+        setup_system_init_key
 	/sbin/ldconfig
         if [ ${DIST} = "jessie" ] || [ ${DIST} = "stretch" ] || [ ${DIST} = "bullseye" ] || [ ${DIST} = "bookworm" ]; then
 	    systemctl enable packetfence-config

diff --git a/debian/packetfence-config.preinst b/debian/packetfence-config.preinst
@@ -21,9 +21,15 @@ stop_service_if_exists() {
     fi
 }
 
+setup_system_init_key() {
+    if [ ! -f /usr/local/pf/conf/system_init_key ]; then
+        hexdump -e '/1 "%x"' < /dev/urandom | head -c 32 > /usr/local/pf/conf/system_init_key
+    fi
+}
 
 case "$1" in
     install)
+        setup_system_init_key
         if grep -E "^pf:" /etc/passwd > /dev/null ; then
                 echo "pf user already exist"
         else
@@ -37,6 +43,7 @@ case "$1" in
         exit 0
     ;;
     upgrade)
+        setup_system_init_key
         stop_service_if_exists packetfence-config
         set +e 
         /usr/sbin/update-rc.d -f packetfence-config remove

diff --git a/debian/packetfence.postinst b/debian/packetfence.postinst
@@ -23,8 +23,15 @@ export LC_CTYPE
 
 DIST=$(lsb_release -c -s)
 
+setup_system_init_key() {
+    if [ ! -f /usr/local/pf/conf/system_init_key ]; then
+        hexdump -e '/1 "%x"' < /dev/urandom | head -c 32 > /usr/local/pf/conf/system_init_key
+    fi
+}
+
 case "$1" in
     configure)
+        setup_system_init_key
         export PACKETFENCE=/usr/local/pf
         export PERL5LIB=/usr/local/pf/lib
         find $PACKETFENCE/conf -type f -exec chmod 664 '{}' \;

diff --git a/debian/packetfence.preinst b/debian/packetfence.preinst
@@ -51,8 +51,15 @@ rm_conffile() {
     fi
 }
 
+setup_system_init_key() {
+    if [ ! -f /usr/local/pf/conf/system_init_key ]; then
+        hexdump -e '/1 "%x"' < /dev/urandom | head -c 32 > /usr/local/pf/conf/system_init_key
+    fi
+}
+
 case "$1" in
     install)
+        setup_system_init_key
         stop_service_if_exists packetfence
         if [ -z "$(getent passwd pf)" ]; then
             if ! /usr/bin/id -g pf &>/dev/null; then
@@ -85,6 +92,7 @@ case "$1" in
     ;;
 
     upgrade)
+        setup_system_init_key
         # mv the old raddb dir if upgrading from FreeRADIUS 2
         echo "Upgrading from $2"
         if dpkg --compare-versions "$2" lt "6"; then