322eaf5814
See also f1be65668c
systemplate files should not be writable by lool user
Change-Id: I5684248d3d4b4b0ba56f8c5ab490a6e7df0e0038
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/98069
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Tested-by: Jenkins
Reviewed-by: Andras Timar <andras.timar@collabora.com>
37 lines
1 KiB
Bash
37 lines
1 KiB
Bash
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
case "$1" in
|
|
configure)
|
|
setcap cap_fowner,cap_mknod,cap_sys_chroot=ep /usr/bin/loolforkit || true
|
|
setcap cap_sys_admin=ep /usr/bin/loolmount || true
|
|
|
|
adduser --quiet --system --group --home /opt/lool lool
|
|
mkdir -p /var/cache/loolwsd && chown lool: /var/cache/loolwsd
|
|
rm -rf /var/cache/loolwsd/*
|
|
chown lool: /etc/loolwsd/loolwsd.xml
|
|
chmod 640 /etc/loolwsd/loolwsd.xml
|
|
|
|
# We assume that the LibreOffice to be used is built TDF-style
|
|
# and installs in @LO_PATH@, and that /opt/lool is
|
|
# on the same file system
|
|
|
|
rm -rf /opt/lool
|
|
mkdir -p /opt/lool/child-roots
|
|
chown lool: /opt/lool
|
|
chown lool: /opt/lool/child-roots
|
|
|
|
fc-cache @LO_PATH@/share/fonts/truetype
|
|
|
|
loolwsd-systemplate-setup /opt/lool/systemplate @LO_PATH@ >/dev/null 2>&1
|
|
loolwsd-generate-proof-key >/dev/null 2>&1
|
|
cat << EOF > /etc/apt/apt.conf.d/25loolwsd
|
|
// Rebuild systemplate of @APP_NAME@
|
|
DPkg::Post-Invoke { "echo Updating loolwsd systemplate;loolwsd-systemplate-setup /opt/lool/systemplate @LO_PATH@ >/dev/null 2>&1"; };
|
|
EOF
|
|
;;
|
|
|
|
esac
|
|
|
|
#DEBHELPER#
|