1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
|
#!/bin/sh
# postinst script for xbmc-live
#
# see: dh_installdeb(1)
set -e
release="$(lsb_release -r | cut -f2 | sed 's/\.//')"
case "$1" in
configure)
# TODO: What's the purpose of this line? As I see it, if 'xbmc' can't
# get a console session going, we're in trouble anyway. ceros
sed -i.bak-xbmc-live s/allowed_users=console/allowed_users=anybody/ /etc/X11/Xwrapper.config
xbmcUser=xbmc
# Read configuration variable file if it is present
[ -r /etc/default/xbmc-live ] && . /etc/default/xbmc-live
if ! getent passwd $xbmcUser >/dev/null; then
xbmcUser=$(getent passwd 1000 | sed -e 's/\:.*//')
if [ -z "$xbmcUser" ]; then
# Add the 'xbmc' user if the primary one is missing
clearTextPWD=xbmc
encryptedPWD=$(echo $clearTextPWD | mkpasswd -s)
adduser --disabled-password --gecos "XBMC Live User" xbmc
usermod -p $encryptedPWD xbmc
xbmcUser=xbmc
fi
fi
# Add 'xbmcUser' user to the appropriate groups
# Below is a listing of groups and their purpose
# adm - For reading system logs (minimal systems may have this user only)
# sudo - allow optional passwordless sudo (with trivial intervention on /etc/sudoers)
# cdrom - optical disc drive access
# floppy - floppy drive access
# audio - audio device access
# video - video device access
# plugdev - enable automatic notifications of new devices
# netdev - managing network connections via NetworkManager
# powerdev - to be able to hibernate/suspend
# fuse - to be able to mount filesystems as normal user
GROUPS="adm
sudo
cdrom
floppy
audio
video
plugdev
netdev
powerdev
fuse
polkituser"
# TODO: this probably isn't necessary anymore as PolicyKit is now being
# used
for GROUP in $GROUPS; do
if getent group $GROUP >/dev/null && \
! getent group $GROUP | grep -q $xbmcUser; then
adduser $xbmcUser $GROUP
fi
done
SUDOERSBLOCK_TEMPFILE=$(mktemp -q)
cat > $SUDOERSBLOCK_TEMPFILE <<ENDOFBLOCK
### XBMC-specific configuration ###
# XBMC
Cmnd_Alias SHUTDOWN_CMDS = /sbin/shutdown, /sbin/reboot, /sbin/halt # XBMC
Cmnd_Alias MOUNT_CMDS = /bin/mount, /bin/umount # XBMC
$xbmcUser ALL=(ALL) ALL # XBMC
$xbmcUser ALL=NOPASSWD: SHUTDOWN_CMDS, MOUNT_CMDS # XBMC
ENDOFBLOCK
SUDOERS_TEMPFILE=$(mktemp -q)
# Simply create a sudoers file if none exists
if [ ! -e /etc/sudoers ]; then
cat > /etc/sudoers <<ENDOFBLOCK
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=NOPASSWD: ALL
ENDOFBLOCK
chmod 0440 /etc/sudoers
fi
# Add xbmc to the sudoers file (if not already done)
if ! grep -i -q XBMC-specific /etc/sudoers ; then
cat /etc/sudoers $SUDOERSBLOCK_TEMPFILE > $SUDOERS_TEMPFILE
# Check if sudoers file is ok with visudo and write to /etc/sudoers if
# it is ok, else display a message to the user.
if visudo -c -f $SUDOERS_TEMPFILE >/dev/null 2>&1; then
cp -f $SUDOERS_TEMPFILE /etc/sudoers
else
# TODO: Use debconf for this message.
echo "Couldn't edit /etc/sudoers, must be manually edited."
echo "Please edit /etc/sudoers using 'visudo' and add the following"
echo "entries:"
cat $SUDOERSBLOCK_TEMPFILE
fi
fi
rm $SUDOERS_TEMPFILE
rm $SUDOERSBLOCK_TEMPFILE
#Maverick no longer has polkit-auth, we have to use a .pkla file instead
if [ $release -ge 1010 ]; then
cat > /var/lib/polkit-1/localauthority/50-local.d/20-xbmclive.pkla <<ENDOFBLOCK
# Policy to allow the livecd user to bypass policykit. Should be installed at /var/lib/polkit-1/localauthority/50-local.d/20-xbmclive.pkla
[XBMC-Live user permissions]
Identity=unix-user:${xbmcUser}
Action=*
ResultAny=no
ResultInactive=no
ResultActive=yes
ENDOFBLOCK
else
# This is a list of actions that the 'xbmc' user should be allowed to
# do. If we missed one, or we have one that's not necessary, please
# submit a bug report.
POLKIT_ACTIONS="org.freedesktop.hal.dockstation.undock
org.freedesktop.hal.wol.enabled
org.freedesktop.hal.wol.enable
org.freedesktop.hal.wol.supported
org.freedesktop.hal.leds.brightness
org.freedesktop.hal.device-access.audio-player
org.freedesktop.hal.device-access.camera
org.freedesktop.hal.device-access.cdrom
org.freedesktop.hal.device-access.dvb
org.freedesktop.hal.device-access.fingerprint-reader
org.freedesktop.hal.device-access.floppy
org.freedesktop.hal.device-access.ieee1394-avc
org.freedesktop.hal.device-access.ieee1394-iidc
org.freedesktop.hal.device-access.joystick
org.freedesktop.hal.device-access.mouse
org.freedesktop.hal.device-access.obex
org.freedesktop.hal.device-access.pda
org.freedesktop.hal.device-access.printer
org.freedesktop.hal.device-access.scanner
org.freedesktop.hal.device-access.sound
org.freedesktop.hal.device-access.video
org.freedesktop.hal.device-access.video4linux
org.freedesktop.hal.lock
org.freedesktop.hal.killswitch.bluetooth
org.freedesktop.hal.killswitch.wlan
org.freedesktop.hal.killswitch.wwan
org.freedesktop.hal.storage.mount-removable
org.freedesktop.hal.storage.eject
org.freedesktop.hal.storage.crypto-setup-removable
org.freedesktop.hal.power-management.shutdown
org.freedesktop.hal.power-management.reboot
org.freedesktop.hal.power-management.set-powersave
org.freedesktop.hal.power-management.suspend
org.freedesktop.hal.power-management.hibernate
org.freedesktop.hal.power-management.cpufreq
org.freedesktop.hal.power-management.lcd-panel
org.freedesktop.hal.power-management.light-sensor
org.freedesktop.hal.power-management.keyboard-backlight
org.freedesktop.devicekit.power.suspend
org.freedesktop.devicekit.power.Hibernate
org.freedesktop.consolekit.system.stop
org.freedesktop.devicekit.disks.filesystem-mount
org.freedesktop.devicekit.disks.filesystem-mount-system-internal
org.freedesktop.devicekit.disks.filesystem-unmount-others
org.freedesktop.devicekit.disks.drive-eject
org.freedesktop.devicekit.disks.drive-detach
org.freedesktop.upower.suspend
org.freedesktop.upower.hibernate
org.freedesktop.udisks.filesystem-mount
org.freedesktop.udisks.filesystem-mount-system-internal
org.freedesktop.udisks.filesystem-unmount-others
org.freedesktop.udisks.drive-eject
org.freedesktop.udisks.drive-detach"
# Grant the 'xbmc' user each action from the list if not done already
for ACTION in $POLKIT_ACTIONS; do
if polkit-auth --user $xbmcUser --show-obtainable | \
grep -q $ACTION; then
polkit-auth --user $xbmcUser --grant $ACTION
fi
done
fi
# Add <xbmc=autostart,nodiskmount,setvolume loglevel=0> to grub's kernel entries
if [ -f /boot/grub/menu.lst ]; then
if ! grep -q -i "xbmc=autostart" /boot/grub/menu.lst ; then
# TODO Do not modify single-mode entry
sed -i -e "/^kernel/s/\(.*\)/\1 xbmc=autostart,nodiskmount,setvolume loglevel=0/" /boot/grub/menu.lst
sed -i -e "/^# kopt=root=/s/\(.*\)/\1 xbmc=autostart,nodiskmount,setvolume loglevel=0/" /boot/grub/menu.lst
fi
fi
if [ -f /boot/grub/grub.cfg ]; then
if ! grep -q -i "xbmc=autostart" /etc/default/grub ; then
sed -i -e "/^GRUB_CMDLINE_LINUX_DEFAULT=/s/\"\(.*\)\"/\"\1 xbmc=autostart,nodiskmount loglevel=0\"/" /etc/default/grub
update-grub
fi
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# Upstart scripts tested on karmic+ only (>=9.10) and not backward compatible ATM
if [ $release -ge 910 ]; then
if [ -f "/etc/init.d/xbmc-live" ]; then
update-rc.d -f xbmc-live remove >/dev/null
rm /etc/init.d/xbmc-live >/dev/null
fi
ln -s /lib/init/upstart-job /etc/init.d/xbmc-live
else
if [ -f "/etc/init/xbmc-live.conf" ]; then
rm /etc/init/xbmc-live.conf >/dev/null
fi
if [ -f "/etc/init/xbmc-live-install" ]; then
rm /etc/init/xbmc-live-install.conf >/dev/null
fi
if [ -x "/etc/init.d/xbmc-live" ]; then
update-rc.d xbmc-live defaults >/dev/null
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d xbmc-live start || exit $?
else
/etc/init.d/xbmc-live start || exit $?
fi
fi
fi
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
|
