favoritter/dist/postinstall.sh

#!/bin/sh
# Post-install script for Favoritter .deb/.rpm package.
# Creates the system user, sets directory permissions, and handles upgrades.
#
# Debian/Ubuntu: called with "configure" on install/upgrade.
# RPM: called with 1 on first install, 2+ on upgrade.
set -e

# Create system user if it doesn't exist.
if ! getent passwd favoritter >/dev/null 2>&1; then
    useradd -r -s /usr/sbin/nologin -d /var/lib/favoritter favoritter
fi

# Ensure data directories exist with correct ownership.
install -d -o favoritter -g favoritter -m 0750 /var/lib/favoritter
install -d -o favoritter -g favoritter -m 0750 /var/lib/favoritter/uploads

# Reload systemd to pick up any service file changes.
if command -v systemctl >/dev/null 2>&1; then
    systemctl daemon-reload

    # On upgrade: restart the service if it was running.
    # This picks up the new binary without losing enable/disable state.
    if systemctl is-active --quiet favoritter 2>/dev/null; then
        systemctl restart favoritter
    fi
fi
feat: add packaging, deployment, error pages, and project docs Phase 7 — Polish: - Error page template with styled 404/403/500 pages - Error rendering helper on Renderer Phase 8 — Packaging & Deployment: - Containerfile: multi-stage build, non-root user, health check, OCI labels with build date and git revision - Makefile: build, test, cross-compile, deb, rpm, container, tarballs, checksums targets - nfpm.yaml: .deb and .rpm package config - systemd service: hardened with NoNewPrivileges, ProtectSystem, ProtectHome, PrivateTmp, RestrictSUIDSGID - Default environment file with commented examples - postinstall/preremove scripts (shellcheck validated) - compose.yaml: example Podman/Docker Compose - Caddyfile.example: subdomain, subpath, and remote proxy configs - CHANGELOG.md for release notes - CLAUDE.md with architecture, conventions, and quick reference Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 16:34:32 +02:00			`#!/bin/sh`
			`# Post-install script for Favoritter .deb/.rpm package.`
fix: preserve systemd enable/disable state on package upgrade The preremove script was unconditionally stopping and disabling the service, which meant upgrades (dpkg -i new.deb) would disable the service. Users had to manually re-enable after every upgrade. Now: - preremove: only stop+disable on actual removal (not upgrade) Checks $1 for "remove"/"purge" (deb) or "0" (rpm) - postinstall: restart the service on upgrade if it was running, preserving enable/disable state. Only shows first-install instructions on initial install. Tested with shellcheck. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 19:26:29 +02:00			`# Creates the system user, sets directory permissions, and handles upgrades.`
			`#`
			`# Debian/Ubuntu: called with "configure" on install/upgrade.`
			`# RPM: called with 1 on first install, 2+ on upgrade.`
feat: add packaging, deployment, error pages, and project docs Phase 7 — Polish: - Error page template with styled 404/403/500 pages - Error rendering helper on Renderer Phase 8 — Packaging & Deployment: - Containerfile: multi-stage build, non-root user, health check, OCI labels with build date and git revision - Makefile: build, test, cross-compile, deb, rpm, container, tarballs, checksums targets - nfpm.yaml: .deb and .rpm package config - systemd service: hardened with NoNewPrivileges, ProtectSystem, ProtectHome, PrivateTmp, RestrictSUIDSGID - Default environment file with commented examples - postinstall/preremove scripts (shellcheck validated) - compose.yaml: example Podman/Docker Compose - Caddyfile.example: subdomain, subpath, and remote proxy configs - CHANGELOG.md for release notes - CLAUDE.md with architecture, conventions, and quick reference Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 16:34:32 +02:00			`set -e`

			`# Create system user if it doesn't exist.`
			`if ! getent passwd favoritter >/dev/null 2>&1; then`
			`useradd -r -s /usr/sbin/nologin -d /var/lib/favoritter favoritter`
			`fi`

			`# Ensure data directories exist with correct ownership.`
			`install -d -o favoritter -g favoritter -m 0750 /var/lib/favoritter`
			`install -d -o favoritter -g favoritter -m 0750 /var/lib/favoritter/uploads`

fix: preserve systemd enable/disable state on package upgrade The preremove script was unconditionally stopping and disabling the service, which meant upgrades (dpkg -i new.deb) would disable the service. Users had to manually re-enable after every upgrade. Now: - preremove: only stop+disable on actual removal (not upgrade) Checks $1 for "remove"/"purge" (deb) or "0" (rpm) - postinstall: restart the service on upgrade if it was running, preserving enable/disable state. Only shows first-install instructions on initial install. Tested with shellcheck. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 19:26:29 +02:00			`# Reload systemd to pick up any service file changes.`
feat: add packaging, deployment, error pages, and project docs Phase 7 — Polish: - Error page template with styled 404/403/500 pages - Error rendering helper on Renderer Phase 8 — Packaging & Deployment: - Containerfile: multi-stage build, non-root user, health check, OCI labels with build date and git revision - Makefile: build, test, cross-compile, deb, rpm, container, tarballs, checksums targets - nfpm.yaml: .deb and .rpm package config - systemd service: hardened with NoNewPrivileges, ProtectSystem, ProtectHome, PrivateTmp, RestrictSUIDSGID - Default environment file with commented examples - postinstall/preremove scripts (shellcheck validated) - compose.yaml: example Podman/Docker Compose - Caddyfile.example: subdomain, subpath, and remote proxy configs - CHANGELOG.md for release notes - CLAUDE.md with architecture, conventions, and quick reference Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 16:34:32 +02:00			`if command -v systemctl >/dev/null 2>&1; then`
			`systemctl daemon-reload`
fix: preserve systemd enable/disable state on package upgrade The preremove script was unconditionally stopping and disabling the service, which meant upgrades (dpkg -i new.deb) would disable the service. Users had to manually re-enable after every upgrade. Now: - preremove: only stop+disable on actual removal (not upgrade) Checks $1 for "remove"/"purge" (deb) or "0" (rpm) - postinstall: restart the service on upgrade if it was running, preserving enable/disable state. Only shows first-install instructions on initial install. Tested with shellcheck. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 19:26:29 +02:00
			`# On upgrade: restart the service if it was running.`
			`# This picks up the new binary without losing enable/disable state.`
			`if systemctl is-active --quiet favoritter 2>/dev/null; then`
			`systemctl restart favoritter`
			`fi`
feat: add packaging, deployment, error pages, and project docs Phase 7 — Polish: - Error page template with styled 404/403/500 pages - Error rendering helper on Renderer Phase 8 — Packaging & Deployment: - Containerfile: multi-stage build, non-root user, health check, OCI labels with build date and git revision - Makefile: build, test, cross-compile, deb, rpm, container, tarballs, checksums targets - nfpm.yaml: .deb and .rpm package config - systemd service: hardened with NoNewPrivileges, ProtectSystem, ProtectHome, PrivateTmp, RestrictSUIDSGID - Default environment file with commented examples - postinstall/preremove scripts (shellcheck validated) - compose.yaml: example Podman/Docker Compose - Caddyfile.example: subdomain, subpath, and remote proxy configs - CHANGELOG.md for release notes - CLAUDE.md with architecture, conventions, and quick reference Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-29 16:34:32 +02:00			`fi`