refine parsing policykit and systemd versions

.github/workflows/cpack.yml

@@ -60,11 +60,11 @@ jobs:
         if: ${{ matrix.distro.name == 'ubuntu' }}
         shell: bash
         run: |
-          apt -y update
-          apt-get -y install software-properties-common
-          add-apt-repository -y ppa:git-core/ppa
-          apt -y update
-          apt -y install git
+          apt-get update
+          apt-get install --yes software-properties-common
+          add-apt-repository --yes ppa:git-core/ppa
+          apt-get update
+          apt-get install --yes git
           git --version
 
       - name: install contemporary Git in runner container if RedHat 8 or 9
@@ -123,7 +123,7 @@ jobs:
           DEBIAN_FRONTEND: noninteractive
         shell: bash
         run: |
-          apt -y install ./build/ziti-edge-tunnel-*.deb
+          apt-get -y install ./build/ziti-edge-tunnel-*.deb
 
       - name: install package artifact in runner container if RedHat
         if: ${{ matrix.arch.cmake == 'ci-linux-x64' && matrix.distro.name == 'redhat' }}

programs/ziti-edge-tunnel/package/deb/postinst.in

@@ -30,13 +30,22 @@ if [ "$1" = "configure" ]; then
   chmod 0770 "@ZITI_IDENTITY_DIR@"
   find "@ZITI_IDENTITY_DIR@" -maxdepth 1 -name "*.json" -type f -exec chown ziti:ziti "{}" + -exec chmod 0400 "{}" +
 
-  policykit_version=$(dpkg-query -Wf '${Version;5}' policykit-1 | cut -d . -f 2)
-  systemd_version=$(dpkg-query -Wf '${Version;3}' systemd)
+  # sort ascending the installed and max policykit versions, saving the highest version, so we
+  # can ensure the installed version is less than the max version
+  policykit_version="$(dpkg-query -Wf '${Version}' policykit-1)"
+  max_policykit_version="0.106"
+  highest_policykit_version="$(printf '%s\n' ${policykit_version} ${max_policykit_version} | sort -V | tail -n1)"
 
-  # install PolicyKit policy if using policykit < 0.106 (https://askubuntu.com/questions/1287924/whats-going-on-with-policykit)
-  if [ ${policykit_version} -lt 106 ]; then
-    # ... the set-llmnr action was exposed with v243 (https://github.com/systemd/systemd/commit/52aaef0f5dc81b9a08d720f551eac53ac88aa596)
-    if [ ${systemd_version} -ge 243 ]; then
+  # sort ascending the installed and min systemd versions, saving the lowest version, so we can ensure the installed
+  # version is greater than or equal to the min version
+  systemd_version=$(dpkg-query -Wf '${Version}' systemd)
+  min_systemd_version="243"
+  lowest_systemd_version="$(printf '%s\n' ${systemd_version} ${min_systemd_version} | sort -V | head -n1)"
+
+  # install PolicyKit policy if < v0.106 (https://askubuntu.com/questions/1287924/whats-going-on-with-policykit)
+  if [ ${policykit_version} != ${max_policykit_version} ] && [ ${max_policykit_version} = ${highest_policykit_version} ]; then
+    # run as root unless systemd >= v243 (required set-llmnr introduced v243 https://github.com/systemd/systemd/commit/52aaef0f5dc81b9a08d720f551eac53ac88aa596)
+    if [ ${systemd_version} = ${min_systemd_version} ] || [ ${min_systemd_version} = ${lowest_systemd_version} ]; then
       cp "@CPACK_SHARE_DIR@/@[email protected]" "/var/lib/polkit-1/localauthority/10-vendor.d/@ZITI_POLKIT_PKLA_FILE@"
       db_set ziti_edge_tunnel/install_pkla true
     else

scripts/install-ubuntu.bash

@@ -35,5 +35,5 @@ sudo chmod +r /usr/share/keyrings/openziti.gpg
 echo "deb [signed-by=/usr/share/keyrings/openziti.gpg] https://packages.openziti.org/zitipax-openziti-deb-stable ${UBUNTU_LTS} main" \
   | sudo tee /etc/apt/sources.list.d/openziti.list >/dev/null
 
-sudo apt update
-sudo apt install -y ziti-edge-tunnel
+sudo apt-get update
+sudo apt-get install --yes ziti-edge-tunnel