runonce is an attempt to take some of the pain out of postinstalls by moving them to the first boot of the system. This reduces the amount of items you have to worry about. If the postinstall script runs on a regular system, it should run on your postinstall.

If you run a postinstall script directly in the postinstall part of your system installation a number of problems can arise:

Resources that are not (yet) available. Applications, network services, configuration items, etc. are often needed to configure the last parts of the servers’ services. If they aren’t then that script can fail or partially fail.

Some postinstall items take a long time to finish, during that time the server is not available, leading to insecurity whether or not the server is installing or is hanging.

Traditional solutions often look like this:

ls -1 $POSTINSTALLDIR/* | while read scriptname
    if [ -x “$scriptname” ]
    chmod 000 $scriptname

This is fine until you have a configuration manager that resets the file permissions.

runonce avoids this by keeping the scripts in one directory and the lockfiles in another. It the lockfile exists then the script is not executed.