.deb/.rpm: various fixes related to non-root
* Explicitly chown /var/lib/osmocom to osmocom:osmocom, instead of relying on systemd to do it when the service starts up. This does not work with the systemd versions in debian 10 and almalinux 8. * deb: Use "useradd" instead of the interactive "adduser" perl script from Debian. This makes it consistent with how we do it in rpm, and avoids the dependency on "adduser". * deb: Consistently use tabs through the file, instead of mixing tabs and spaces. * deb: Remove support for the "dpkg-statoverride --list" logic. This seems to be a rather obscure feature to override permissions for certain files or directories, for which it does not seem to be a good idea to make the postinst script less maintainable. Something similar can be achieved by using your own Osmocom config file in a different path with different permissions. Related: OS#4107 Change-Id: Ie34e7aa65e576cf1742a33530a6f44d2344c39d0
This commit is contained in:
parent
ee75a07dfd
commit
f3cc0d9e57
|
@ -158,7 +158,8 @@ chown osmocom:osmocom /etc/osmocom/osmo-stp.cfg
|
|||
chmod 0660 /etc/osmocom/osmo-stp.cfg
|
||||
chown root:osmocom /etc/osmocom
|
||||
chmod 2775 /etc/osmocom
|
||||
|
||||
mkdir -p /var/lib/osmocom
|
||||
chown -R osmocom:osmocom /var/lib/osmocom
|
||||
|
||||
%files -n libosmo-mtp-devel
|
||||
%dir %{_includedir}/%{name}
|
||||
|
|
|
@ -100,8 +100,7 @@ Multi-Arch: same
|
|||
Section: net
|
||||
Depends: libosmo-sigtran9,
|
||||
${shlibs:Depends},
|
||||
${misc:Depends},
|
||||
adduser
|
||||
${misc:Depends}
|
||||
Description: Osmocom SIGTRAN STP (Signaling Transfer Point)
|
||||
This is the Osmocom (Open Source Mobile Communications) implementation
|
||||
of a Signaling Transfer Point (STP) for SS7/SIGTRAN telecommunication
|
||||
|
|
|
@ -1,37 +1,28 @@
|
|||
#!/bin/sh -e
|
||||
# Create 'osmocom' user and group (if it doesn't exist yet) and adjust permissions
|
||||
# of directories which are not automatically adjusted by systemd from previous (root-owned)
|
||||
# install.
|
||||
|
||||
# N. B: the user is intentionally NOT removed during package uninstall:
|
||||
# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning.
|
||||
chperms() {
|
||||
# chperms <user> <group> <perms> <file>
|
||||
if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then
|
||||
if [ -e $4 ]; then
|
||||
chown $1:$2 $4
|
||||
chmod $3 $4
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
if ! getent passwd osmocom > /dev/null; then
|
||||
adduser --quiet \
|
||||
--system \
|
||||
--group \
|
||||
--no-create-home \
|
||||
--disabled-password \
|
||||
--home /var/lib/osmocom \
|
||||
--gecos "Open Source Mobile Communications" \
|
||||
osmocom
|
||||
fi
|
||||
# Set permissions according to https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners
|
||||
chperms osmocom osmocom 0660 /etc/osmocom/osmo-stp.cfg
|
||||
chperms root osmocom 2775 /etc/osmocom
|
||||
configure)
|
||||
# Create the osmocom group and user (if it doesn't exist yet)
|
||||
if ! getent group osmocom >/dev/null; then
|
||||
groupadd --system osmocom
|
||||
fi
|
||||
if ! getent passwd osmocom >/dev/null; then
|
||||
useradd \
|
||||
--system \
|
||||
--gid osmocom \
|
||||
--home-dir /var/lib/osmocom \
|
||||
--shell /sbin/nologin \
|
||||
--comment "Open Source Mobile Communications" \
|
||||
osmocom
|
||||
fi
|
||||
|
||||
;;
|
||||
# Fix permissions of previous (root-owned) install (OS#4107)
|
||||
chown osmocom:osmocom /etc/osmocom/osmo-stp.cfg
|
||||
chmod 0660 /etc/osmocom/osmo-stp.cfg
|
||||
chown root:osmocom /etc/osmocom
|
||||
chmod 2775 /etc/osmocom
|
||||
mkdir -p /var/lib/osmocom
|
||||
chown -R osmocom:osmocom /var/lib/osmocom
|
||||
;;
|
||||
esac
|
||||
|
||||
# dh_installdeb(1) will replace this with shell code automatically
|
||||
|
|
Loading…
Reference in New Issue