On 08.04.2014 10:30, Andrei POPESCU wrote: > On Lu, 07 apr 14, 20:03:51, Markus Koschany wrote: >> >> Here is the changelog: > ... >> * transmission-daemon.postrm: >> - Also delete debian-transmission user when purging the daemon. > > Didn't get the chance to test your patch, but this caught my eye. As far > as I recall the consensus was that removing package created users is > dangerous and they should be disabled instead. I can't find a reference > for that now, but I found[1] which is also interesting. > > [1] https://lists.debian.org/debian-devel/2014/02/msg00187.html
Thanks for pointing this out. There is at least one open Policy bug about removing system users. https://bugs.debian.org/621833 Unfortunately there are no written guidelines for maintainers and I know a couple of packages that remove system users in postrm and I think they are not always completely wrong. However this part of the patch is not necessary to solve the bug thus I have removed the deluser line from transmission-daemon.postrm. Updated patch is attached. Regards, Markus
From c83161d86636b98af8681017873d13d9d9918b86 Mon Sep 17 00:00:00 2001
From: Markus Koschany <a...@gambaru.de>
Date: Mon, 7 Apr 2014 16:34:04 +0200
Subject: [PATCH] fix 718624 and 734467
---
debian/changelog | 31 +++++++++++++++++++++++++++++++
debian/transmission-daemon.dirs | 1 -
debian/transmission-daemon.links | 3 ++-
debian/transmission-daemon.postinst | 9 ++++++---
debian/transmission-daemon.postrm | 4 ++--
debian/transmission-daemon.preinst | 23 +++++++++++++++++++++++
6 files changed, 64 insertions(+), 7 deletions(-)
create mode 100644 debian/transmission-daemon.preinst
diff --git a/debian/changelog b/debian/changelog
index 780b145..4fa93ad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,34 @@
+transmission (2.82-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * transmission-daemon.postinst:
+ - Change home directory of transmission-daemon to
+ /var/lib/transmission-daemon from /home/debian-transmission.
+ Thanks to Alex Peters for the report. (Closes: #734467)
+ - Disable password authentication for debian-transmission user for improved
+ security. Logins with e.g. SSH RSA keys are still possible.
+ - Check existence of debian-transmission user with getent passwd
+ debian-transmission instead of id.
+ * Add transmission-daemon.preinst:
+ - Fix permissions in /var/lib/transmission-daemon and use
+ /var/lib/transmission-daemon as the new home directory.
+ - Move old configuration files to appropriate config directory
+ /var/lib/transmission-daemon/.config/transmission-daemon.
+ All together this ensures that transmission-daemon will not segfault when
+ systemd is the default init system.
+ Thanks to Andrei Popescu and Antoine Legonidec for the report and
+ additional tests. (Closes: #718624)
+ * transmission-daemon.links:
+ - Link settings.json from /etc/transmission-daemon/settings.json to
+ /var/lib/transmission-daemon/.config/transmission-daemon.
+ - Link /var/lib/transmission-daemon/.config/transmission-daemon to
+ /var/lib/transmission-daemon/info due to compatibility reasons with the
+ old sysv-rc init script settings.
+ * transmission-daemon.dirs:
+ - Do not create /var/lib/transmission-daemon/info anymore.
+
+ -- Markus Koschany <a...@gambaru.de> Tue, 08 Apr 2014 13:05:39 +0200
+
transmission (2.82-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff --git a/debian/transmission-daemon.dirs b/debian/transmission-daemon.dirs
index 7d6fc68..0fe0558 100644
--- a/debian/transmission-daemon.dirs
+++ b/debian/transmission-daemon.dirs
@@ -1,2 +1 @@
-/var/lib/transmission-daemon/info
/var/lib/transmission-daemon/downloads
diff --git a/debian/transmission-daemon.links b/debian/transmission-daemon.links
index 1a4d956..327ae46 100644
--- a/debian/transmission-daemon.links
+++ b/debian/transmission-daemon.links
@@ -1,2 +1,3 @@
usr/share/doc/transmission-common usr/share/doc/transmission-daemon
-etc/transmission-daemon/settings.json var/lib/transmission-daemon/info/settings.json
+etc/transmission-daemon/settings.json var/lib/transmission-daemon/.config/transmission-daemon/settings.json
+var/lib/transmission-daemon/.config/transmission-daemon /var/lib/transmission-daemon/info
diff --git a/debian/transmission-daemon.postinst b/debian/transmission-daemon.postinst
index a27960c..cfc23f6 100644
--- a/debian/transmission-daemon.postinst
+++ b/debian/transmission-daemon.postinst
@@ -15,22 +15,25 @@ chperms() {
}
case "$1" in
- configure|upgrade)
- if ! id -u debian-transmission > /dev/null; then
+ configure)
+ if ! getent passwd debian-transmission > /dev/null; then
adduser --quiet \
--system \
--group \
--no-create-home \
+ --disabled-password \
+ --home /var/lib/transmission-daemon \
debian-transmission
fi
- chperms debian-transmission debian-transmission 4750 /var/lib/transmission-daemon/info
+ chperms debian-transmission debian-transmission 4750 /var/lib/transmission-daemon/.config/transmission-daemon
chperms debian-transmission debian-transmission 4775 /var/lib/transmission-daemon/downloads
chperms debian-transmission debian-transmission 0660 /etc/transmission-daemon/settings.json
chperms root debian-transmission 2775 /etc/transmission-daemon
+
;;
esac
diff --git a/debian/transmission-daemon.postrm b/debian/transmission-daemon.postrm
index b3ecb55..637be21 100644
--- a/debian/transmission-daemon.postrm
+++ b/debian/transmission-daemon.postrm
@@ -4,8 +4,8 @@ set -e
case "$1" in
purge)
- if [ -d /var/lib/transmission-daemon/info ]; then
- rm -rf /var/lib/transmission-daemon/info/*
+ if [ -d /var/lib/transmission-daemon/.config ]; then
+ rm -rf /var/lib/transmission-daemon/.config/*
fi
;;
esac
diff --git a/debian/transmission-daemon.preinst b/debian/transmission-daemon.preinst
new file mode 100644
index 0000000..27ee9ae
--- /dev/null
+++ b/debian/transmission-daemon.preinst
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ upgrade)
+ if dpkg --compare-versions "$2" lt "2.82-1.2~"; then
+ mkdir -p /var/lib/transmission-daemon/.config/transmission-daemon
+ chown -R debian-transmission:debian-transmission /var/lib/transmission-daemon/*
+ usermod debian-transmission -d /var/lib/transmission-daemon
+ mv /var/lib/transmission-daemon/info/* /var/lib/transmission-daemon/.config/transmission-daemon
+ rmdir /var/lib/transmission-daemon/info
+ fi
+ ;;
+ install|abort-upgrade)
+ ;;
+ *)
+ echo "preinst called with unknown argument '$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
--
1.9.1
signature.asc
Description: OpenPGP digital signature
