On 08.04.2014 10:30, Andrei POPESCU wrote: > On Lu, 07 apr 14, 20:03:51, Markus Koschany wrote: >> >> Here is the changelog: > ... >> * transmission-daemon.postrm: >> - Also delete debian-transmission user when purging the daemon. > > Didn't get the chance to test your patch, but this caught my eye. As far > as I recall the consensus was that removing package created users is > dangerous and they should be disabled instead. I can't find a reference > for that now, but I found[1] which is also interesting. > > [1] https://lists.debian.org/debian-devel/2014/02/msg00187.html
Thanks for pointing this out. There is at least one open Policy bug about removing system users. https://bugs.debian.org/621833 Unfortunately there are no written guidelines for maintainers and I know a couple of packages that remove system users in postrm and I think they are not always completely wrong. However this part of the patch is not necessary to solve the bug thus I have removed the deluser line from transmission-daemon.postrm. Updated patch is attached. Regards, Markus
From c83161d86636b98af8681017873d13d9d9918b86 Mon Sep 17 00:00:00 2001 From: Markus Koschany <a...@gambaru.de> Date: Mon, 7 Apr 2014 16:34:04 +0200 Subject: [PATCH] fix 718624 and 734467 --- debian/changelog | 31 +++++++++++++++++++++++++++++++ debian/transmission-daemon.dirs | 1 - debian/transmission-daemon.links | 3 ++- debian/transmission-daemon.postinst | 9 ++++++--- debian/transmission-daemon.postrm | 4 ++-- debian/transmission-daemon.preinst | 23 +++++++++++++++++++++++ 6 files changed, 64 insertions(+), 7 deletions(-) create mode 100644 debian/transmission-daemon.preinst diff --git a/debian/changelog b/debian/changelog index 780b145..4fa93ad 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,34 @@ +transmission (2.82-1.2) unstable; urgency=medium + + * Non-maintainer upload. + * transmission-daemon.postinst: + - Change home directory of transmission-daemon to + /var/lib/transmission-daemon from /home/debian-transmission. + Thanks to Alex Peters for the report. (Closes: #734467) + - Disable password authentication for debian-transmission user for improved + security. Logins with e.g. SSH RSA keys are still possible. + - Check existence of debian-transmission user with getent passwd + debian-transmission instead of id. + * Add transmission-daemon.preinst: + - Fix permissions in /var/lib/transmission-daemon and use + /var/lib/transmission-daemon as the new home directory. + - Move old configuration files to appropriate config directory + /var/lib/transmission-daemon/.config/transmission-daemon. + All together this ensures that transmission-daemon will not segfault when + systemd is the default init system. + Thanks to Andrei Popescu and Antoine Legonidec for the report and + additional tests. (Closes: #718624) + * transmission-daemon.links: + - Link settings.json from /etc/transmission-daemon/settings.json to + /var/lib/transmission-daemon/.config/transmission-daemon. + - Link /var/lib/transmission-daemon/.config/transmission-daemon to + /var/lib/transmission-daemon/info due to compatibility reasons with the + old sysv-rc init script settings. + * transmission-daemon.dirs: + - Do not create /var/lib/transmission-daemon/info anymore. + + -- Markus Koschany <a...@gambaru.de> Tue, 08 Apr 2014 13:05:39 +0200 + transmission (2.82-1.1) unstable; urgency=medium * Non-maintainer upload. diff --git a/debian/transmission-daemon.dirs b/debian/transmission-daemon.dirs index 7d6fc68..0fe0558 100644 --- a/debian/transmission-daemon.dirs +++ b/debian/transmission-daemon.dirs @@ -1,2 +1 @@ -/var/lib/transmission-daemon/info /var/lib/transmission-daemon/downloads diff --git a/debian/transmission-daemon.links b/debian/transmission-daemon.links index 1a4d956..327ae46 100644 --- a/debian/transmission-daemon.links +++ b/debian/transmission-daemon.links @@ -1,2 +1,3 @@ usr/share/doc/transmission-common usr/share/doc/transmission-daemon -etc/transmission-daemon/settings.json var/lib/transmission-daemon/info/settings.json +etc/transmission-daemon/settings.json var/lib/transmission-daemon/.config/transmission-daemon/settings.json +var/lib/transmission-daemon/.config/transmission-daemon /var/lib/transmission-daemon/info diff --git a/debian/transmission-daemon.postinst b/debian/transmission-daemon.postinst index a27960c..cfc23f6 100644 --- a/debian/transmission-daemon.postinst +++ b/debian/transmission-daemon.postinst @@ -15,22 +15,25 @@ chperms() { } case "$1" in - configure|upgrade) - if ! id -u debian-transmission > /dev/null; then + configure) + if ! getent passwd debian-transmission > /dev/null; then adduser --quiet \ --system \ --group \ --no-create-home \ + --disabled-password \ + --home /var/lib/transmission-daemon \ debian-transmission fi - chperms debian-transmission debian-transmission 4750 /var/lib/transmission-daemon/info + chperms debian-transmission debian-transmission 4750 /var/lib/transmission-daemon/.config/transmission-daemon chperms debian-transmission debian-transmission 4775 /var/lib/transmission-daemon/downloads chperms debian-transmission debian-transmission 0660 /etc/transmission-daemon/settings.json chperms root debian-transmission 2775 /etc/transmission-daemon + ;; esac diff --git a/debian/transmission-daemon.postrm b/debian/transmission-daemon.postrm index b3ecb55..637be21 100644 --- a/debian/transmission-daemon.postrm +++ b/debian/transmission-daemon.postrm @@ -4,8 +4,8 @@ set -e case "$1" in purge) - if [ -d /var/lib/transmission-daemon/info ]; then - rm -rf /var/lib/transmission-daemon/info/* + if [ -d /var/lib/transmission-daemon/.config ]; then + rm -rf /var/lib/transmission-daemon/.config/* fi ;; esac diff --git a/debian/transmission-daemon.preinst b/debian/transmission-daemon.preinst new file mode 100644 index 0000000..27ee9ae --- /dev/null +++ b/debian/transmission-daemon.preinst @@ -0,0 +1,23 @@ +#!/bin/sh + +set -e + +case "$1" in + upgrade) + if dpkg --compare-versions "$2" lt "2.82-1.2~"; then + mkdir -p /var/lib/transmission-daemon/.config/transmission-daemon + chown -R debian-transmission:debian-transmission /var/lib/transmission-daemon/* + usermod debian-transmission -d /var/lib/transmission-daemon + mv /var/lib/transmission-daemon/info/* /var/lib/transmission-daemon/.config/transmission-daemon + rmdir /var/lib/transmission-daemon/info + fi + ;; + install|abort-upgrade) + ;; + *) + echo "preinst called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# -- 1.9.1
signature.asc
Description: OpenPGP digital signature