[M] Change in libosmo-sccp[master]: .deb/.rpm: various fixes related to non-root

Tue, 07 May 2024 23:47:17 -0700 

osmith has submitted this change. ( 
https://gerrit.osmocom.org/c/libosmo-sccp/+/36656?usp=email )

Change subject: .deb/.rpm: various fixes related to non-root
......................................................................

.deb/.rpm: various fixes related to non-root

* Explicitly chown /var/lib/osmocom to osmocom:osmocom, instead of
  relying on systemd to do it when the service starts up. This does not
  work with the systemd versions in debian 10 and almalinux 8.
* deb: Use "useradd" instead of the interactive "adduser" perl script
  from Debian. This makes it consistent with how we do it in rpm, and
  avoids the dependency on "adduser".
* deb: Consistently use tabs through the file, instead of mixing tabs
  and spaces.
* deb: Remove support for the "dpkg-statoverride --list" logic. This
  seems to be a rather obscure feature to override permissions for
  certain files or directories, for which it does not seem to be a good
  idea to make the postinst script less maintainable. Something similar
  can be achieved by using your own Osmocom config file in a different
  path with different permissions.

Related: OS#4107
Change-Id: Ie34e7aa65e576cf1742a33530a6f44d2344c39d0
---
M contrib/libosmo-sccp.spec.in
M debian/control
M debian/osmo-stp.postinst
3 files changed, 50 insertions(+), 34 deletions(-)

Approvals:
  Jenkins Builder: Verified
  laforge: Looks good to me, but someone else must approve
  pespin: Looks good to me, approved




diff --git a/contrib/libosmo-sccp.spec.in b/contrib/libosmo-sccp.spec.in
index 7e74e18..9d70874 100644
--- a/contrib/libosmo-sccp.spec.in
+++ b/contrib/libosmo-sccp.spec.in
@@ -158,7 +158,8 @@
 chmod 0660 /etc/osmocom/osmo-stp.cfg
 chown root:osmocom /etc/osmocom
 chmod 2775 /etc/osmocom
-
+mkdir -p /var/lib/osmocom
+chown -R osmocom:osmocom /var/lib/osmocom

 %files -n libosmo-mtp-devel
 %dir %{_includedir}/%{name}
diff --git a/debian/control b/debian/control
index 712774c..444604c 100644
--- a/debian/control
+++ b/debian/control
@@ -100,8 +100,7 @@
 Section: net
 Depends: libosmo-sigtran9,
          ${shlibs:Depends},
-         ${misc:Depends},
-         adduser
+         ${misc:Depends}
 Description: Osmocom SIGTRAN STP (Signaling Transfer Point)
   This is the Osmocom (Open Source Mobile Communications) implementation
   of a Signaling Transfer Point (STP) for SS7/SIGTRAN telecommunication
diff --git a/debian/osmo-stp.postinst b/debian/osmo-stp.postinst
index 94fb408..bfcc1dc 100755
--- a/debian/osmo-stp.postinst
+++ b/debian/osmo-stp.postinst
@@ -1,37 +1,28 @@
 #!/bin/sh -e
-# Create 'osmocom' user and group (if it doesn't exist yet) and adjust 
permissions
-# of directories which are not automatically adjusted by systemd from previous 
(root-owned)
-# install.
-
-# N. B: the user is intentionally NOT removed during package uninstall:
-# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning.
-chperms() {
-       # chperms <user> <group> <perms> <file>
-       if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then
-               if [ -e $4 ]; then
-                       chown $1:$2 $4
-                       chmod $3 $4
-               fi
-       fi
-}
-
 case "$1" in
-  configure)
-    if ! getent passwd osmocom > /dev/null; then
-        adduser --quiet \
-                --system \
-                --group \
-                --no-create-home \
-                --disabled-password \
-                --home /var/lib/osmocom \
-                --gecos "Open Source Mobile Communications" \
-                osmocom
-    fi
-# Set permissions according to 
https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners
-    chperms osmocom osmocom 0660 /etc/osmocom/osmo-stp.cfg
-    chperms root osmocom 2775 /etc/osmocom
+       configure)
+               # Create the osmocom group and user (if it doesn't exist yet)
+               if ! getent group osmocom >/dev/null; then
+                       groupadd --system osmocom
+               fi
+               if ! getent passwd osmocom >/dev/null; then
+                       useradd \
+                               --system \
+                               --gid osmocom \
+                               --home-dir /var/lib/osmocom \
+                               --shell /sbin/nologin \
+                               --comment "Open Source Mobile Communications" \
+                               osmocom
+               fi

-  ;;
+               # Fix permissions of previous (root-owned) install (OS#4107)
+               chown osmocom:osmocom /etc/osmocom/osmo-stp.cfg
+               chmod 0660 /etc/osmocom/osmo-stp.cfg
+               chown root:osmocom /etc/osmocom
+               chmod 2775 /etc/osmocom
+               mkdir -p /var/lib/osmocom
+               chown -R osmocom:osmocom /var/lib/osmocom
+               ;;
 esac

 # dh_installdeb(1) will replace this with shell code automatically

--
To view, visit https://gerrit.osmocom.org/c/libosmo-sccp/+/36656?usp=email
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: libosmo-sccp
Gerrit-Branch: master
Gerrit-Change-Id: Ie34e7aa65e576cf1742a33530a6f44d2344c39d0
Gerrit-Change-Number: 36656
Gerrit-PatchSet: 1
Gerrit-Owner: osmith <osm...@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <lafo...@osmocom.org>
Gerrit-Reviewer: osmith <osm...@sysmocom.de>
Gerrit-Reviewer: pespin <pes...@sysmocom.de>
Gerrit-MessageType: merged

Reply via email to