[M] Change in osmo-sgsn[master]: .deb/.rpm: add osmocom user during package install

25 Apr 2024

osmith has submitted this change. ( https://gerrit.osmocom.org/c/osmo-sgsn/+/29711?usp=email )
Change subject: .deb/.rpm: add osmocom user during package install
......................................................................
.deb/.rpm: add osmocom user during package install
Create osmocom user & group during package installation.
Fix the configuration dir/files permission to match.
Related: OS#4107
Tweaked-By: Oliver Smith osmith@sysmocom.de
Change-Id: I55ce205d4b314d01b2641c8f3d52455c051d6282
---
M contrib/osmo-sgsn.spec.in
M contrib/systemd/osmo-gtphub.service
M contrib/systemd/osmo-sgsn.service
M debian/control
A debian/postinst
5 files changed, 78 insertions(+), 5 deletions(-)
Approvals:
  osmith: Looks good to me, approved
  Jenkins Builder: Verified
  pespin: Looks good to me, but someone else must approve
  laforge: Looks good to me, but someone else must approve

diff --git a/contrib/osmo-sgsn.spec.in b/contrib/osmo-sgsn.spec.in
index 7ba994f..d1382cb 100644
--- a/contrib/osmo-sgsn.spec.in
+++ b/contrib/osmo-sgsn.spec.in
@@ -81,13 +81,29 @@
 %if 0%{?suse_version}
 %preun  %service_del_preun  %{name}.service
 %postun %service_del_postun %{name}.service
-%pre    %service_add_pre    %{name}.service
-%post   %service_add_post   %{name}.service
+%endif
+
+%pre
+getent group osmocom >/dev/null || groupadd --system osmocom
+getent passwd osmocom >/dev/null || useradd --system --gid osmocom --home-dir /var/lib/osmocom \
+                                            --shell /sbin/nologin --comment "Open Source Mobile Communications" osmocom
+%if 0%{?suse_version}
+%service_add_pre    %{name}.service
+%endif
+
+%post
+%if 0%{?suse_version}
+%service_add_post   %{name}.service
+%endif
+chown osmocom:osmocom /etc/osmocom/osmo-sgsn.cfg
+chmod 0660 /etc/osmocom/osmo-sgsn.cfg
+chown root:osmocom /etc/osmocom
+chmod 2775 /etc/osmocom
+
 %preun  -n osmo-gtphub %service_del_preun   osmo-gtphub.service
 %postun -n osmo-gtphub %service_del_postun  osmo-gtphub.service
 %pre    -n osmo-gtphub %service_add_pre     osmo-gtphub.service
 %post   -n osmo-gtphub %service_add_post    osmo-gtphub.service
-%endif
%check
 make %{?_smp_mflags} check || (find . -name testsuite.log -exec cat {} +)
diff --git a/contrib/systemd/osmo-gtphub.service b/contrib/systemd/osmo-gtphub.service
index 9ade246..1e1a8a0 100644
--- a/contrib/systemd/osmo-gtphub.service
+++ b/contrib/systemd/osmo-gtphub.service
@@ -5,6 +5,8 @@
[Service]
 Type=simple
+User=osmocom
+Group=osmocom
 ExecStart=/usr/bin/osmo-gtphub -c /etc/osmocom/osmo-gtphub.cfg
 StateDirectory=osmocom
 WorkingDirectory=%S/osmocom
diff --git a/contrib/systemd/osmo-sgsn.service b/contrib/systemd/osmo-sgsn.service
index 21ecbb7..1cc962b 100644
--- a/contrib/systemd/osmo-sgsn.service
+++ b/contrib/systemd/osmo-sgsn.service
@@ -11,6 +11,8 @@
 StateDirectory=osmocom
 WorkingDirectory=%S/osmocom
 Restart=always
+User=osmocom
+Group=osmocom
 ExecStart=/usr/bin/osmo-sgsn -c /etc/osmocom/osmo-sgsn.cfg
 RestartSec=2
diff --git a/debian/control b/debian/control
index aa59455..b28db1f 100644
--- a/debian/control
+++ b/debian/control
@@ -30,7 +30,7 @@
 Package: osmo-sgsn
 Architecture: any
 Multi-Arch: foreign
-Depends: ${misc:Depends}, ${shlibs:Depends}
+Depends: ${misc:Depends}, ${shlibs:Depends}, adduser
 Description: OsmoSGSN: Osmocom's Serving GPRS Support Node for 2G and 3G packet-switched mobile networks
Package: osmo-sgsn-dbg
@@ -42,7 +42,7 @@
Package: osmo-gtphub
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
 Description: Osmocom GTP Hub: Proxy for GTP traffic between multiple SGSNs and GGSNs
Package: osmo-gtphub-dbg
diff --git a/debian/postinst b/debian/postinst
new file mode 100755
index 0000000..84d7e5f
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,39 @@
+#!/bin/sh -e
+# Create 'osmocom' user and group (if it doesn't exist yet) and adjust permissions
+# of directories which are not automatically adjusted by systemd from previous (root-owned)
+# install.
+
+# N. B: the user is intentionally NOT removed during package uninstall:
+# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning.
+chperms() {
+	# chperms <user> <group> <perms> <file>
+	if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then
+		if [ -e $4 ]; then
+			chown $1:$2 $4
+			chmod $3 $4
+		fi
+	fi
+}
+
+case "$1" in
+  configure)
+    if ! getent passwd osmocom > /dev/null; then
+        adduser --quiet \
+                --system \
+                --group \
+                --no-create-home \
+                --disabled-password \
+                --home /var/lib/osmocom \
+                --gecos "Open Source Mobile Communications" \
+                osmocom
+    fi
+# Set permissions according to https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners
+    chperms osmocom osmocom 0660 /etc/osmocom/osmo-sgsn.cfg
+    chperms root osmocom 2775 /etc/osmocom
+
+  ;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-sgsn/+/29711?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-Change-Id: I55ce205d4b314d01b2641c8f3d52455c051d6282
Gerrit-Change-Number: 29711
Gerrit-PatchSet: 2
Gerrit-Owner: msuraev msuraev@sysmocom.de
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge laforge@osmocom.org
Gerrit-Reviewer: osmith osmith@sysmocom.de
Gerrit-Reviewer: pespin pespin@sysmocom.de
Gerrit-MessageType: merged



    

2025

2024

2023

2022

[M] Change in osmo-sgsn[master]: .deb/.rpm: add osmocom user during package install