osmith submitted this change.
.deb/.rpm: add osmocom user during package install
Create osmocom user & group during package installation.
Fix the configuration dir/files permission to match.
Related: OS#4107
Tweaked-By: Oliver Smith <osmith@sysmocom.de>
Change-Id: Ifcc882125a22d8f2e1bfcd19622aed4e8a723e6c
---
M contrib/osmo-cbc.spec.in
M contrib/systemd/osmo-cbc.service
M debian/control
A debian/postinst
4 files changed, 71 insertions(+), 2 deletions(-)
diff --git a/contrib/osmo-cbc.spec.in b/contrib/osmo-cbc.spec.in
index c837bbe..0fee4b9 100644
--- a/contrib/osmo-cbc.spec.in
+++ b/contrib/osmo-cbc.spec.in
@@ -84,19 +84,33 @@
install -m 755 contrib/cbc-apitool.py %{buildroot}/usr/bin/cbc-apitool.py
find %{buildroot} \( -name '*.la' -o -name '*.a' \) -delete -print
-%if 0%{?suse_version}
%preun
+%if 0%{?suse_version}
%service_del_preun %{name}.service
+%endif
%postun
+%if 0%{?suse_version}
%service_del_postun %{name}.service
+%endif
%pre
+getent group osmocom >/dev/null || groupadd --system osmocom
+getent passwd osmocom >/dev/null || useradd --system --gid osmocom --home-dir /var/lib/osmocom \
+ --shell /sbin/nologin --comment "Open Source Mobile Communications" osmocom
+%if 0%{?suse_version}
%service_add_pre %{name}.service
+%endif
%post
+%if 0%{?suse_version}
%service_add_post %{name}.service
%endif
+chown osmocom:osmocom /etc/osmocom/osmo-cbc.cfg
+chmod 0660 /etc/osmocom/osmo-cbc.cfg
+chown root:osmocom /etc/osmocom
+chmod 2775 /etc/osmocom
+
%check
make %{?_smp_mflags} check || (find . -name testsuite.log -exec cat {} +)
diff --git a/contrib/systemd/osmo-cbc.service b/contrib/systemd/osmo-cbc.service
index 037b04f..fb01039 100644
--- a/contrib/systemd/osmo-cbc.service
+++ b/contrib/systemd/osmo-cbc.service
@@ -8,6 +8,8 @@
StateDirectory=osmocom
WorkingDirectory=%S/osmocom
Restart=always
+User=osmocom
+Group=osmocom
ExecStart=/usr/bin/osmo-cbc -c /etc/osmocom/osmo-cbc.cfg
RestartSec=2
diff --git a/debian/control b/debian/control
index a1b7f04..e3937e5 100644
--- a/debian/control
+++ b/debian/control
@@ -25,7 +25,7 @@
Package: osmo-cbc
Architecture: any
Multi-Arch: foreign
-Depends: ${misc:Depends}, ${shlibs:Depends}
+Depends: ${misc:Depends}, ${shlibs:Depends}, adduser
Description: OsmoCBC: Osmocom's Cell Broadcast Center
Package: osmo-cbc-utils
diff --git a/debian/postinst b/debian/postinst
new file mode 100755
index 0000000..1894ff7
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,39 @@
+#!/bin/sh -e
+# Create 'osmocom' user and group (if it doesn't exist yet) and adjust permissions
+# of directories which are not automatically adjusted by systemd from previous (root-owned)
+# install.
+
+# N. B: the user is intentionally NOT removed during package uninstall:
+# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning.
+chperms() {
+ # chperms <user> <group> <perms> <file>
+ if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then
+ if [ -e $4 ]; then
+ chown $1:$2 $4
+ chmod $3 $4
+ fi
+ fi
+}
+
+case "$1" in
+ configure)
+ if ! getent passwd osmocom > /dev/null; then
+ adduser --quiet \
+ --system \
+ --group \
+ --no-create-home \
+ --disabled-password \
+ --home /var/lib/osmocom \
+ --gecos "Open Source Mobile Communications" \
+ osmocom
+ fi
+# Set permissions according to https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners
+ chperms osmocom osmocom 0660 /etc/osmocom/osmo-cbc.cfg
+ chperms root osmocom 2775 /etc/osmocom
+
+ ;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#
To view, visit change 29717. To unsubscribe, or for help writing mail filters, visit settings.