osmith submitted this change.

View Change


Approvals: Jenkins Builder: Verified laforge: Looks good to me, but someone else must approve pespin: Looks good to me, approved 
.deb/.rpm: various fixes related to non-root

* Explicitly chown /var/lib/osmocom to osmocom:osmocom, instead of
  relying on systemd to do it when the service starts up. This does not
  work with the systemd versions in debian 10 and almalinux 8.
* deb: Use "useradd" instead of the interactive "adduser" perl script
  from Debian. This makes it consistent with how we do it in rpm, and
  avoids the dependency on "adduser".
* deb: Consistently use tabs through the file, instead of mixing tabs
  and spaces.
* deb: Remove support for the "dpkg-statoverride --list" logic. This
  seems to be a rather obscure feature to override permissions for
  certain files or directories, for which it does not seem to be a good
  idea to make the postinst script less maintainable. Something similar
  can be achieved by using your own Osmocom config file in a different
  path with different permissions.

Related: OS#4107
Change-Id: I406ff0d625b02991d580c8382aa4be04dba45a00
---
M contrib/osmo-sgsn.spec.in
M debian/control
M debian/postinst
3 files changed, 51 insertions(+), 33 deletions(-)

diff --git a/contrib/osmo-sgsn.spec.in b/contrib/osmo-sgsn.spec.in
index 031cd14..b0fae9e 100644
--- a/contrib/osmo-sgsn.spec.in
+++ b/contrib/osmo-sgsn.spec.in
@@ -99,6 +99,8 @@
 chmod 0660 /etc/osmocom/osmo-sgsn.cfg
 chown root:osmocom /etc/osmocom
 chmod 2775 /etc/osmocom
+mkdir -p /var/lib/osmocom
+chown -R osmocom:osmocom /var/lib/osmocom
 
 %if 0%{?suse_version}
 %preun  -n osmo-gtphub %service_del_preun   osmo-gtphub.service
diff --git a/debian/control b/debian/control
index b28db1f..aa59455 100644
--- a/debian/control
+++ b/debian/control
@@ -30,7 +30,7 @@
 Package: osmo-sgsn
 Architecture: any
 Multi-Arch: foreign
-Depends: ${misc:Depends}, ${shlibs:Depends}, adduser
+Depends: ${misc:Depends}, ${shlibs:Depends}
 Description: OsmoSGSN: Osmocom's Serving GPRS Support Node for 2G and 3G packet-switched mobile networks
 
 Package: osmo-sgsn-dbg
@@ -42,7 +42,7 @@
 
 Package: osmo-gtphub
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
+Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: Osmocom GTP Hub: Proxy for GTP traffic between multiple SGSNs and GGSNs
 
 Package: osmo-gtphub-dbg
diff --git a/debian/postinst b/debian/postinst
index 84d7e5f..4ac99e4 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -1,37 +1,28 @@
 #!/bin/sh -e
-# Create 'osmocom' user and group (if it doesn't exist yet) and adjust permissions
-# of directories which are not automatically adjusted by systemd from previous (root-owned)
-# install.
-
-# N. B: the user is intentionally NOT removed during package uninstall:
-# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning.
-chperms() {
-	# chperms <user> <group> <perms> <file>
-	if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then
-		if [ -e $4 ]; then
-			chown $1:$2 $4
-			chmod $3 $4
-		fi
-	fi
-}
-
 case "$1" in
-  configure)
-    if ! getent passwd osmocom > /dev/null; then
-        adduser --quiet \
-                --system \
-                --group \
-                --no-create-home \
-                --disabled-password \
-                --home /var/lib/osmocom \
-                --gecos "Open Source Mobile Communications" \
-                osmocom
-    fi
-# Set permissions according to https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners
-    chperms osmocom osmocom 0660 /etc/osmocom/osmo-sgsn.cfg
-    chperms root osmocom 2775 /etc/osmocom
+	configure)
+		# Create the osmocom group and user (if it doesn't exist yet)
+		if ! getent group osmocom >/dev/null; then
+			groupadd --system osmocom
+		fi
+		if ! getent passwd osmocom >/dev/null; then
+			useradd \
+				--system \
+				--gid osmocom \
+				--home-dir /var/lib/osmocom \
+				--shell /sbin/nologin \
+				--comment "Open Source Mobile Communications" \
+				osmocom
+		fi
 
-  ;;
+		# Fix permissions of previous (root-owned) install (OS#4107)
+		chown osmocom:osmocom /etc/osmocom/osmo-sgsn.cfg
+		chmod 0660 /etc/osmocom/osmo-sgsn.cfg
+		chown root:osmocom /etc/osmocom
+		chmod 2775 /etc/osmocom
+		mkdir -p /var/lib/osmocom
+		chown -R osmocom:osmocom /var/lib/osmocom
+		;;
 esac
 
 # dh_installdeb(1) will replace this with shell code automatically

To view, visit change 36663. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-Change-Id: I406ff0d625b02991d580c8382aa4be04dba45a00
Gerrit-Change-Number: 36663
Gerrit-PatchSet: 2
Gerrit-Owner: osmith <osmith@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: osmith <osmith@sysmocom.de>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>
Gerrit-MessageType: merged