25 Apr
2024
25 Apr
'24
10:37 a.m.
osmith has submitted this change. (
https://gerrit.osmocom.org/c/libosmo-sccp/+/29722?usp=email )
Change subject: .deb/.rpm: add osmocom user during package install
......................................................................
.deb/.rpm: add osmocom user during package install
Create osmocom user & group during package installation.
Fix the configuration dir/files permission to match.
Related: OS#4107
Tweaked-By: Oliver Smith <osmith(a)sysmocom.de>
Change-Id: I63e147961f93d62904ae64f5f3794839d047e4a6
---
M contrib/libosmo-sccp.spec.in
M contrib/systemd/osmo-stp.service
M debian/control
A debian/osmo-stp.postinst
4 files changed, 74 insertions(+), 3 deletions(-)
Approvals:
pespin: Looks good to me, but someone else must approve
laforge: Looks good to me, approved
osmith: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/contrib/libosmo-sccp.spec.in b/contrib/libosmo-sccp.spec.in
index 5a33a67..7e74e18 100644
--- a/contrib/libosmo-sccp.spec.in
+++ b/contrib/libosmo-sccp.spec.in
@@ -141,9 +141,24 @@
%if 0%{?suse_version}
%preun -n osmo-stp %service_del_preun osmo-stp.service
%postun -n osmo-stp %service_del_postun osmo-stp.service
-%pre -n osmo-stp %service_add_pre osmo-stp.service
-%post -n osmo-stp %service_add_post osmo-stp.service
%endif
+%pre -n osmo-stp
+getent group osmocom >/dev/null || groupadd --system osmocom
+getent passwd osmocom >/dev/null || useradd --system --gid osmocom --home-dir
/var/lib/osmocom \
+ --shell /sbin/nologin --comment "Open
Source Mobile Communications" osmocom
+%if 0%{?suse_version}
+%service_add_pre osmo-stp.service
+%endif
+
+%post -n osmo-stp
+%if 0%{?suse_version}
+%service_add_post osmo-stp.service
+%endif
+chown osmocom:osmocom /etc/osmocom/osmo-stp.cfg
+chmod 0660 /etc/osmocom/osmo-stp.cfg
+chown root:osmocom /etc/osmocom
+chmod 2775 /etc/osmocom
+
%files -n libosmo-mtp-devel
%dir %{_includedir}/%{name}
diff --git a/contrib/systemd/osmo-stp.service b/contrib/systemd/osmo-stp.service
index 027ea91..decc3cb 100644
--- a/contrib/systemd/osmo-stp.service
+++ b/contrib/systemd/osmo-stp.service
@@ -9,6 +9,8 @@
Restart=always
StateDirectory=osmocom
WorkingDirectory=%S/osmocom
+User=osmocom
+Group=osmocom
ExecStart=/usr/bin/osmo-stp -c /etc/osmocom/osmo-stp.cfg
RestartSec=2
diff --git a/debian/control b/debian/control
index 444604c..712774c 100644
--- a/debian/control
+++ b/debian/control
@@ -100,7 +100,8 @@
Section: net
Depends: libosmo-sigtran9,
${shlibs:Depends},
- ${misc:Depends}
+ ${misc:Depends},
+ adduser
Description: Osmocom SIGTRAN STP (Signaling Transfer Point)
This is the Osmocom (Open Source Mobile Communications) implementation
of a Signaling Transfer Point (STP) for SS7/SIGTRAN telecommunication
diff --git a/debian/osmo-stp.postinst b/debian/osmo-stp.postinst
new file mode 100755
index 0000000..94fb408
--- /dev/null
+++ b/debian/osmo-stp.postinst
@@ -0,0 +1,39 @@
+#!/bin/sh -e
+# Create 'osmocom' user and group (if it doesn't exist yet) and adjust
permissions
+# of directories which are not automatically adjusted by systemd from previous
(root-owned)
+# install.
+
+# N. B: the user is intentionally NOT removed during package uninstall:
+# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning.
+chperms() {
+ # chperms <user> <group> <perms> <file>
+ if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then
+ if [ -e $4 ]; then
+ chown $1:$2 $4
+ chmod $3 $4
+ fi
+ fi
+}
+
+case "$1" in
+ configure)
+ if ! getent passwd osmocom > /dev/null; then
+ adduser --quiet \
+ --system \
+ --group \
+ --no-create-home \
+ --disabled-password \
+ --home /var/lib/osmocom \
+ --gecos "Open Source Mobile Communications" \
+ osmocom
+ fi
+# Set permissions according to
https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners
+ chperms osmocom osmocom 0660 /etc/osmocom/osmo-stp.cfg
+ chperms root osmocom 2775 /etc/osmocom
+
+ ;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#
--
To view, visit https://gerrit.osmocom.org/c/libosmo-sccp/+/29722?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: libosmo-sccp
Gerrit-Branch: master
Gerrit-Change-Id: I63e147961f93d62904ae64f5f3794839d047e4a6
Gerrit-Change-Number: 29722
Gerrit-PatchSet: 3
Gerrit-Owner: msuraev <msuraev(a)sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge(a)osmocom.org>
Gerrit-Reviewer: osmith <osmith(a)sysmocom.de>
Gerrit-Reviewer: pespin <pespin(a)sysmocom.de>
Gerrit-MessageType: merged
24
days inactive
24
days old
0 comments
1 participants
participants (1)
-
osmith