osmith has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-hlr/+/36659?usp=email )

Change subject: .deb/.rpm: various fixes related to non-root ......................................................................

.deb/.rpm: various fixes related to non-root

* Explicitly chown /var/lib/osmocom to osmocom:osmocom, instead of relying on systemd to do it when the service starts up. This does not work with the systemd versions in debian 10 and almalinux 8. * deb: Use "useradd" instead of the interactive "adduser" perl script from Debian. This makes it consistent with how we do it in rpm, and avoids the dependency on "adduser". * deb: Remove support for the "dpkg-statoverride --list" logic. This seems to be a rather obscure feature to override permissions for certain files or directories. Let's rather remove this complexity to make the postinst script more maintainable and more similar to the rpm spec file. If users need this, they can achieve something similar by using their own Osmocom config file in a different path with different permissions. * deb: Consistently use tabs throughout postinst, instead of mixing tabs and spaces.

Related: OS#4107 Change-Id: Ib20406dd253f5e8720552e92e9002e45591218fa --- M contrib/osmo-hlr.spec.in M debian/control M debian/postinst 3 files changed, 51 insertions(+), 32 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/osmo-hlr refs/changes/59/36659/1

diff --git a/contrib/osmo-hlr.spec.in b/contrib/osmo-hlr.spec.in index a1f92ef..ebf6ee6 100644 --- a/contrib/osmo-hlr.spec.in +++ b/contrib/osmo-hlr.spec.in @@ -155,6 +155,8 @@ chmod 0660 /etc/osmocom/osmo-hlr.cfg chown root:osmocom /etc/osmocom chmod 2775 /etc/osmocom +mkdir -p /var/lib/osmocom +chown -R osmocom:osmocom /var/lib/osmocom

%post -n libosmo-gsup-client0 -p /sbin/ldconfig %postun -n libosmo-gsup-client0 -p /sbin/ldconfig diff --git a/debian/control b/debian/control index 56457c9..ec234a3 100644 --- a/debian/control +++ b/debian/control @@ -20,7 +20,7 @@

Package: osmo-hlr Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, adduser +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Osmocom Home Location Register OsmoHLR is a Osmocom implementation of HLR (Home Location Registrar) which works over GSUP protocol. The subscribers are store in sqlite DB. diff --git a/debian/postinst b/debian/postinst index 96734df..5dedec4 100755 --- a/debian/postinst +++ b/debian/postinst @@ -4,39 +4,30 @@ # to do. /usr/share/osmocom/osmo-hlr-post-upgrade.sh

-# Create 'osmocom' user and group (if it doesn't exist yet) and adjust permissions -# of directories which are not automatically adjusted by systemd from previous (root-owned) -# install. - -# N. B: the user is intentionally NOT removed during package uninstall: -# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning. -chperms() { - # chperms <user> <group> <perms> <file> - if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then - if [ -e $4 ]; then - chown $1:$2 $4 - chmod $3 $4 - fi - fi -} - case "$1" in - configure) - if ! getent passwd osmocom > /dev/null; then - adduser --quiet \ - --system \ - --group \ - --no-create-home \ - --disabled-password \ - --home /var/lib/osmocom \ - --gecos "Open Source Mobile Communications" \ - osmocom - fi -# Set permissions according to https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners - chperms osmocom osmocom 0660 /etc/osmocom/osmo-hlr.cfg - chperms root osmocom 2775 /etc/osmocom + configure) + # Create the osmocom group and user (if it doesn't exist yet) + if ! getent group osmocom >/dev/null; then + groupadd --system osmocom + fi + if ! getent passwd osmocom >/dev/null; then + useradd \ + --system \ + --gid osmocom \ + --home-dir /var/lib/osmocom \ + --shell /sbin/nologin \ + --comment "Open Source Mobile Communications" \ + osmocom + fi

- ;; + # Fix permissions of previous (root-owned) install (OS#4107) + chown osmocom:osmocom /etc/osmocom/osmo-hlr.cfg + chmod 0660 /etc/osmocom/osmo-hlr.cfg + chown root:osmocom /etc/osmocom + chmod 2775 /etc/osmocom + mkdir -p /var/lib/osmocom + chown -R osmocom:osmocom /var/lib/osmocom + ;; esac

# dh_installdeb(1) will replace this with shell code automatically