.deb/.rpm: various fixes related to non-root
* Explicitly chown /var/lib/osmocom to osmocom:osmocom, instead of
relying on systemd to do it when the service starts up. This does not
work with the systemd versions in debian 10 and almalinux 8.
* deb: Use "useradd" instead of the interactive "adduser" perl script
from Debian. This makes it consistent with how we do it in rpm, and
avoids the dependency on "adduser".
* deb: Remove support for the "dpkg-statoverride --list" logic. This
seems to be a rather obscure feature to override permissions for
certain files or directories. Let's rather remove this complexity to
make the postinst script more maintainable and more similar to the
rpm spec file. If users need this, they can achieve something similar
by using their own Osmocom config file in a different path with
different permissions.
* deb: Consistently use tabs throughout postinst, instead of mixing
tabs and spaces.
Related: OS#4107
Change-Id: Ib20406dd253f5e8720552e92e9002e45591218fa
diff --git a/contrib/osmo-hlr.spec.in b/contrib/osmo-hlr.spec.in
index a1f92ef..ebf6ee6 100644
--- a/contrib/osmo-hlr.spec.in
+++ b/contrib/osmo-hlr.spec.in
@@ -155,6 +155,8 @@
chmod 0660 /etc/osmocom/osmo-hlr.cfg
chown root:osmocom /etc/osmocom
chmod 2775 /etc/osmocom
+mkdir -p /var/lib/osmocom
+chown -R osmocom:osmocom /var/lib/osmocom
%post -n libosmo-gsup-client0 -p /sbin/ldconfig
%postun -n libosmo-gsup-client0 -p /sbin/ldconfig
diff --git a/debian/control b/debian/control
index 56457c9..ec234a3 100644
--- a/debian/control
+++ b/debian/control
@@ -20,7 +20,7 @@
Package: osmo-hlr
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
+Depends: ${shlibs:Depends}, ${misc:Depends}
Description: Osmocom Home Location Register
OsmoHLR is a Osmocom implementation of HLR (Home Location Registrar) which
works over GSUP protocol. The subscribers are store in sqlite DB.
diff --git a/debian/postinst b/debian/postinst
index 96734df..5dedec4 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -4,39 +4,30 @@
# to do.
/usr/share/osmocom/osmo-hlr-post-upgrade.sh
-# Create 'osmocom' user and group (if it doesn't exist yet) and adjust permissions
-# of directories which are not automatically adjusted by systemd from previous (root-owned)
-# install.
-
-# N. B: the user is intentionally NOT removed during package uninstall:
-# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning.
-chperms() {
- # chperms <user> <group> <perms> <file>
- if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then
- if [ -e $4 ]; then
- chown $1:$2 $4
- chmod $3 $4
- fi
- fi
-}
-
case "$1" in
- configure)
- if ! getent passwd osmocom > /dev/null; then
- adduser --quiet \
- --system \
- --group \
- --no-create-home \
- --disabled-password \
- --home /var/lib/osmocom \
- --gecos "Open Source Mobile Communications" \
- osmocom
- fi
-# Set permissions according to https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners
- chperms osmocom osmocom 0660 /etc/osmocom/osmo-hlr.cfg
- chperms root osmocom 2775 /etc/osmocom
+ configure)
+ # Create the osmocom group and user (if it doesn't exist yet)
+ if ! getent group osmocom >/dev/null; then
+ groupadd --system osmocom
+ fi
+ if ! getent passwd osmocom >/dev/null; then
+ useradd \
+ --system \
+ --gid osmocom \
+ --home-dir /var/lib/osmocom \
+ --shell /sbin/nologin \
+ --comment "Open Source Mobile Communications" \
+ osmocom
+ fi
- ;;
+ # Fix permissions of previous (root-owned) install (OS#4107)
+ chown osmocom:osmocom /etc/osmocom/osmo-hlr.cfg
+ chmod 0660 /etc/osmocom/osmo-hlr.cfg
+ chown root:osmocom /etc/osmocom
+ chmod 2775 /etc/osmocom
+ mkdir -p /var/lib/osmocom
+ chown -R osmocom:osmocom /var/lib/osmocom
+ ;;
esac
# dh_installdeb(1) will replace this with shell code automatically