From a26abc6aa87477b8bc7425558f8acaaee7d7d49d Mon Sep 17 00:00:00 2001 From: Max Date: Fri, 9 Sep 2022 22:23:58 +0700 Subject: .deb/.rpm: add osmocom user during package install Created osmocom user & group during package installation. Fix the configuration dir/files permission to match. Related: OS#4107 Tweaked-By: Oliver Smith Change-Id: I625c993ab03dfe32976c651acca9c35c33a768e7 --- contrib/osmo-hlr.spec.in | 14 +++++++++++++- contrib/systemd/osmo-hlr.service | 2 ++ debian/control | 2 +- debian/postinst | 39 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 55 insertions(+), 2 deletions(-) diff --git a/contrib/osmo-hlr.spec.in b/contrib/osmo-hlr.spec.in index f3085e7..a1f92ef 100644 --- a/contrib/osmo-hlr.spec.in +++ b/contrib/osmo-hlr.spec.in @@ -127,22 +127,34 @@ find %{buildroot} -type f -name "*.la" -delete -print %check make %{?_smp_mflags} check || (find . -name testsuite.log -exec cat {} +) -%if 0%{?suse_version} %preun +%if 0%{?suse_version} %service_del_preun %{name}.service +%endif %postun +%if 0%{?suse_version} %service_del_postun %{name}.service +%endif %pre +getent group osmocom >/dev/null || groupadd --system osmocom +getent passwd osmocom >/dev/null || useradd --system --gid osmocom --home-dir /var/lib/osmocom \ + --shell /sbin/nologin --comment "Open Source Mobile Communications" osmocom +%if 0%{?suse_version} %service_add_pre %{name}.service %endif +exit 0 %post %if 0%{?suse_version} %service_add_post %{name}.service %endif /usr/share/osmocom/osmo-hlr-post-upgrade.sh +chown osmocom:osmocom /etc/osmocom/osmo-hlr.cfg +chmod 0660 /etc/osmocom/osmo-hlr.cfg +chown root:osmocom /etc/osmocom +chmod 2775 /etc/osmocom %post -n libosmo-gsup-client0 -p /sbin/ldconfig %postun -n libosmo-gsup-client0 -p /sbin/ldconfig diff --git a/contrib/systemd/osmo-hlr.service b/contrib/systemd/osmo-hlr.service index 4b4df7e..2822f13 100644 --- a/contrib/systemd/osmo-hlr.service +++ b/contrib/systemd/osmo-hlr.service @@ -9,6 +9,8 @@ Type=simple Restart=always StateDirectory=osmocom WorkingDirectory=%S/osmocom +User=osmocom +Group=osmocom ExecStart=/usr/bin/osmo-hlr -c /etc/osmocom/osmo-hlr.cfg -l /var/lib/osmocom/hlr.db RestartSec=2 ProtectHome=true diff --git a/debian/control b/debian/control index ec234a3..56457c9 100644 --- a/debian/control +++ b/debian/control @@ -20,7 +20,7 @@ Homepage: https://projects.osmocom.org/projects/osmo-hlr Package: osmo-hlr Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser Description: Osmocom Home Location Register OsmoHLR is a Osmocom implementation of HLR (Home Location Registrar) which works over GSUP protocol. The subscribers are store in sqlite DB. diff --git a/debian/postinst b/debian/postinst index 390d304..96734df 100755 --- a/debian/postinst +++ b/debian/postinst @@ -3,3 +3,42 @@ # post-upgrade script in both cases, it won't do anything if there is nothing # to do. /usr/share/osmocom/osmo-hlr-post-upgrade.sh + +# Create 'osmocom' user and group (if it doesn't exist yet) and adjust permissions +# of directories which are not automatically adjusted by systemd from previous (root-owned) +# install. + +# N. B: the user is intentionally NOT removed during package uninstall: +# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning. +chperms() { + # chperms + if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then + if [ -e $4 ]; then + chown $1:$2 $4 + chmod $3 $4 + fi + fi +} + +case "$1" in + configure) + if ! getent passwd osmocom > /dev/null; then + adduser --quiet \ + --system \ + --group \ + --no-create-home \ + --disabled-password \ + --home /var/lib/osmocom \ + --gecos "Open Source Mobile Communications" \ + osmocom + fi +# Set permissions according to https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners + chperms osmocom osmocom 0660 /etc/osmocom/osmo-hlr.cfg + chperms root osmocom 2775 /etc/osmocom + + ;; +esac + +# dh_installdeb(1) will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER# -- cgit v1.2.3