Package: spamassassin
Version: 3.3.2-8
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu trusty ubuntu-patch
Hey,
Full disclosure: I'm running Ubuntu.
Somehow my /var/lib/spamassassin hadn't been chowned to
debian-spamd:debian-spamd. I'm not sure why; tracing back the upgrade
path didn't give me any clues. When I got sa-compile with -8, the script
couldn't run because debian-spamd (the user sa-compile is run as)
couldn't write to the directory. This failed the postinst, which bombs
out dpkg and apt (if used).
So I've modified the postinst to always chown in the following cases
- There's no statoverride specified by the local admin.
- The owner isn't the target (debian-spamd:debian-spamd) already.
...and to run programs under the user who owns the directory. I used the
following changelog.
* Always chown /var/lib/spamassassin if necessary; some upgrade paths might
have left it as root:root, in which case sa-compile's postinst will not
run successfully.
I guess you might want something like this in Debian too.
Thanks for considering the patch.
--
Iain Lane [ i...@orangesquash.org.uk ]
Debian Developer [ la...@debian.org ]
Ubuntu Developer [ la...@ubuntu.com ]
diff -Nru spamassassin-3.3.2/debian/sa-compile.postinst spamassassin-3.3.2/debian/sa-compile.postinst
--- spamassassin-3.3.2/debian/sa-compile.postinst 2014-02-09 23:56:29.000000000 +0000
+++ spamassassin-3.3.2/debian/sa-compile.postinst 2014-02-14 11:43:12.000000000 +0000
@@ -3,10 +3,11 @@
set -e
sa_compile() {
+ OWNER=$(stat -c '%U' /var/lib/spamassassin)
# Compile, if rules have previously been compiled, and it's possible
if [ -x /usr/bin/re2c -a -x /usr/bin/sa-compile ]; then
echo "Running sa-compile (may take a long time)"
- su debian-spamd -c "sa-compile --quiet"
+ su $OWNER -c "sa-compile --quiet"
invoke-rc.d spamassassin restart
fi
}
diff -Nru spamassassin-3.3.2/debian/spamassassin.postinst spamassassin-3.3.2/debian/spamassassin.postinst
--- spamassassin-3.3.2/debian/spamassassin.postinst 2014-02-13 16:13:11.000000000 +0000
+++ spamassassin-3.3.2/debian/spamassassin.postinst 2014-02-14 11:43:10.000000000 +0000
@@ -3,23 +3,29 @@
set -e
if [ "$1" = "configure" ]; then
- # If a new install, or an upgrade from before 3.3.2-3 ...
- if dpkg --compare-versions "$2" "le" "3.3.2-2"; then
- if ! getent passwd debian-spamd > /dev/null ; then
- adduser --system --group --shell /bin/sh --disabled-password \
- --home /var/lib/spamassassin debian-spamd
- else
- mkdir -p /var/lib/spamassassin
- fi
- # Fix permissions of spamassassin; A no-op on new installs, lets
- # debian-spamd claim ownership of spamassassin updates on upgrades.
+ if ! getent passwd debian-spamd > /dev/null ; then
+ adduser --system --group --shell /bin/sh --disabled-password \
+ --home /var/lib/spamassassin debian-spamd
+ else
+ mkdir -p /var/lib/spamassassin
+ fi
+
+ OWNER=$(stat -c '%U' /var/lib/spamassassin)
+ GROUP=$(stat -c '%G' /var/lib/spamassassin)
+
+ # Lets debian-spamd claim ownership of spamassassin updates on upgrades,
+ # unless the user has overridden.
+ if ! dpkg-statoverride --list /var/lib/spamassassin/* >/dev/null && \
+ [ "$OWNER:$GROUP" != "debian-spamd:debian-spamd" ]; then
chown -R debian-spamd:debian-spamd /var/lib/spamassassin
+ OWNER=debian-spamd
+ GROUP=debian-spamd
fi
test -d /var/lib/spamassassin/sa-update-keys ||
- install -d -o debian-spamd -g debian-spamd -m 700 /var/lib/spamassassin/sa-update-keys
+ install -d -o $OWNER -g $GROUP -m 700 /var/lib/spamassassin/sa-update-keys
- su debian-spamd -c "sa-update --gpghomedir /var/lib/spamassassin/sa-update-keys \
+ su $OWNER -c "sa-update --gpghomedir /var/lib/spamassassin/sa-update-keys \
--import /usr/share/spamassassin/GPG.KEY"
fi
