On Fri, Sep 05, 2014 at 02:46:25PM +0200, Raphaël Hertzog wrote:
> So debootstrap is immune to this problem just because it manually configures
> base-passwd before base-files. We could probably also fix cdeboostrap in a
> similar way but cdebootstrap is actually relying on apt/dpkg to let them
> configure the packages in the right order and maybe the better fix is thus
> to add a "Depends: base-passwd" on base-files so that the two packages are
> configured in the correct order. I just deployed such a fix in Kali and it
> works well.
>
> I'm ccing the cdebootstrap and base-passwd maintainers in case they want to
> voice an opinion too.
Doesn't seem entirely terrible. That said, this is all hopelessly
delicate. I wonder if instead it would be better for base-files to
hardcode the various IDs it uses in the postinst (UIDs: root, GIDs:
root, mail, utmp, staff), and thus sidestep this requirement entirely?
They're all global static, so could safely be hardcoded. Something like
this (untested):
diff --git a/debian/postinst.in b/debian/postinst.in
index 5f0f1a2..21a0dc2 100644
--- a/debian/postinst.in
+++ b/debian/postinst.in
@@ -1,12 +1,21 @@
#!/bin/sh
set -e
+# Hardcode all IDs, in order that we can be configured even when base-passwd
+# has never been configured. This is safe because all IDs used here are in
+# the global static space.
+root_uid=0
+root_gid=0
+mail_gid=8
+utmp_gid=43
+staff_gid=50
+
install_local_dir() {
if [ ! -d $1 ]; then
mkdir -p $1
fi
if [ -f /etc/staff-group-for-usr-local ]; then
- chown root:staff $1 2> /dev/null || true
+ chown $root_uid:$staff_gid $1 2> /dev/null || true
chmod 2775 $1 2> /dev/null || true
fi
}
@@ -20,7 +29,7 @@ install_from_default() {
install_directory() {
if [ ! -d /$1 ]; then
mkdir /$1
- chown root:$3 /$1
+ chown $root_uid:$3 /$1
chmod $2 /$1
fi
}
@@ -58,16 +67,16 @@ if [ "$1" = "configure" ] && [ "$2" = "" ]; then
install_from_default /usr/share/base-files/dot.bashrc /root/.bashrc
install_from_default /usr/share/base-files/profile /etc/profile
install_from_default /usr/share/base-files/motd /etc/motd
- install_directory srv 755 root
- install_directory opt 755 root
- install_directory etc/opt 755 root
- install_directory var/opt 755 root
- install_directory media 755 root
- install_directory var/mail 2775 mail
+ install_directory srv 755 $root_gid
+ install_directory opt 755 $root_gid
+ install_directory etc/opt 755 $root_gid
+ install_directory var/opt 755 $root_gid
+ install_directory media 755 $root_gid
+ install_directory var/mail 2775 $mail_gid
if [ ! -L /var/spool/mail ]; then
ln -s ../mail /var/spool/mail
fi
- install_directory run/lock 1777 root
+ install_directory run/lock 1777 $root_gid
migrate_directory /var/run /run
migrate_directory /var/lock /run/lock
@@ -92,30 +101,30 @@ if [ "$1" = "configure" ] && [ "$2" = "" ]; then
if [ ! -f /var/log/lastlog ]; then
echo -n>/var/log/lastlog
fi
- chown root:utmp /var/log/wtmp /var/log/btmp /var/log/lastlog
+ chown $root_uid:$utmp_gid /var/log/wtmp /var/log/btmp /var/log/lastlog
chmod 664 /var/log/wtmp /var/log/lastlog
chmod 660 /var/log/btmp
if [ ! -f /var/run/utmp ]; then
echo -n>/var/run/utmp
fi
- chown root:utmp /var/run/utmp
+ chown $root_uid:$utmp_gid /var/run/utmp
chmod 664 /var/run/utmp
fi
if [ ! -d /var/lib/dpkg ]; then
mkdir -m 755 -p /var/lib/dpkg
- chown root:root /var/lib/dpkg
+ chown $root_uid:$root_gid /var/lib/dpkg
fi
if [ ! -f /var/lib/dpkg/status ]; then
echo > /var/lib/dpkg/status
chmod 644 /var/lib/dpkg/status
- chown root:root /var/lib/dpkg/status
+ chown $root_uid:$root_gid /var/lib/dpkg/status
fi
if [ ! -f /usr/info/dir ] && [ ! -f /usr/share/info/dir ]; then
install_from_default /usr/share/base-files/info.dir /usr/share/info/dir
chmod 644 /usr/share/info/dir
- chown root:root /usr/share/info/dir
+ chown $root_uid:$root_gid /usr/share/info/dir
fi
if [ "$1" = "configure" ] && [ "$2" != "" ]; then
I'd be more comfortable with this approach than with adding a new
dependency to the very core of the Essential set, but I'd appreciate
Santiago's thoughts.
Thanks,
--
Colin Watson [[email protected]]
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
