Am 15.11.24 um 00:29 schrieb Luca Boccassi:
On Thu, 14 Nov 2024 at 23:27, Simon McVittie <s...@debian.org> wrote:On Thu, 14 Nov 2024 at 22:47:05 +0000, Luca Boccassi wrote:Incidentally, we also have some leftovers handling of /var/lib/polkit-1 - I think that's no longer necessary as well, given Michael dropped pkla support entirely, right?In existing installations it might still be the home directory of the polkitd user (we try to change it to /nonexistent, but we might not be able to if there's some stray process running as polkitd), and we can't `rm -r` it because other packages might still own files in there. I don't think that necessarily blocks removing all of the leftover handling of it, but it will need doing a bit carefully.Yeah removing might not be feasible, however we can at least stop creating it, setting the user/groups, etc, right?
I think it's safe (and probably a good idea) to drop - set_perms root polkitd 750 /var/lib/polkit-1 from polkitd.postinst. I'm not so sure we can easily drop it from polkitd.dirs.This would cause dpkg to attempt its removal on upgrades which might not be a good idea if the polkitd system user, as Simon explained above, could not successfully be updated to the new home directory. That said, it's indeed a bit unclean that we still ship the old directory in the package.
OpenPGP_signature.asc
Description: OpenPGP digital signature
