On Fri, 15 Nov 2024 01:57:49 +0100 Michael Biebl <bi...@debian.org> wrote:
Am 15.11.24 um 00:29 schrieb Luca Boccassi: > On Thu, 14 Nov 2024 at 23:27, Simon McVittie <s...@debian.org> wrote: >> >> On Thu, 14 Nov 2024 at 22:47:05 +0000, Luca Boccassi wrote: >>> Incidentally, we also have some leftovers handling of /var/lib/polkit-1 >>> - I think that's no longer necessary as well, given Michael dropped >>> pkla support entirely, right? >> >> In existing installations it might still be the home directory of the >> polkitd user (we try to change it to /nonexistent, but we might not be >> able to if there's some stray process running as polkitd), and we can't >> `rm -r` it because other packages might still own files in there. >> >> I don't think that necessarily blocks removing all of the leftover >> handling of it, but it will need doing a bit carefully.> > Yeah removing might not be feasible, however we can at least stop> creating it, setting the user/groups, etc, right?I think it's safe (and probably a good idea) to drop - set_perms root polkitd 750 /var/lib/polkit-1 from polkitd.postinst. I'm not so sure we can easily drop it from polkitd.dirs.This would cause dpkg to attempt its removal on upgrades which might not be a good idea if the polkitd system user, as Simon explained above, could not successfully be updated to the new home directory. That said, it's indeed a bit unclean that we still ship the old directory in the package.
I completely forgot, that we had patched polkitd to us use chdir('/') (and this patch is now also upstream, thanks Luca).
So I actually think we can drop the directory safely from the package, even if we have failed to update the polkitd user to use /nonexistent as its home directory. This would not lead to a failure when trying to start the service and it's thus mostly a cosmetic issue. I would therefor not fail hard in postinst as implemented in MR
https://salsa.debian.org/utopia-team/polkit/-/merge_requests/15 I've uploaded a simpler approach https://salsa.debian.org/utopia-team/polkit/-/commit/fcf58579a073a7bdfe56fc1926fcebcce45d1fa0 as 126-2 to unstable Regards, Michael
OpenPGP_signature.asc
Description: OpenPGP digital signature
