Bug#332264: tex-common: permission-handling of ls-R files is one-way
Hi Frank!
Attached are my current postinst.in config.in templates
Please comment on it. I send the whole files since the diff is to
complicated.
I have done:
. changed the templates description
. removed the unnecessary templates (groupperm userperm)
. dh_unregister the unnecessary templates
. removed the transfer of tetex settings to tex-common
(why did we do it at all? debconf is not a registry! ;-)
. changed config.in and postinst.in to work with our policy
I added the select_lsr function to common.functions and include
common.functions in config.in
Here is the select function (I don't send the common.functions):
select_lsrfile() {
case $1 in
main) LSR=$TEXMFSYSVAR/ls-R-TEXMFMAIN ;;
var) LSR=$TEXMFSYSVAR/ls-R ;;
cache) LSR=/var/cache/fonts/ls-R ;;
*) echo "This should not happen: Don't know how to set this! $lsr" ;;
esac
echo $LSR
}
I tested it on my texlive system, but not completely, ie not all
possible combinations. But at least it works in some cases ;-)
One last question: In the postinst at the end there is
db_get tex-common/groupname || true
LSRGROUP="$RET"
if [ -n $LSRGROUP ] ; then
for i in $truegwritefiles ; do
lsr=`select_lsrfile $i`
chgrp -v $LSRGROUP $lsr 2>/dev/null || true
done
fi
I have eliminated the grp call. But should we also eliminate the || true?
What happens if the user types in an unexistent group
Best wishes
Norbert
-------------------------------------------------------------------------------
Dr. Norbert Preining <preining AT logic DOT at> Università di Siena
sip:preining@at43.tuwien.ac.at +43 (0) 59966-690018
gpg DSA: 0x09C5B094 fp: 14DF 2E6C 0307 BE6D AD76 A9C0 D2BF 4AA3 09C5 B094
-------------------------------------------------------------------------------
ADLESTROP (n.)
That part of a suitcase which is designed to get snarled up on
conveyor belts at airports. Some of the more modern adlestrop designs
have a special 'quick release' feature which enables the case to flip
open at this point and fling your underclothes into the conveyor
belt's gearing mechanism.
--- Douglas Adams, The Meaning of Liff
#include variables
#!/bin/sh -e
#
# postinst maintainer script for the Debian <:=${PACKAGE}:> package.
# $Id: postinst.in 200 2005-10-05 17:23:12Z preining-guest $
<:=@COPYRIGHT:>//
## Define static variables we need
MKTMPDIR=<:=$MKTMPDIR:> # mktemp will create its files there
UCF_FILES="<:=$TEX_COMMON_UCF_FILES:>"
TEXMFSYSVAR="<:=$TEXMFSYSVAR:>"
UCF="ucf --debconf-ok"
#UCF="ucf -d --debconf-ok --verbose"
FIRST_VERSION_WITH_UPGRADE_PATH=0.3
OLD_LDAT=/etc/texmf/language.dat
POSTINST_MOVE_EXT="<:=$POSTINST_MOVE_EXT:>"
umask 022
# Give a name to the first commandline argument
action=$1
. <:=${CONFMODULE}:>
db_version 2.0
<:open(FUNCTIONS,'postinst.functions');@FUNCTIONS=<FUNCTIONS>;close(FUNCTIONS):>//
<:=@FUNCTIONS:>//
# <:open(FUNCTIONS,'common.functions');@FUNCTIONS=<FUNCTIONS>;close(FUNCTIONS):>//
# <:=@FUNCTIONS:>//
#################################################################
# Here starts the real action
#################################################################
case $action in
configure|reconfigure)
## upgrade from 2.0.2 in sarge
configured_version=$2
# we must keep changes to the option part of 00updmap.cfg, if it is
# installed (from an older tetex-base package)
dpkg --compare-versions \
$FIRST_VERSION_WITH_UPGRADE_PATH gt "$configured_version" && \
updmap_extract
# is there a file /etc/texmf/language.dat already? Move it out of the way
if [ -f $OLD_LDAT ]; then
cat > $OLD_LDAT.$POSTINST_MOVE_EXT <<EOF
This file is no longer used and has therefore been renamed by the postinst
script of the tex-common package.
Please use the mechanism described in update-language(8) instead.
EOF
cat $OLD_LDAT >> $OLD_LDAT.$POSTINST_MOVE_EXT
rm $OLD_LDAT
fi
# normal install
# handle ucf-managed configuration files
for file in $UCF_FILES; do
$UCF /usr/share/tex-common/`basename $file` /etc/texmf/$file
done
#
# create /usr/local/share/texmf, unless the filesystem is read-only:
# this is against policy, disable
# TEXMFLOCAL=/usr/local/share/texmf
# if [ ! -e $TEXMFLOCAL ]; then
# if mkdir $TEXMFLOCAL 2>/dev/null; then
# chmod 2775 $TEXMFLOCAL 2>/dev/null || true
# chown root:staff $TEXMFLOCAL 2>/dev/null || true
# ln -s /var/lib/texmf/ls-R-LOCAL /$TEXMFLOCAL/ls-R
# fi
# fi
#
# remove left over fmt/efmt/log files in /usr/share/texmf/web2c/
# move out of the way old config files
#
if [ -d /usr/share/texmf/web2c ] ; then
rm -rf /usr/share/texmf/web2c/*.fmt
rm -rf /usr/share/texmf/web2c/*.efmt
rm -rf /usr/share/texmf/web2c/*.base
rm -rf /usr/share/texmf/web2c/*.log
for cfgfile in fmtutil.cnf updmap.cfg ; do
oldname=/usr/share/texmf/web2c/$cfgfile
newname=/usr/share/texmf/web2c/$cfgfile.pre-upgrade
if [ -r $oldname ] ; then
cat - > $newname <<EOF
# This file conflicts with the new configuration location.
# Please merge your changes to the correct location.
EOF
cat $oldname >> $newname
rm $oldname
fi
done
fi
# run our scripts - this way we ensure that the generated files are
# corrected, should one of the scripts have produced buggy output in
# a prior version
update-texmf
update-fmtutil
update-updmap
update-language
#
# set permission of ls-R files
db_get tex-common/managedlsr || true
if [ -n "$RET" ] ; then
falsegwritefiles=""
truegwritefiles=""
for i in var cache main ; do
if echo $RET | grep -q $i ; then
truegwritefiles="$truegwritefiles $i"
else
falsegwritefiles="$falsegwritefiles $i"
fi
done
for i in $truegwritefiles ; do
lsr=`select_lsrfile $i`
chmod g+w $lsr
done
for i in $falsegwritefiles ; do
lsr=`select_lsrfile $i`
chmod g-w $lsr
done
db_get tex-common/groupname || true
LSRGROUP="$RET"
if [ -n $LSRGROUP ] ; then
for i in $truegwritefiles ; do
lsr=`select_lsrfile $i`
chgrp -v $LSRGROUP $lsr 2>/dev/null || true
done
fi
else
#
# In this case when no ls-R files are managed by debconf
# we do nothing. The files get the correct permissions on new
# installation, because we ship them like this. And if a user
# changes some of the parameters, he is responsible for himself.
echo "Leaving permissions of ls-R files as they are ..."
fi
;;
*)
;;
esac
#DEBHELPER#
# Local Variables:
# mode: shell-script
# End:
Template: tex-common/managedlsr
Type: multiselect
Choices: main, cache, var
Default: cache
_Description: Select the ls-R file which should be writable by their
respective group.
There are many files installed in a typical TeX system. To speed up the
search of these files a list of available files is stored in a file called
ls-R. There are four different locations for TeX files on a Debian system:
- main: usually /usr/share/texmf, contains only files installed
by debian packages.
- var: usually /var/lib/texmf, contains generated files from the
TeX system like format files.
- cache: usually /var/cache/fonts, contains generated fonts.
You can select from these three locations those whose ls-R files should
be group writable. Those ls-R which have not been selected will be removed
the group write permission.
.
We suggest selecting cache (this is the defaults) and allowing
a selected user group to modify these ls-R files out of the following
reasons:
.
A lot of font files have to be generated before they can be used by xdvi,
dvips etc. These files are stored in /var/cache/fonts, so that they do not
need to be regenerated every time.
Template: tex-common/groupname
Type: string
Default: users
_Description: Which group should own the ls-R files?
You can choose a specific group which the previously selected ls-R files
should belong to. If you do not enter a group name here, the group
ownership of the selected files will not be touched at all. If you
have selected 'cache' in the previous question, we would suggest to select
the group 'users' here.
Template: tex-common/cnf_name
Type: note
_Description: Change of name of files in /etc/texmf/texmf.d/
texmf.cnf has previously been generated by update-texmf from all files in
/etc/texmf/texmf.d/. Now update-texmf is changed and only reads files with
extension '.cnf'
.
So if you had any private file in /etc/texmf/texmf.d/, then you should add
'.cnf' to its name; for example, 22mymacro => 22mymacro.cnf
#include variables
#!/bin/sh -e
#
# config maintainer script for the Debian <:=${PACKAGE}:> package.
# $Id: config.in 114 2005-08-04 15:04:01Z frn $
<:=@COPYRIGHT:>//
# Give names to the commandline arguments
action=$1
installed_version=$2
. <:=${CONFMODULE}:>
db_version 2.0
<:open(FUNCTIONS,'common.functions');@FUNCTIONS=<FUNCTIONS>;close(FUNCTIONS):>//
<:=@FUNCTIONS:>//
## do the things we have to do for upgraders from old versions
# it does not harm to do the checks also when $action is reconfigure.
# suggest a user to rename old cnf files (copyright Atsuhito?)
# (upgrade from woody, keep for etch?)
if [ -d /etc/texmf/texmf.d ]; then
if ls /etc/texmf/texmf.d 2> /dev/null | egrep -vq '(\.cnf|\.dpkg-.*|~)$'; then
db_input medium tex-common/cnf_name || true
db_go || true
fi
fi
# we also unregister the tetex-bin/lsr-perms
db_unregister tetex-bin/lsr-perms || true
# and unregister old tex-common questions, they are not needed anymore
db_unregister tex-common/groupperm || true
db_unregister tex-common/userperm || true
#
# first we collect those ls-R files which are group writeable in gwritetrue
# and those which are not group writeable in gwritefalse
# furthermore we save the respective group and write permission in
# ${i}group
gwritetrue=""
gwritefalse=""
for i in var cache main ; do
eval ${i}group=""
lsr=`select_lsrfile $i`
if [ -r $lsr ] ; then
tmp=`ls -l $lsr | awk '{print$4}'`
eval ${i}group=$tmp
if ls -l $lsr | grep -q ^.....w ; then
gwritetrue="$gwritetrue $i"
else
gwritefalse="$gwritefalse $i"
fi
fi
done
#
# now we save the list of group writeable ls-R files to tex-common/managedlsr
db_set tex-common/managedlsr $gwritetrue || true
#
# and ask the user to check if this selection is ok
db_input low tex-common/managedlsr || true
db_go
#
# get the answer of the users, ie what files should really be group writeable
db_get tex-common/managedlsr && SELECTED_LSR="$RET" || true
if [ -n "$SELECTED_LSR" ]; then
#
# we check wether all the group writeable files belong to the same group
# if yes, we suggest this group and ask the groupname question,
# otherwise we ignore this and do *not* play around with groups.
iscommongroup=-1
for i in $SELECTED_LSR ; do
eval tmp=${i}group
if [ "X$iscommongroup" = "X-1" ] ; then
iscommongroup=$tmp
else
if [ ! $tmp = $iscommongroup ] ; then
iscommongroup=""
fi
fi
done
db_set tex-common/groupname "$iscommongroup" || true
if [ -n $iscommongroup ] ; then
db_input low tex-common/groupname || true
db_go
fi
fi
#
# we do not care for user permissions in this setting!
#
# Local Variables:
# mode: shell-script
# skeleton-pair: t
# End:
Reply to: