On Sun, Oct 22, 2023 at 02:46:00AM +0530, Nilesh Patra wrote: > On Sat, Oct 21, 2023 at 11:57:14PM +0300, Taavi Väänänen wrote: > > On 10/21/23 17:28, Nilesh Patra wrote: > > > I have pushed a small change with reasoning to properly fix those. However, I have two > > > questions to ask: > > > > > > * Why is the groupname of soju user names "ssl-cert" and not soju itself? > > > * Do we expect a "ssl-group" to be commonly present in linux systems? If > > > not (it isn't on mine), should it not be: > > > - Created in d/postinst? -- There is no groupadd or --ingroup with > > > adduser > > > - Removed in d/postrm? -- no delgroup > > > > The group is added by the "ssl-cert" package[0] package which soju has a > > Depends: on, and it's added as a supplementary group to the soju user and > > not as the primary group. That group generates self-signed TLS certificates > > that the package can use in the default configuration, instead of shipping a > > default configuration with a plaintext listener which is heavily discouraged > > by upstream and something I'd rather not do regardless. > > Yes, makes sense. I have one almost final question -- you have created a > /var/lib/soju in d/dirs and then creating a new soju user with this has > homedir but correspondingly also using --no-create-home. > > Wouldn't it be cleaner if you just remove d/dirs and let it create this > in postinst instead? > I've usually seen adduser to be used in this way in the past. Another comment - the systemd service probably should be stopped in prerm - isn't it? > > [0]: https://tracker.debian.org/pkg/ssl-cert > > Best, > Nilesh Best, Nilesh
Attachment:
signature.asc
Description: PGP signature