Bug#203650: Poor recommendation in dpkg-statoverride section
On Thu, Jul 31, 2003 at 06:24:18PM +0100, Andrew Suffield wrote:
> for i in /usr/bin/foo /usr/sbin/bar
> do
> if ! dpkg-statoverride --list $i >/dev/null
> then
> dpkg-statoverride --update --add sysuser root 4755 $i
> fi
> done
>
> The corresponding dpkg-statoverride --remove calls can then be made
> unconditionally when the package is purged.
> ============
>
> This means that the files are unpacked with whatever permissions were
> in the package, and are then modified during postinst. In addition, if
> the sysadmin removes the statoverride entry, the postinst will blindly
> add it back again later.
Another possibility then is to do the following.
Firstly, ensure that the default owner/group and permissions in the
.deb are safe, and that if the package breaks because of them, it will
do so in a safe way (the meaning of this will depend on the package).
No-one expects an unconfigured package to necessarily work (with
exceptions for essential packages, but we can ignore those here).
Then change the line in the postinst:
+ if [ "$1" = configure ]
+ then
for i in /usr/bin/foo /usr/sbin/bar
do
- if ! dpkg-statoverride --list $i >/dev/null
+ if [ dpkg --compare-versions "$2" lt "2.3.4-2" ]
then
dpkg-statoverride --update --add sysuser root 4755 $i
fi
done
+ fi
where 2.3.4-2 is to be replaced by the first version in which this
statoverride was introduced.
In this way, if the sysadmin later touches the statoverride, their
changes will remain (for good or bad).
Julian
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey, website: http://www.polya.uklinux.net/
Debian GNU/Linux Developer, see: http://people.debian.org/~jdg/
Visit http://www.thehungersite.com/ to help feed the hungry
Reply to: