Bug#773180: (pre-approval) unblock: dbus with #773107 fixed

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#773180: (pre-approval) unblock: dbus with #773107 fixed
From: Simon McVittie <smcv@debian.org>
Date: Mon, 15 Dec 2014 11:05:51 +0000
Message-id: <[🔎] 20141215110539.GA26643@reptile.pseudorandom.co.uk>
Reply-to: Simon McVittie <smcv@debian.org>, 773180@bugs.debian.org

Package: release.debian.org
Severity: wishlist
User: release.debian.org@packages.debian.org
Usertags: unblock

I just uploaded a dbus version to experimental with more robust
owner/permissions setting for dbus-daemon-launch-helper (debdiff
attached). Would you be willing to consider equivalent changes via
unstable (probably as dbus/1.8.12-2) for jessie?

Context: while upgrading a wheezy system to jessie, I hit the same
man-db -> man-db trigger cycle that Paul Gevers reported in
<https://bugs.debian.org/771730#20>. This left dbus system services in
a temporarily broken state, because dbus had been unpacked but not configured.
With <https://bugs.debian.org/773107> fixed, this broken state would be
avoided.

I have tested the experimental dbus in an upgrade (a real system) and
a new installation (minimal cdebootstrap), and it correctly leaves
dbus-daemon-launch-helper 4754 root:messagebus in both cases.

Regards,
    S

diffstat for dbus-1.9.4 dbus-1.9.4

 changelog     |   13 +++++++++++++
 dbus.postinst |    5 +++--
 dbus.postrm   |    6 ++++++
 dbus.preinst  |   20 ++++++++++++++++++++
 4 files changed, 42 insertions(+), 2 deletions(-)

diff -Nru dbus-1.9.4/debian/changelog dbus-1.9.4/debian/changelog
--- dbus-1.9.4/debian/changelog	2014-11-24 13:58:25.000000000 +0000
+++ dbus-1.9.4/debian/changelog	2014-12-15 08:18:25.000000000 +0000
@@ -1,3 +1,16 @@
+dbus (1.9.4-2) experimental; urgency=medium
+
+  * postinst: use dpkg-statoverride to set the permissions for
+    dbus-daemon-launch-helper (expected to be 04754 root:messagebus)
+    as suggested in Policy §10.9. This avoids a temporarily broken state
+    when an upgraded dbus is unpacked but not yet configured (Closes: #773107)
+  * preinst: opportunistically set up the same dpkg-statoverride entry
+    if the group already exists, to avoid the same broken state during
+    upgrades from older versions without needing Pre-Depends: adduser
+  * postrm: delete the dpkg-statoverride entry on purge
+
+ -- Simon McVittie <smcv@debian.org>  Mon, 15 Dec 2014 08:18:15 +0000
+
 dbus (1.9.4-1) experimental; urgency=medium
 
   * New upstream release 1.9.4
diff -Nru dbus-1.9.4/debian/dbus.postinst dbus-1.9.4/debian/dbus.postinst
--- dbus-1.9.4/debian/dbus.postinst	2014-11-24 13:58:25.000000000 +0000
+++ dbus-1.9.4/debian/dbus.postinst	2014-12-15 08:18:25.000000000 +0000
@@ -31,9 +31,10 @@
             --disabled-password \
             --group "$MESSAGEUSER"
 
+    # The preinst might have done this already, or a sysadmin might have
+    # set up their own dpkg-statoverride. Keep this in sync with the preinst.
     if ! dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1; then
-            chown root:"$MESSAGEUSER" "$LAUNCHER"
-            chmod 4754 "$LAUNCHER"
+        dpkg-statoverride --update --add root "$MESSAGEUSER" 4754 "$LAUNCHER"
     fi
 
     # This is idempotent, so it's OK to do every time. The system bus' init
diff -Nru dbus-1.9.4/debian/dbus.postrm dbus-1.9.4/debian/dbus.postrm
--- dbus-1.9.4/debian/dbus.postrm	2014-11-24 13:58:25.000000000 +0000
+++ dbus-1.9.4/debian/dbus.postrm	2014-12-15 08:18:25.000000000 +0000
@@ -7,6 +7,12 @@
 
 	rm -f /var/lib/dbus/machine-id
 	rmdir /var/lib/dbus || true
+
+	LAUNCHER=/usr/lib/dbus-1.0/dbus-daemon-launch-helper
+
+	if dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1 ; then
+		dpkg-statoverride --remove "$LAUNCHER"
+	fi
 fi
 
 #DEBHELPER#
diff -Nru dbus-1.9.4/debian/dbus.preinst dbus-1.9.4/debian/dbus.preinst
--- dbus-1.9.4/debian/dbus.preinst	1970-01-01 01:00:00.000000000 +0100
+++ dbus-1.9.4/debian/dbus.preinst	2014-12-15 08:18:25.000000000 +0000
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+MESSAGEUSER=messagebus
+LAUNCHER=/usr/lib/dbus-1.0/dbus-daemon-launch-helper
+
+# Avoid having the new $LAUNCHER temporarily go back to
+# its permissions and ownership from the .deb (0755 root:root).
+# We do this opportunistically - only if $MESSAGEUSER already exists
+# (i.e. dbus is installed or has been installed in the past) - to avoid having
+# to pre-depend on adduser, and we don't do it if the postinst or
+# the sysadmin has already set up a dpkg-statoverride.
+# Keep this in sync with the postinst.
+if getent group "$MESSAGEUSER" >/dev/null && \
+        ! dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1; then
+    dpkg-statoverride --update --add root "$MESSAGEUSER" 4754 "$LAUNCHER"
+fi
+
+#DEBHELPER#

Reply to:

Follow-Ups:
- Processed: Re: Bug#773180: (pre-approval) unblock: dbus with #773107 fixed
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#773180: (pre-approval) unblock: dbus with #773107 fixed
  - From: Julien Cristau <jcristau@debian.org>
- Processed: Re: Bug#773180: (pre-approval) unblock: dbus with #773107 fixed
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#773180: marked as done (unblock: dbus/1.8.12-3)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#773178: unblock: biomaj-watcher/1.2.2-2
Next by Date: Bug#773174: debdiff
Previous by thread: Bug#773178: marked as done (unblock: biomaj-watcher/1.2.2-2)
Next by thread: Processed: Re: Bug#773180: (pre-approval) unblock: dbus with #773107 fixed
Index(es):
- Date
- Thread