> I was always wondering:
>
> Unless we expect that two different binary packages that can be co-installed
> will distribute the same directory under different ownership or permissions for
> a good reason, why not simply let dpkg apply ownership and permissions found in
> data.tar.{gz|bz2|xz}, and treat it the same as a file conflict when unpacking a
> package on a system where another package has already set different ownersip
> and permissions ?
An obvious obstacle is that dpkg does not currently track ownership and
permissions of installed files and directories in its database.
Cheers,
Sven
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87zk9dpqr1.fsf@turtle.gmx.de">http://lists.debian.org/87zk9dpqr1.fsf@turtle.gmx.de
05-12-2012, 01:55 PM
Guillem Jover
on the use of chmod/chown in maintainer scripts
On Sat, 2012-05-12 at 12:28:27 +0100, Roger Leigh wrote:
> On Sat, May 12, 2012 at 12:23:49PM +0200, Peter Palfrader wrote:
> > A lot of daemon packages in Debian nowadays create their own user and groups
> > during installation. Usually this also implies that a couple of files and
> > directories are created, and then chmodded and chowned to some appropriate
> > value for the service in question.
> >
> > Any ideas what we should do?
>
> Like for other parts of the packaging and maintainer scripts, I think
> this is something which should be entirely declarative, and handled
> at the dpkg or debhelper level.
>
> In the case of adding users and groups, it would be helpful to have
> e.g. a dh_user and/or dh_group script which look at
> debian/${package}.(user|group) and put the appropriate
> adduser/useradd commands into the package preinst or postinst, and
> depends/pre-depends on the needed tools as appropriate.
> This can also add the appropriate commands for removal in the postrm
> (or not, as the consensus currently appears to be). But the policy
> for that can be set by debhelper.
>
> Why the preinst? If all static or dynamic users and groups are made
> available before unpacking the data.tar, we can just unpack the tar
> and the users/groups in the files and directories could be
> automatically used. No manual chmod/chown would be required, since
> this would all be handled transparently by dpkg.
Right, this came up some time ago when Lars blogged about it, my reply
to that can be found there:
<http://blog.liw.fi/posts/addsysuser/>
> With the above approach, the only hard question is how to set the
> ownership during the package build. fakeroot handles this just fine,
> but it does require the user/group to be present on the build
> system, which will not always be the case. Is there an alternative
> means to set/override the ownership during packing of a tarfile?
One option would be to make dpkg-deb use an internal tar implementation,
and add a file describing the attributes of the to be packaged files.
That might make needing root privs (either through fakeroot or sudo)
unneeded in most of the cases too.
regards,
guillem
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120512135523.GA770@gaara.hadrons.org">http://lists.debian.org/20120512135523.GA770@gaara.hadrons.org
05-12-2012, 09:06 PM
Russ Allbery
on the use of chmod/chown in maintainer scripts
Charles Plessy <plessy@debian.org> writes:
> Unless we expect that two different binary packages that can be
> co-installed will distribute the same directory under different
> ownership or permissions for a good reason, why not simply let dpkg
> apply ownership and permissions found in data.tar.{gz|bz2|xz},
Usually because the UID is dynamically assigned and the user is created in
the postinst, so there's no way for dpkg do do this at unpack.
You would need to apply permissions by name, not UID/GID, and you would
need to create all users in preinst prior to unpack, which would require
Pre-Depends on adduser with all the complexity that entails. I haven't
thought through that path to see if there are any other problems.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 878vgxrtx3.fsf@windlord.stanford.edu">http://lists.debian.org/878vgxrtx3.fsf@windlord.stanford.edu
05-12-2012, 09:47 PM
Roger Leigh
on the use of chmod/chown in maintainer scripts
On Sat, May 12, 2012 at 03:55:24PM +0200, Guillem Jover wrote:
> On Sat, 2012-05-12 at 12:28:27 +0100, Roger Leigh wrote:
> > On Sat, May 12, 2012 at 12:23:49PM +0200, Peter Palfrader wrote:
> > With the above approach, the only hard question is how to set the
> > ownership during the package build. fakeroot handles this just fine,
> > but it does require the user/group to be present on the build
> > system, which will not always be the case. Is there an alternative
> > means to set/override the ownership during packing of a tarfile?
>
> One option would be to make dpkg-deb use an internal tar implementation,
> and add a file describing the attributes of the to be packaged files.
> That might make needing root privs (either through fakeroot or sudo)
> unneeded in most of the cases too.
I found that this functionality is already present in BSD tar,
according to the manpage. You can provide a file containing
all the files to pack, plus their ownership and perms etc.,
rather than just specifying the files on the command-line.
----bsdtar(1)----
An input file in mtree(5) format can be used to create an output archive
with arbitrary ownership, permissions, or names that differ from existing
data on disk:
I can't see an equivalent in GNU tar. But BSD tar is available
in Debian.
Regards,
Roger
--
.'`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools
`- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120512214722.GL23173@codelibre.net">http://lists.debian.org/20120512214722.GL23173@codelibre.net
05-13-2012, 12:10 AM
Guillem Jover
on the use of chmod/chown in maintainer scripts
On Sat, 2012-05-12 at 22:47:22 +0100, Roger Leigh wrote:
> On Sat, May 12, 2012 at 03:55:24PM +0200, Guillem Jover wrote:
> > One option would be to make dpkg-deb use an internal tar implementation,
> > and add a file describing the attributes of the to be packaged files.
> > That might make needing root privs (either through fakeroot or sudo)
> > unneeded in most of the cases too.
>
> I found that this functionality is already present in BSD tar,
> according to the manpage. You can provide a file containing
> all the files to pack, plus their ownership and perms etc.,
> rather than just specifying the files on the command-line.
>
> ----bsdtar(1)----
> An input file in mtree(5) format can be used to create an output archive
> with arbitrary ownership, permissions, or names that differ from existing
> data on disk:
[...]
> -----------------
Yeah, mtree is actually one of the things I've been having in mind
when considering ways to store file metadata in the dpkg suite.
> I can't see an equivalent in GNU tar. But BSD tar is available
> in Debian.
This would imply BSD tar needs to be promoted to the Essential set
alongside GNU tar, at which point I might as well just use an
internal tar implementation.
thanks,
guillem
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120513001013.GB6325@gaara.hadrons.org">http://lists.debian.org/20120513001013.GB6325@gaara.hadrons.org
05-13-2012, 12:17 AM
Roger Leigh
on the use of chmod/chown in maintainer scripts
On Sun, May 13, 2012 at 02:10:13AM +0200, Guillem Jover wrote:
> On Sat, 2012-05-12 at 22:47:22 +0100, Roger Leigh wrote:
> > On Sat, May 12, 2012 at 03:55:24PM +0200, Guillem Jover wrote:
> > > One option would be to make dpkg-deb use an internal tar implementation,
> > > and add a file describing the attributes of the to be packaged files.
> > > That might make needing root privs (either through fakeroot or sudo)
> > > unneeded in most of the cases too.
> >
> > I found that this functionality is already present in BSD tar,
> > according to the manpage. You can provide a file containing
> > all the files to pack, plus their ownership and perms etc.,
> > rather than just specifying the files on the command-line.
> >
> > ----bsdtar(1)----
> > An input file in mtree(5) format can be used to create an output archive
> > with arbitrary ownership, permissions, or names that differ from existing
> > data on disk:
> [...]
> > -----------------
>
> Yeah, mtree is actually one of the things I've been having in mind
> when considering ways to store file metadata in the dpkg suite.
>
> > I can't see an equivalent in GNU tar. But BSD tar is available
> > in Debian.
>
> This would imply BSD tar needs to be promoted to the Essential set
> alongside GNU tar, at which point I might as well just use an
> internal tar implementation.
Won't this only be needed for /packing/ the archive though? Can't
any tar implementation still be used for unpacking? Or would
dpkg-deb be constrained to a single tar for both operations?
Regards,
Roger
--
.'`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools
`- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120513001735.GP23173@codelibre.net">http://lists.debian.org/20120513001735.GP23173@codelibre.net
05-13-2012, 12:37 AM
Charles Plessy
on the use of chmod/chown in maintainer scripts
Le Sat, May 12, 2012 at 02:06:16PM -0700, Russ Allbery a écrit :
>
> Usually because the UID is dynamically assigned and the user is created in
> the postinst, so there's no way for dpkg do do this at unpack.
>
> You would need to apply permissions by name, not UID/GID, and you would
> need to create all users in preinst prior to unpack, which would require
> Pre-Depends on adduser with all the complexity that entails. I haven't
> thought through that path to see if there are any other problems.
I see,
[please do not hesitate to answer on -mentors if I am getting trivial]
in some of my packages, I give the ownership on some directories in /var to
www-data without checking that the www-data group exists, but I guess it is
acceptable because it is globally allocated by base-passwd.
The way I do is simply to set the ownership when building the package, and let
dpkg do the rest for me. For instance in emboss-explorer:
Dpkg will not update permissions or ownership, but when creating the directory
it will apply the ones in the 'data' tar archive. So if there was no package
released with wrong settings, I assume this is safe. Or am I simply relying on
something undocumented and unwaranteed ?
Have a nice Sunday,
--
Charles Plessy
Debian Med packaging team,
http://www.debian.org/devel/debian-med
Tsurumi, Kanagawa, Japan
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120513003701.GD19688@falafel.plessy.net">http://lists.debian.org/20120513003701.GD19688@falafel.plessy.net
05-13-2012, 12:48 AM
Guillem Jover
on the use of chmod/chown in maintainer scripts
On Sun, 2012-05-13 at 01:17:35 +0100, Roger Leigh wrote:
> On Sun, May 13, 2012 at 02:10:13AM +0200, Guillem Jover wrote:
> > This would imply BSD tar needs to be promoted to the Essential set
> > alongside GNU tar, at which point I might as well just use an
> > internal tar implementation.
>
> Won't this only be needed for /packing/ the archive though? Can't
> any tar implementation still be used for unpacking? Or would
> dpkg-deb be constrained to a single tar for both operations?
Well strictly speaking, yes it would only be needed for «dpkg-deb -b».
For dpkg --unpack, GNU tar is not even used, an internal implementation
is used instead, so that proper control of what's going on can be done.
But having dpkg-deb either use BSD tar only for extraction or for both
building and extraction would require for it to depend on BSD tar
being present, and I don't think we can get rid of GNU tar from
Essential at this point in time anyway, that's where my comment was
coming from.
And making dpkg-deb use either GNU or BSD tar depending on which one is
present does not seem too compelling.
Also because some of the code has to be written anyway for the
internal tar extractor, it should not be much work to add the building
side.
thanks,
guillem
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120513004805.GA9052@gaara.hadrons.org">http://lists.debian.org/20120513004805.GA9052@gaara.hadrons.org
05-13-2012, 12:51 AM
Russ Allbery
on the use of chmod/chown in maintainer scripts
Charles Plessy <plessy@debian.org> writes:
> in some of my packages, I give the ownership on some directories in /var
> to www-data without checking that the www-data group exists, but I guess
> it is acceptable because it is globally allocated by base-passwd.
Right.
> Dpkg will not update permissions or ownership, but when creating the
> directory it will apply the ones in the 'data' tar archive. So if there
> was no package released with wrong settings, I assume this is safe. Or
> am I simply relying on something undocumented and unwaranteed ?
No, this is fine. But it only works for globally-allocated IDs in
base-passwd. If you instead need to dynamically generate a system user on
the fly and then set ownership of files to that user, which is a
reasonably common case, this is more complex.
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87aa1crji4.fsf@windlord.stanford.edu">http://lists.debian.org/87aa1crji4.fsf@windlord.stanford.edu
05-13-2012, 09:06 AM
Andreas Barth
on the use of chmod/chown in maintainer scripts
* Russ Allbery (rra@debian.org) [120512 23:06]:
> Charles Plessy <plessy@debian.org> writes:
>
> > Unless we expect that two different binary packages that can be
> > co-installed will distribute the same directory under different
> > ownership or permissions for a good reason, why not simply let dpkg
> > apply ownership and permissions found in data.tar.{gz|bz2|xz},
>
> Usually because the UID is dynamically assigned and the user is created in
> the postinst, so there's no way for dpkg do do this at unpack.
>
> You would need to apply permissions by name, not UID/GID, and you would
> need to create all users in preinst prior to unpack, which would require
> Pre-Depends on adduser with all the complexity that entails. I haven't
> thought through that path to see if there are any other problems.
Wouldn't it be sensible to describe which user(s) a programm needs as
well not by "adduser $user" but in a more abstract syntax and let dpkg
handle all of that?
Andi
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120513090626.GU2385@mails.so.argh.org">http://lists.debian.org/20120513090626.GU2385@mails.so.argh.org
on the use of chmod/chown in maintainer scripts
