From 978666a088aacf467d3d265ff3b7b09c0d19733d Mon Sep 17 00:00:00 2001 From: Jörg Behrmann Date: Thu, 25 Aug 2022 18:56:55 +0200 Subject: Debian packaging: explicitly allocate a group for the system user (#13593) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Otherwise the files of the synapse user are readable by the nobody user, which is unsafe. Signed-off-by: Jörg Behrmann --- debian/matrix-synapse-py3.postinst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'debian/matrix-synapse-py3.postinst') diff --git a/debian/matrix-synapse-py3.postinst b/debian/matrix-synapse-py3.postinst index 029b9e0243..3c72b69bb7 100644 --- a/debian/matrix-synapse-py3.postinst +++ b/debian/matrix-synapse-py3.postinst @@ -40,12 +40,12 @@ EOF /opt/venvs/matrix-synapse/lib/manage_debconf.pl update if ! getent passwd $USER >/dev/null; then - adduser --quiet --system --no-create-home --home /var/lib/matrix-synapse $USER + adduser --quiet --system --group --no-create-home --home /var/lib/matrix-synapse $USER fi for DIR in /var/lib/matrix-synapse /var/log/matrix-synapse /etc/matrix-synapse; do if ! dpkg-statoverride --list --quiet $DIR >/dev/null; then - dpkg-statoverride --force --quiet --update --add $USER nogroup 0755 $DIR + dpkg-statoverride --force --quiet --update --add $USER "$(id -gn $USER)" 0755 $DIR fi done -- cgit 1.5.1 From b9924df264884634092465b9d2edac3393768f2e Mon Sep 17 00:00:00 2001 From: Jörg Behrmann Date: Wed, 31 Aug 2022 12:15:28 +0200 Subject: Change dpkg-statoverride to use --force-statoverride-add (#13638) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The --force flag of dpkg-statoverride has been deprecated (apparently starting with the dpkg version in Debian buster). It offers --force-all as q quick fix, but the usage in the Debian postinst script is probably covered by --force-statoverride-add. Fixes: #8391 Signed-off-by: Jörg Behrmann --- debian/changelog | 1 + debian/matrix-synapse-py3.postinst | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'debian/matrix-synapse-py3.postinst') diff --git a/debian/changelog b/debian/changelog index 0709ae24e9..6a6f306019 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,7 @@ matrix-synapse-py3 (1.66.0~rc2+nmu1) UNRELEASED; urgency=medium * Update debhelper to compatibility level 12. * Drop the preinst script stopping synapse. * Allocate a group for the system user. + * Change dpkg-statoverride to --force-statoverride-add. -- Jörg Behrmann Tue, 23 Aug 2022 17:17:00 +0100 diff --git a/debian/matrix-synapse-py3.postinst b/debian/matrix-synapse-py3.postinst index 3c72b69bb7..acab0877ad 100644 --- a/debian/matrix-synapse-py3.postinst +++ b/debian/matrix-synapse-py3.postinst @@ -45,7 +45,7 @@ EOF for DIR in /var/lib/matrix-synapse /var/log/matrix-synapse /etc/matrix-synapse; do if ! dpkg-statoverride --list --quiet $DIR >/dev/null; then - dpkg-statoverride --force --quiet --update --add $USER "$(id -gn $USER)" 0755 $DIR + dpkg-statoverride --force-statoverride-add --quiet --update --add $USER "$(id -gn $USER)" 0755 $DIR fi done -- cgit 1.5.1