diff -Nru dh-sysuser-0.2/common.sh dh-sysuser-1.3/common.sh --- dh-sysuser-0.2/common.sh 2016-08-12 16:41:04.000000000 +0000 +++ dh-sysuser-1.3/common.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ -set -eu -USER_STORE=/var/lib/dh-sysuser/user - -home=%HOME% -username=%USERNAME% -package=%PACKAGE% - -# Since according to POSIX, * glob expands to itself, -# if it fails to match anything, this function does not -# work properly, if $1 is empty. -count_files_in () { - dir=$1 - set -- - for file in "$dir"/* ; do - set -- "$@" "$file" - done - unset dir - printf "%d" "$#" -} - -store="$USER_STORE/$username" -mkdir -p "$store/_meta" diff -Nru dh-sysuser-0.2/debian/changelog dh-sysuser-1.3/debian/changelog --- dh-sysuser-0.2/debian/changelog 2016-10-13 08:18:02.000000000 +0000 +++ dh-sysuser-1.3/debian/changelog 2016-10-31 19:14:16.000000000 +0000 @@ -1,3 +1,17 @@ +dh-sysuser (1.3) unstable; urgency=medium + + * Rethink what this package actually does. Instead of removing user, it + is just locked. It drastically simplify maintainer script code and + avoids tricky situation with `deluser --remove-home'. + (Closes: #840469) + + Thanks: Simon McVittie + * New binary package: sysuser-helper. This way maintainer script + contains as little logic, as possible. + * New option: home without arguments. It creates home directory + for system user somewhere under /var/lib. + + -- Dmitry Bogatov Mon, 31 Oct 2016 22:14:16 +0300 + dh-sysuser (0.2) unstable; urgency=medium * Remove empty 'debian/docs' file diff -Nru dh-sysuser-0.2/debian/clean dh-sysuser-1.3/debian/clean --- dh-sysuser-0.2/debian/clean 2016-08-12 15:28:32.000000000 +0000 +++ dh-sysuser-1.3/debian/clean 2016-10-31 08:57:13.000000000 +0000 @@ -1,3 +1 @@ -postinst-sysuser -postrm-sysuser dh_sysuser.1 diff -Nru dh-sysuser-0.2/debian/control dh-sysuser-1.3/debian/control --- dh-sysuser-0.2/debian/control 2016-10-13 08:04:28.000000000 +0000 +++ dh-sysuser-1.3/debian/control 2016-10-31 08:58:30.000000000 +0000 @@ -13,11 +13,19 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, ${perl:Depends} Description: debhelper addon to handle creation of system users dh-sysuser provides a debhelper sequence addon named 'sysuser' - and command 'dh_sysuser', which add into maintainer scripts - code, that ensures, that + and command 'dh_sysuser', which provide declarating way to + ensure, that required users are present after package installation + and correctly handled after package removal. + +Package: sysuser-helper +Architecture: all +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: dh-sysuser implementation detail + sysuser-helper provides code, which actually perform actions + on system users on behalf of dh-sysuser package. This separation + allows packages take advantage of improvement or fixes in 'dh-sysuser' + without rebuilding. . - * required system users are present after package installation - * unless another package requires same users, they are - removed on package purge - * if possible, ensures, that install-purge-install cycle saves - numeric identifier of users + This package is implementation detail of 'dh-sysuser'. It should + never be installed manually. No assumption about it's content can + be made. diff -Nru dh-sysuser-0.2/debian/dh-sysuser.install dh-sysuser-1.3/debian/dh-sysuser.install --- dh-sysuser-0.2/debian/dh-sysuser.install 2016-08-12 16:31:03.000000000 +0000 +++ dh-sysuser-1.3/debian/dh-sysuser.install 2016-10-31 08:44:32.000000000 +0000 @@ -1,4 +1,4 @@ -postinst-sysuser /usr/share/debhelper/autoscripts -postrm-sysuser /usr/share/debhelper/autoscripts -dh_sysuser /usr/bin -sysuser.pm /usr/share/perl5/Debian/Debhelper/Sequence +postinst-sysuser /usr/share/debhelper/autoscripts +prerm-sysuser /usr/share/debhelper/autoscripts +dh_sysuser /usr/bin +sysuser.pm /usr/share/perl5/Debian/Debhelper/Sequence diff -Nru dh-sysuser-0.2/debian/rules dh-sysuser-1.3/debian/rules --- dh-sysuser-0.2/debian/rules 2016-08-12 15:21:03.000000000 +0000 +++ dh-sysuser-1.3/debian/rules 2016-10-31 08:55:35.000000000 +0000 @@ -5,8 +5,3 @@ override_dh_installman: pod2man dh_sysuser dh_sysuser.1 dh_installman - -override_dh_install: - cat common.sh postrm-sysuser.sh > postrm-sysuser - cat common.sh postinst-sysuser.sh > postinst-sysuser - dh_install diff -Nru dh-sysuser-0.2/debian/sysuser-helper.install dh-sysuser-1.3/debian/sysuser-helper.install --- dh-sysuser-0.2/debian/sysuser-helper.install 1970-01-01 00:00:00.000000000 +0000 +++ dh-sysuser-1.3/debian/sysuser-helper.install 2016-10-31 09:45:03.000000000 +0000 @@ -0,0 +1 @@ +sysuser-helper /lib/sysuser-helper/ diff -Nru dh-sysuser-0.2/dh_sysuser dh-sysuser-1.3/dh_sysuser --- dh-sysuser-0.2/dh_sysuser 2016-08-14 10:22:30.000000000 +0000 +++ dh-sysuser-1.3/dh_sysuser 2016-10-31 19:14:16.000000000 +0000 @@ -30,10 +30,17 @@ init(); -sub parse_options($conf, $options) { +sub parse_options($conf, $options, $user) { foreach my $opt (split(/,/, $options)) { given ($opt) { when (/^home=(.*)$/) { $conf->{home} = $1; } + when (/^home$/) { + my $normal = $user; + $normal =~ s/^_+//; # strip leading + $normal =~ s/_+$//; # and trailing underscore + $normal =~ s/^[Dd]ebian-//; # and discouraged debian- prefix + $conf->{home} = "/var/lib/$normal"; + } when (/^defaults$/) { "do nothing"; } default { error("unknown option `$opt'"); } } @@ -54,8 +61,8 @@ (my $user, my $opts) = @$entry; $opts ||= 'defaults'; my %conf = (home => '/nonexistent'); - parse_options(\%conf, $opts); - foreach my $script (qw/postrm postinst/) { + parse_options(\%conf, $opts, $user); + foreach my $script (qw/prerm postinst/) { autoscript($pkg, $script, "$script-sysuser", sub { s/%HOME%/$conf{home}/; s/%PACKAGE%/$pkg/; @@ -63,6 +70,8 @@ } } addsubstvar($pkg, 'misc:Depends', 'adduser'); + # every time maintainer script changes, minor version must be bumped. + addsubstvar($pkg, 'misc:Depends', 'sysuser-helper', '<< 1.4'); } # PROMISE: DH NOOP WITHOUT sysuser @@ -93,6 +102,12 @@ This option requests creation of home directory. By default, no home directory is created. +=item I + +This option request creation of home directory somewhere under +F. Probably, you should use this form over explicit one, +described above. + =item I If you do not need any other options, put this one. @@ -107,14 +122,7 @@ required system users are present after package installation =item * -unless another package requires same user(s), they are removed on -package purge - -=item * - -unless other package, that does not use B or system -administrator manually took over numeric identifier, install, purge -and install again cycle saves numeric identifier of users (uid). +they are locked on package removal. =back diff -Nru dh-sysuser-0.2/postinst-sysuser dh-sysuser-1.3/postinst-sysuser --- dh-sysuser-0.2/postinst-sysuser 1970-01-01 00:00:00.000000000 +0000 +++ dh-sysuser-1.3/postinst-sysuser 2016-10-31 10:37:10.000000000 +0000 @@ -0,0 +1,7 @@ +# -*- sh -*- +# -*- sh -*- +export CONF_HOME=%HOME% +export CONF_PACKAGE=%PACKAGE% +export CONF_USERNAME=%USERNAME% + +/lib/sysuser-helper/sysuser-helper postinst diff -Nru dh-sysuser-0.2/postinst-sysuser.sh dh-sysuser-1.3/postinst-sysuser.sh --- dh-sysuser-0.2/postinst-sysuser.sh 2016-08-14 10:22:10.000000000 +0000 +++ dh-sysuser-1.3/postinst-sysuser.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -# -*- sh -*- -# Count how many packages already requested presence of -# $username. _meta directory is just created and adds 1 to count -# and fulfills precondition of `count_files_in'. - -if [ $(count_files_in "$store") = 1 ] ; then - - # So, there is only 1 entry in "$USER_STORE/$username". It - # means that nobody yet requested presence of $username, and - # we must create it our self. - - set -- --shell /usr/sbin/nologin "$username" - - # If $username was created in past, but after that was - # removed, since all packages that needed it was purged, - # preferred uid is left behind. If possible, we reuse it. - - if [ -f "$store/_meta/id" ] ; then - uid=$(cat "$store/_meta/uid") - set -- --uid "$uid" "$@" - fi - - # Lintian complains, if it fails to find --home options. - # And sure, it can't understand that it is hidden in $@. - if ! adduser --home "${home}" --system "$@" ; then - - # XXX: man page is explicit, that adduser can fail for - # tons of undocumented reasons, but here we believe, - # the reason is that uid is already taken. - - # Then we have to give up explicit uid command options. - shift 2 - adduser --home "${home}" --system "$@" - fi -fi - -# Here $username already exists. -getent passwd "$username" | cut -d: -f3 > "$store/_meta/uid" -touch "$store/$package" diff -Nru dh-sysuser-0.2/postrm-sysuser.sh dh-sysuser-1.3/postrm-sysuser.sh --- dh-sysuser-0.2/postrm-sysuser.sh 2016-10-13 08:17:31.000000000 +0000 +++ dh-sysuser-1.3/postrm-sysuser.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,8 +0,0 @@ -# -*- sh -*- - -if [ "$1" = purge ] ; then - rm -f "$store/$package" - if [ $(count_files_in "$store") = 1 ] ; then - deluser --force --remove-home "$username" - fi -fi diff -Nru dh-sysuser-0.2/prerm-sysuser dh-sysuser-1.3/prerm-sysuser --- dh-sysuser-0.2/prerm-sysuser 1970-01-01 00:00:00.000000000 +0000 +++ dh-sysuser-1.3/prerm-sysuser 2016-10-31 10:37:28.000000000 +0000 @@ -0,0 +1,7 @@ +# -*- sh -*- +# -*- sh -*- +export CONF_HOME=%HOME% +export CONF_PACKAGE=%PACKAGE% +export CONF_USERNAME=%USERNAME% + +/lib/sysuser-helper/sysuser-helper prerm diff -Nru dh-sysuser-0.2/rfs dh-sysuser-1.3/rfs --- dh-sysuser-0.2/rfs 1970-01-01 00:00:00.000000000 +0000 +++ dh-sysuser-1.3/rfs 2016-10-31 19:14:16.000000000 +0000 @@ -0,0 +1,56 @@ +From: Dmitry Bogatov +To: submit@bugs.debian.org +Subject: RFS: dh-sysuser/1.3 +X-Debug-Cc: debian-mentors@lists.debian.org, Dylan + + +Package: sponsorship-requests +Severity: wishlist + +Dear mentors, + +I am looking for a sponsor for my package "dh-sysuser" + +* Package name : dh-sysuser + Version : 1.3 + Upstream Author : Dmitry Bogatov +* Url : https://anonscm.debian.org/cgit/users/kaction-guest/dh-sysuser.git +* Licenses : GPL-3+ + Section : admin + +It builds those binary packages: + + * dh-sysuser + * sysuser-helper + +I would like to ask galileo-daemon maintainer (in CC) to say word +about this release, since it changes quite a lot and may break things +for him. + +To access further information about this package, visit the following URL: + + https://mentors.debian.net/package/dh-sysuser + +Alternatively, one can download the package with dget using this command: + dget -x https://mentors.debian.net/debian/pool/main/d/dh-sysuser/dh-sysuser_1.3.dsc + +Alternatively, you can access package debian/ directory via git from URL: + https://anonscm.debian.org/cgit/users/kaction-guest/dh-sysuser.git + +More information about dh-sysuser can be obtained from + https://anonscm.debian.org/cgit/users/kaction-guest/dh-sysuser.git + +Changes since last upload: + + * Rethink what this package actually does. Instead of removing user, it + is just locked. It drastically simplify maintainer script code and + avoids tricky situation with `deluser --remove-home'. + (Closes: #840496) + + Thanks: Simon McVittie + * New binary package: sysuser-helper. This way maintainer script + contains as little logic, as possible. + * New option: home without arguments. It creates home directory + for system user somewhere under /var/lib. + +Regards, + Dmitry Bogatov diff -Nru dh-sysuser-0.2/sysuser-helper dh-sysuser-1.3/sysuser-helper --- dh-sysuser-0.2/sysuser-helper 1970-01-01 00:00:00.000000000 +0000 +++ dh-sysuser-1.3/sysuser-helper 2016-10-31 19:14:16.000000000 +0000 @@ -0,0 +1,29 @@ +#!/bin/sh +set -eu +exec >/dev/null # only errors should pass. + +case "$1" in + postinst) + if ! getent passwd "$CONF_USERNAME" ; then + # Create home directory for system user, unless it is + # /nonexistent, which must stay nonexistent. + CREATE_HOME='--create-home' + [ "$CONF_HOME" = '/nonexistent' ] && CREATE_HOME='' + + # Correct, no quotes around $CREATE_HOME. + useradd --system --home-dir "$CONF_HOME" $CREATE_HOME \ + "$CONF_USERNAME" + fi + + # If user already have another home directory, we use `usermod + # --move-home'. Unfortunately, new home is required to be + # non-existent (and different from previous), so this + # conditional is required. + if [ ! -d "$CONF_HOME" ] ; then + usermod --move-home --home "$CONF_HOME" "$CONF_USERNAME" + fi + ;; + prerm) + passwd --lock "$CONF_USERNAME" + ;; +esac