[opensuse-packaging] RPM %set_permissions problem
Squid RPM used to have /etc/permissions.d/squid with: /var/cache/squid/ squid:root 750 /var/log/squid/ squid:root 750 This file is gone in Factory. Now, I am trying to change both groups to squid (same mode): https://bugzilla.opensuse.org/show_bug.cgi?id=918434 My RPM has: %verify(not user group mode) %attr(750,squid,squid) %dir /var/cache/squid/ %verify(not user group mode) %attr(750,squid,squid) %dir /var/log/squid/ But when I upgrade from an older version that still has the snippet, new ownership is lost, because when chkstat runs in %post, /etc/permissions.d/squid is present and mangles what is configured by RPM. RPM deletes /etc/permissions.d/squid after %preun, when is too late. Any help appreciated. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
В Wed, 18 Feb 2015 21:21:08 -0200 Marcos Felipe Rasia de Mello <marcosfrm@gmail.com> пишет:
Squid RPM used to have /etc/permissions.d/squid with:
/var/cache/squid/ squid:root 750 /var/log/squid/ squid:root 750
This file is gone in Factory.
Now, I am trying to change both groups to squid (same mode):
https://bugzilla.opensuse.org/show_bug.cgi?id=918434
My RPM has:
%verify(not user group mode) %attr(750,squid,squid) %dir /var/cache/squid/ %verify(not user group mode) %attr(750,squid,squid) %dir /var/log/squid/
But when I upgrade from an older version that still has the snippet, new ownership is lost, because when chkstat runs in %post, /etc/permissions.d/squid is present and mangles what is configured by RPM.
RPM deletes /etc/permissions.d/squid after %preun, when is too late.
Any help appreciated.
You can manually remove it in %pre of new version. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
On Thu, Feb 19, 2015 at 06:24:39AM +0300, Andrei Borzenkov wrote:
В Wed, 18 Feb 2015 21:21:08 -0200 Marcos Felipe Rasia de Mello <marcosfrm@gmail.com> пишет:
Squid RPM used to have /etc/permissions.d/squid with:
/var/cache/squid/ squid:root 750 /var/log/squid/ squid:root 750
This file is gone in Factory.
Now, I am trying to change both groups to squid (same mode):
https://bugzilla.opensuse.org/show_bug.cgi?id=918434
My RPM has:
%verify(not user group mode) %attr(750,squid,squid) %dir /var/cache/squid/ %verify(not user group mode) %attr(750,squid,squid) %dir /var/log/squid/
But when I upgrade from an older version that still has the snippet, new ownership is lost, because when chkstat runs in %post, /etc/permissions.d/squid is present and mangles what is configured by RPM.
RPM deletes /etc/permissions.d/squid after %preun, when is too late.
Any help appreciated.
You can manually remove it in %pre of new version.
Well, we can move new permissions to the global permissions and in the next release remove it. That said, in the bugreport I said we need to evaluate if this is a safe permission setting. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
2015-02-19 5:42 GMT-02:00 Marcus Meissner <meissner@suse.de>:
On Thu, Feb 19, 2015 at 06:24:39AM +0300, Andrei Borzenkov wrote:
В Wed, 18 Feb 2015 21:21:08 -0200 Marcos Felipe Rasia de Mello <marcosfrm@gmail.com> пишет:
Squid RPM used to have /etc/permissions.d/squid with:
/var/cache/squid/ squid:root 750 /var/log/squid/ squid:root 750
This file is gone in Factory.
Now, I am trying to change both groups to squid (same mode):
https://bugzilla.opensuse.org/show_bug.cgi?id=918434
My RPM has:
%verify(not user group mode) %attr(750,squid,squid) %dir /var/cache/squid/ %verify(not user group mode) %attr(750,squid,squid) %dir /var/log/squid/
But when I upgrade from an older version that still has the snippet, new ownership is lost, because when chkstat runs in %post, /etc/permissions.d/squid is present and mangles what is configured by RPM.
RPM deletes /etc/permissions.d/squid after %preun, when is too late.
Any help appreciated.
You can manually remove it in %pre of new version.
Well, we can move new permissions to the global permissions and in the next release remove it.
That said, in the bugreport I said we need to evaluate if this is a safe permission setting.
Ciao, Marcus
Yes. I want a working spec first. Then will submit it to the security team. rm -f before %set_permissions is ugly. It is a simple solution though. Thanks. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org
participants (3)
-
Andrei Borzenkov -
Marcos Felipe Rasia de Mello -
Marcus Meissner