Mailinglist Archive: opensuse-packaging (102 mails)

< Previous Next >
Re: [opensuse-packaging] RPM %set_permissions problem
  • From: Marcos Felipe Rasia de Mello <marcosfrm@xxxxxxxxx>
  • Date: Thu, 19 Feb 2015 07:36:09 -0200
  • Message-id: <CAJZVDJAFL_Ab=MEvbTV7-PBRH8hHE6tSzFNsjDwJVtHzCxEREw@mail.gmail.com>
2015-02-19 5:42 GMT-02:00 Marcus Meissner <meissner@xxxxxxx>:
On Thu, Feb 19, 2015 at 06:24:39AM +0300, Andrei Borzenkov wrote:
В Wed, 18 Feb 2015 21:21:08 -0200
Marcos Felipe Rasia de Mello <marcosfrm@xxxxxxxxx> пишет:

Squid RPM used to have /etc/permissions.d/squid with:

/var/cache/squid/ squid:root 750
/var/log/squid/ squid:root 750

This file is gone in Factory.

Now, I am trying to change both groups to squid (same mode):

https://bugzilla.opensuse.org/show_bug.cgi?id=918434

My RPM has:

%verify(not user group mode) %attr(750,squid,squid) %dir /var/cache/squid/
%verify(not user group mode) %attr(750,squid,squid) %dir /var/log/squid/

But when I upgrade from an older version that still has the snippet,
new ownership is lost, because when chkstat runs in %post,
/etc/permissions.d/squid is present and mangles what is configured by
RPM.

RPM deletes /etc/permissions.d/squid after %preun, when is too late.

Any help appreciated.

You can manually remove it in %pre of new version.

Well, we can move new permissions to the global permissions and in the next
release remove it.

That said, in the bugreport I said we need to evaluate if this is a safe
permission setting.

Ciao, Marcus

Yes. I want a working spec first. Then will submit it to the security team.

rm -f before %set_permissions is ugly. It is a simple solution though.

Thanks.
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx

< Previous Next >