[med-svn] [conquest-dicom-server] 02/17: Still adding non-root user logic.
Pablo Lorenzzoni
spectra at moszumanska.debian.org
Mon Feb 3 16:47:50 UTC 2014
This is an automated email from the git hooks/post-receive script.
spectra pushed a commit to branch master
in repository conquest-dicom-server.
commit 7054029546dac25f991b99129882726e378af0c1
Author: Pablo Lorenzzoni <spectra at debian.org>
Date: Thu Jan 30 12:31:17 2014 +0000
Still adding non-root user logic.
Some unrelated improvements to maintainer-scripts (mainly style).
---
debian/conquest-dicom-server.init | 43 +++++++++++++++-------
debian/conquest-dicom-server.postinst | 68 +++++++++++++++++++++++++----------
debian/conquest-dicom-server.postrm | 34 ++++++++++++++++++
debian/conquest-dicom-server.prerm | 12 -------
4 files changed, 114 insertions(+), 43 deletions(-)
diff --git a/debian/conquest-dicom-server.init b/debian/conquest-dicom-server.init
index f0b769d..009a699 100755
--- a/debian/conquest-dicom-server.init
+++ b/debian/conquest-dicom-server.init
@@ -11,15 +11,18 @@
# Author: Mathieu Malaterre <malat at debian.org>
# PATH should only include /usr/* if it runs after the mountnfs.sh script
-PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Conquest DICOM Server"
+PACKAGE=conquest-dicom-server
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+ETCDIR=/etc/$PACKAGE
+LOGDIR=/var/log/$PACKAGE
+USER=Debian-conquest
+GROUP=Debian-conquest
NAME=dgate
DAEMON=/usr/bin/$NAME # Introduce the server's location here
-DAEMON_ARGS="-w/etc/conquest-dicom-server -^/var/log/conquest-dicom-server/dgate.log" # Arguments to run the daemon with
+DAEMON_ARGS="-w$ETCDIR -^$LOGDIR/dgate.log" # Arguments to run the daemon with
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
-USER=conquest
-GROUP=conquest
# Exit if the package is not installed
[ -x $DAEMON ] || exit 0
@@ -32,11 +35,11 @@ GROUP=conquest
. /lib/lsb/init-functions
# Does not run if there's no user/group conquest
-if ! getent passwd | grep -q "^conquest:"; then
+if ! getent passwd | grep -q "^$USER:"; then
echo "Conquest user does not exist. Aborting" >&2
exit 1
fi
-if ! getent group | grep -q "^conquest:"; then
+if ! getent group | grep -q "^$GROUP:"; then
echo "Conquest group does not exist. Aborting" >&2
exit 1
fi
@@ -52,8 +55,9 @@ do_start()
# 2 if daemon could not be started
#start-stop-daemon --start --verbose --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
# || return 1
- start-stop-daemon --background --start --verbose --make-pidfile --pidfile $PIDFILE --chuid conquest:conquest --exec $DAEMON -- \
- $DAEMON_ARGS
+ start-stop-daemon --background --start --verbose --make-pidfile \
+ --pidfile $PIDFILE --chuid $USER:$GROUP --exec \
+ $DAEMON -- $DAEMON_ARGS
# Add code here, if necessary, that waits for the process to be ready
# to handle requests from services started subsequently which depend
# on this one. As a last resort, sleep for some time.
@@ -78,7 +82,8 @@ do_stop()
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
- start-stop-daemon --stop --verbose --oknodo --pidfile $PIDFILE --user conquest
+ start-stop-daemon --stop --verbose --oknodo --pidfile $PIDFILE \
+ --user $USER
RETVAL="$?"
#[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
@@ -87,6 +92,19 @@ do_stop()
}
#
+# Function to regenerate the database
+#
+do_regen() {
+ #
+ # This is probably start-stop-daemon abuse, but no other
+ # way (to my knowledge) to run something as another user
+ # that have /bin/false as shell.
+ #
+ start-stop-daemon --start --verbose --chuid $USER:$GROUP --exec \
+ $DAEMON -- $DAEMON_ARGS -v -r
+}
+
+#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
@@ -95,7 +113,8 @@ do_reload() {
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
- start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE \
+ --user $USER --name $NAME
return 0
}
@@ -117,8 +136,8 @@ case "$1" in
esac
;;
regen)
- $DAEMON $DAEMON_ARGS -v -r
- ;;
+ do_regen
+ ;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
diff --git a/debian/conquest-dicom-server.postinst b/debian/conquest-dicom-server.postinst
index 20cb67e..49336f3 100644
--- a/debian/conquest-dicom-server.postinst
+++ b/debian/conquest-dicom-server.postinst
@@ -2,29 +2,59 @@
set -e
-#DEBHELPER#
-if [ "$1" != "configure" -a "$1" != "purge" ]; then
- exit 0
-fi
+PACKAGE=conquest-dicom-server
+USER=Debian-conquest
+GROUP=Debian-conquest
+ETCDIR=/etc/$PACKAGE
+VARDIR=/var/lib/$PACKAGE
+LOGDIR=/var/log/$PACKAGE
# Create conquest user and group
-if ! getent passwd conquest >/dev/null 2>&1; then
- if ! getent group conquest > /dev/null 2>&1; then
- echo "Adding \`conquest' group to system ..."
- addgroup --quiet --system conquest || true
+create_user_group() {
+ if ! getent passwd $USER >/dev/null 2>&1; then
+ if ! getent group $GROUP > /dev/null 2>&1; then
+ echo "Adding \`$GROUP' group to system ..."
+ addgroup --quiet --system --force-badname $GROUP || true
fi
- echo "Adding \`conquest' user to system ..."
- adduser --quiet --system --ingroup conquest --home \
- /etc/conquest-dicom-server --shell /bin/false \
- --disabled-password conquest || true
-fi
+ echo "Adding \`$USER' user to system ..."
+ adduser --quiet --system --ingroup $GROUP --home $ETCDIR --shell \
+ /bin/false --disabled-password --force-badname $USER || true
+ fi
+}
# DICOM db setup
-if which invoke-rc.d >/dev/null 2>&1; then
- invoke-rc.d conquest-dicom-server regen
-else
- /etc/init.d/conquest-dicom-server regen
-fi
+setup_db() {
+ echo "We'll regenerate the database..."
+ if which invoke-rc.d >/dev/null 2>&1; then
+ invoke-rc.d $PACKAGE regen
+ else
+ /etc/init.d/$PACKAGE regen
+ fi
+ echo "If it's the first time you install $PACKAGE, disregard any error \
+ messages about absent database tables."
+}
-exit 0
+# Change ownership of files
+chown_files() {
+ for target in $VARDIR $ETCDIR $LOGDIR; do
+ chown -R $USER:$GROUP $target
+ done
+}
+
+case "$1" in
+ configure)
+ create_user_group
+ chown_files
+ setup_db
+ ;;
+
+ abort-upgrade|abort-deconfigure|abort-remove)
+ ;;
+ *)
+ echo "$0 called with unknown argument \`$1'" 1>&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/debian/conquest-dicom-server.postrm b/debian/conquest-dicom-server.postrm
new file mode 100644
index 0000000..8cba7df
--- /dev/null
+++ b/debian/conquest-dicom-server.postrm
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+PACKAGE=conquest-dicom-server
+USER=Debian-conquest
+GROUP=Debian-conquest
+ETCDIR=/etc/$PACKAGE
+VARDIR=/var/lib/$PACKAGE
+LOGDIR=/var/log/$PACKAGE
+
+# Remove conquest user and group
+remove_user_group() {
+ if which deluser >/dev/null 2>&1; then
+ deluser --quiet $USER > /dev/null || true
+ deluser --quiet --group $GROUP > /dev/null || true
+ fi
+}
+
+case "$1" in
+ purge)
+ remove_user_group
+ ;;
+
+ remove)
+ ;;
+
+ *)
+ echo "$0 called with unknown argument \`$1'" 1>&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/debian/conquest-dicom-server.prerm b/debian/conquest-dicom-server.prerm
deleted file mode 100644
index b114674..0000000
--- a/debian/conquest-dicom-server.prerm
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-set -e
-
-#DEBHELPER#
-
-if [ "$1" != "remove" -a "$1" != "purge" ]; then
- exit 0
-fi
-
-exit 0
-
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-med/conquest-dicom-server.git
More information about the debian-med-commit
mailing list