[med-svn] [Git][med-team/orthanc][master] 3 commits: Stop deleting system user on remove/purge
Andreas Tille (@tille)
gitlab at salsa.debian.org
Tue May 26 09:28:34 BST 2026
Andreas Tille pushed to branch master at Debian Med / orthanc
Commits:
0dee5e23 by Luca Boccassi at 2026-05-25T22:36:50+01:00
Stop deleting system user on remove/purge
This is widely considered bad practice, as the kernel recycles
UIDs/GIDs. So any potential leftover file/directory can then become
owned by the next user/group that gets added, with unpredictable
consequences.
- - - - -
da73c0ae by Luca Boccassi at 2026-05-25T22:49:23+01:00
Install and use sysusers.d/tmpfiles.d config files
sysusers.d/tmpfiles.d config files allow a package to use declarative
configuration instead of manually written maintainer scripts. This also
allows image-based systems to be created with /usr/ only, and also
allows for factory resetting a system and recreating /etc/ on boot.
https://www.freedesktop.org/software/systemd/man/latest/sysusers.d.html
https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html
- - - - -
753c2721 by Andreas Tille at 2026-05-26T10:28:32+02:00
Merge branch 'sysusers' into 'master'
Install and use sysusers.d/tmpfiles.d config files
See merge request med-team/orthanc!2
- - - - -
6 changed files:
- debian/control
- debian/orthanc.dirs
- + debian/orthanc.sysusers
- + debian/orthanc.tmpfiles
- debian/postinst
- debian/postrm
Changes:
=====================================
debian/control
=====================================
@@ -5,6 +5,7 @@ Uploaders: Sebastien Jodogne <s.jodogne at gmail.com>,
Section: science
Build-Depends: cmake,
debhelper-compat (= 13),
+ dh-sequence-installsysusers,
doxygen,
libboost-all-dev,
libcharls-dev,
@@ -38,8 +39,7 @@ Homepage: https://www.orthanc-server.com/
Package: orthanc
Architecture: any
-Depends: adduser,
- locales,
+Depends: locales,
libcivetweb1,
tzdata,
libssl-dev,
=====================================
debian/orthanc.dirs
=====================================
@@ -5,5 +5,3 @@ usr/lib/orthanc
usr/sbin
usr/share/doc/orthanc
usr/share/orthanc/plugins
-var/lib/orthanc
-var/log/orthanc
=====================================
debian/orthanc.sysusers
=====================================
@@ -0,0 +1 @@
+u! orthanc - "Orthanc Administrator" /var/lib/orthanc /bin/bash
=====================================
debian/orthanc.tmpfiles
=====================================
@@ -0,0 +1,3 @@
+d /var/lib/orthanc 0750 orthanc orthanc
+d /var/log/orthanc 0750 orthanc orthanc
+z /etc/orthanc/credentials.json 0640 root orthanc
=====================================
debian/postinst
=====================================
@@ -4,34 +4,6 @@ set -e
case $1 in
configure)
- # Add the "orthanc" user
- if ! getent passwd orthanc > /dev/null; then
- adduser --system --quiet \
- --home /var/lib/orthanc --no-create-home \
- --shell /bin/bash --group --gecos "Orthanc Administrator" orthanc
- fi
- if test "`id -u orthanc`" -eq 0; then
- echo "The orthanc administrative user must not be root." >&2
- false
- fi
- if test "`id -g orthanc`" -eq 0; then
- echo "The orthanc administrative group must not be root." >&2
- false
- fi
-
- # Configure the permissions of the working directories
- chown orthanc:orthanc /var/lib/orthanc
- chown orthanc:orthanc /var/log/orthanc
-
- chmod 0750 /var/lib/orthanc
- chmod 0750 /var/log/orthanc
-
- # The "credentials.json" contains unencrypted sensitive
- # configuration options ("RegisteredUsers"): It must only be
- # readble by the users running Orthanc.
- chown root:orthanc /etc/orthanc/credentials.json
- chmod 0640 /etc/orthanc/credentials.json
-
# Make sure the en_US.UTF-8 locale has been generated
# (required for case-insensitive comparison of strings with
# accents). Note that the call "locale-gen en_US.UTF-8" that
@@ -40,16 +12,6 @@ case $1 in
sed -i 's/^# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
locale-gen
update-locale
-
- # Start the Orthanc service after installation
- # https://www.debian.org/doc/debian-policy/ch-opersys.html#s9.3.3.2
- if [ -x /etc/init.d/orthanc ]; then
- if which invoke-rc.d >/dev/null 2>&1; then
- invoke-rc.d orthanc start
- else
- /etc/init.d/orthanc start
- fi
- fi
;;
triggered)
@@ -83,3 +45,17 @@ case $1 in
esac
#DEBHELPER#
+
+case $1 in
+ configure)
+ # Start the Orthanc service after installation
+ # https://www.debian.org/doc/debian-policy/ch-opersys.html#s9.3.3.2
+ if [ -x /etc/init.d/orthanc ]; then
+ if which invoke-rc.d >/dev/null 2>&1; then
+ invoke-rc.d orthanc start
+ else
+ /etc/init.d/orthanc start
+ fi
+ fi
+ ;;
+esac
=====================================
debian/postrm
=====================================
@@ -10,18 +10,6 @@ case $1 in
if test -d "/etc/orthanc"; then
rmdir --ignore-fail-on-non-empty "/etc/orthanc" || true
fi
-
- # Remove the "orthanc" group and user
- if getent passwd orthanc >/dev/null; then
- if [ -x "$(command -v deluser)" ]; then
- deluser --system orthanc
- fi
- fi
- if getent group orthanc >/dev/null; then
- if [ -x "$(command -v delgroup)" ]; then
- delgroup --system orthanc
- fi
- fi
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
View it on GitLab: https://salsa.debian.org/med-team/orthanc/-/compare/8da6d10431ef1e0e219d5f547b3583dbe0261df0...753c2721d08327872c0fb1bba2de942336196a0e
--
View it on GitLab: https://salsa.debian.org/med-team/orthanc/-/compare/8da6d10431ef1e0e219d5f547b3583dbe0261df0...753c2721d08327872c0fb1bba2de942336196a0e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20260526/3a16a574/attachment-0001.htm>
More information about the debian-med-commit
mailing list