[Git][java-team/apache-directory-server][master] 3 commits: Stop deleting system users on purge

Alexandre Detiste (@detiste-guest) gitlab at salsa.debian.org
Sat Jun 20 13:53:43 BST 2026



Alexandre Detiste pushed to branch master at Debian Java Maintainers / apache-directory-server


Commits:
2174f500 by Luca Boccassi at 2026-06-19T22:00:32+01:00
Stop deleting system users on purge

This is widely considered bad practice, as the kernel recycles UIDs/GIDs.
So any potential leftover file/directory can then become owned by the next
user/group that gets added, with unpredictable consequences.

- - - - -
e7465afb by Luca Boccassi at 2026-06-19T22:01:47+01:00
Install and use sysusers.d/tmpfiles.d config files

sysusers.d/tmpfiles.d config files allow a package to use declarative
configuration instead of manually written maintainer scripts. This also
allows image-based systems to be created with /usr/ only, and also
allows for factory resetting a system and recreating /etc/ on boot.

https://www.freedesktop.org/software/systemd/man/latest/sysusers.d.html
https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html

- - - - -
2ceaa8b2 by Alexandre Detiste at 2026-06-20T14:53:41+02:00
Merge branch 'sysusers' into 'master'

Install and use sysusers.d/tmpfiles.d config files

See merge request java-team/apache-directory-server!2
- - - - -


6 changed files:

- − debian/apacheds.dirs
- − debian/apacheds.postinst
- − debian/apacheds.postrm
- + debian/apacheds.sysusers
- + debian/apacheds.tmpfiles
- debian/control


Changes:

=====================================
debian/apacheds.dirs deleted
=====================================
@@ -1,5 +0,0 @@
-var/lib/apacheds/instances/default
-var/lib/apacheds/instances/default/cache
-var/lib/apacheds/instances/default/partitions
-var/lib/apacheds/instances/default/run
-var/log/apacheds


=====================================
debian/apacheds.postinst deleted
=====================================
@@ -1,56 +0,0 @@
-#!/bin/sh
-# postinst script for apacheds
-#
-# see: dh_installdeb(1)
-
-set -e
-
-APACHEDS_USER=apacheds
-APACHEDS_GROUP=apacheds
-
-# summary of how this script can be called:
-#        * <postinst> `configure' <most-recently-configured-version>
-#        * <old-postinst> `abort-upgrade' <new version>
-#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-#          <new-version>
-#        * <postinst> `abort-remove'
-#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-#          <failed-install-package> <version> `removing'
-#          <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-case "$1" in
-    configure)
-        # Create apacheds user if it doesn't exist.
-        if ! id $APACHEDS_USER > /dev/null 2>&1 ; then
-            adduser --system --home /var/lib/apacheds --no-create-home \
-                --group --disabled-password --quiet --shell /bin/bash \
-                $APACHEDS_USER
-        fi
-
-        # Fix directory permissions
-        chown -Rh $APACHEDS_USER:$APACHEDS_GROUP /var/log/apacheds || true
-        chown -Rh $APACHEDS_USER:$APACHEDS_GROUP /var/lib/apacheds || true
-        chown root:$APACHEDS_GROUP /etc/apacheds
-        chown $APACHEDS_USER:$APACHEDS_GROUP /etc/apacheds/*
-        chmod 2770 /etc/apacheds
-        chmod 640 /etc/apacheds/*
-    ;;
-
-    abort-upgrade|abort-remove|abort-deconfigure)
-    ;;
-
-    *)
-        echo "postinst called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
-


=====================================
debian/apacheds.postrm deleted
=====================================
@@ -1,39 +0,0 @@
-#!/bin/sh
-# postrm script for apacheds
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <postrm> `remove'
-#        * <postrm> `purge'
-#        * <old-postrm> `upgrade' <new-version>
-#        * <new-postrm> `failed-upgrade' <old-version>
-#        * <new-postrm> `abort-install'
-#        * <new-postrm> `abort-install' <old-version>
-#        * <new-postrm> `abort-upgrade' <old-version>
-#        * <disappearer's-postrm> `disappear' <overwriter>
-#          <overwriter-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
-    purge)
-        # Remove apacheds user
-        userdel apacheds || true
-    ;;
-    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-    ;;
-
-    *)
-        echo "postrm called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#


=====================================
debian/apacheds.sysusers
=====================================
@@ -0,0 +1 @@
+u! apacheds - - /var/lib/apacheds /bin/bash


=====================================
debian/apacheds.tmpfiles
=====================================
@@ -0,0 +1,11 @@
+d /etc/apacheds 2770 root apacheds
+z /etc/apacheds/config.ldif 0640 apacheds apacheds
+z /etc/apacheds/log4j.properties 0640 apacheds apacheds
+d /var/log/apacheds 0755 apacheds apacheds
+d /var/lib/apacheds 0755 apacheds apacheds
+d /var/lib/apacheds/instances 0755 apacheds apacheds
+d /var/lib/apacheds/instances/default 0755 apacheds apacheds
+d /var/lib/apacheds/instances/default/cache 0755 apacheds apacheds
+d /var/lib/apacheds/instances/default/partitions 0755 apacheds apacheds
+d /var/lib/apacheds/instances/default/run 0755 apacheds apacheds
+Z /var/lib/apacheds - apacheds apacheds


=====================================
debian/control
=====================================
@@ -8,6 +8,7 @@ Build-Depends:
  debhelper-compat (= 13),
  default-jdk,
  dh-sequence-cruft,
+ dh-sequence-installsysusers,
  junit4,
  libapache-directory-api-java (>= 2.1),
  libapache-directory-jdbm-java,
@@ -88,7 +89,6 @@ Description: Apache Directory Server (i18n)
 Package: apacheds
 Architecture: all
 Depends:
- adduser,
  default-jre-headless | java7-runtime-headless,
  libapacheds-java (= ${source:Version}),
  ${misc:Depends}



View it on GitLab: https://salsa.debian.org/java-team/apache-directory-server/-/compare/4123027511939db5f2cfa69c1d7b7ba067e343c5...2ceaa8b291c69cbed79a05f43b1e4d6356b449d4

-- 
View it on GitLab: https://salsa.debian.org/java-team/apache-directory-server/-/compare/4123027511939db5f2cfa69c1d7b7ba067e343c5...2ceaa8b291c69cbed79a05f43b1e4d6356b449d4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20260620/ec3eaa91/attachment.htm>


More information about the pkg-java-commits mailing list