[Git][java-team/apache-directory-server][master] 3 commits: Stop deleting system users on purge
Alexandre Detiste (@detiste-guest)
gitlab at salsa.debian.org
Sat Jun 20 13:53:43 BST 2026
Alexandre Detiste pushed to branch master at Debian Java Maintainers / apache-directory-server
Commits:
2174f500 by Luca Boccassi at 2026-06-19T22:00:32+01:00
Stop deleting system users on purge
This is widely considered bad practice, as the kernel recycles UIDs/GIDs.
So any potential leftover file/directory can then become owned by the next
user/group that gets added, with unpredictable consequences.
- - - - -
e7465afb by Luca Boccassi at 2026-06-19T22:01:47+01:00
Install and use sysusers.d/tmpfiles.d config files
sysusers.d/tmpfiles.d config files allow a package to use declarative
configuration instead of manually written maintainer scripts. This also
allows image-based systems to be created with /usr/ only, and also
allows for factory resetting a system and recreating /etc/ on boot.
https://www.freedesktop.org/software/systemd/man/latest/sysusers.d.html
https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html
- - - - -
2ceaa8b2 by Alexandre Detiste at 2026-06-20T14:53:41+02:00
Merge branch 'sysusers' into 'master'
Install and use sysusers.d/tmpfiles.d config files
See merge request java-team/apache-directory-server!2
- - - - -
6 changed files:
- − debian/apacheds.dirs
- − debian/apacheds.postinst
- − debian/apacheds.postrm
- + debian/apacheds.sysusers
- + debian/apacheds.tmpfiles
- debian/control
Changes:
=====================================
debian/apacheds.dirs deleted
=====================================
@@ -1,5 +0,0 @@
-var/lib/apacheds/instances/default
-var/lib/apacheds/instances/default/cache
-var/lib/apacheds/instances/default/partitions
-var/lib/apacheds/instances/default/run
-var/log/apacheds
=====================================
debian/apacheds.postinst deleted
=====================================
@@ -1,56 +0,0 @@
-#!/bin/sh
-# postinst script for apacheds
-#
-# see: dh_installdeb(1)
-
-set -e
-
-APACHEDS_USER=apacheds
-APACHEDS_GROUP=apacheds
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <postinst> `abort-remove'
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-case "$1" in
- configure)
- # Create apacheds user if it doesn't exist.
- if ! id $APACHEDS_USER > /dev/null 2>&1 ; then
- adduser --system --home /var/lib/apacheds --no-create-home \
- --group --disabled-password --quiet --shell /bin/bash \
- $APACHEDS_USER
- fi
-
- # Fix directory permissions
- chown -Rh $APACHEDS_USER:$APACHEDS_GROUP /var/log/apacheds || true
- chown -Rh $APACHEDS_USER:$APACHEDS_GROUP /var/lib/apacheds || true
- chown root:$APACHEDS_GROUP /etc/apacheds
- chown $APACHEDS_USER:$APACHEDS_GROUP /etc/apacheds/*
- chmod 2770 /etc/apacheds
- chmod 640 /etc/apacheds/*
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
-
=====================================
debian/apacheds.postrm deleted
=====================================
@@ -1,39 +0,0 @@
-#!/bin/sh
-# postrm script for apacheds
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postrm> `remove'
-# * <postrm> `purge'
-# * <old-postrm> `upgrade' <new-version>
-# * <new-postrm> `failed-upgrade' <old-version>
-# * <new-postrm> `abort-install'
-# * <new-postrm> `abort-install' <old-version>
-# * <new-postrm> `abort-upgrade' <old-version>
-# * <disappearer's-postrm> `disappear' <overwriter>
-# <overwriter-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- purge)
- # Remove apacheds user
- userdel apacheds || true
- ;;
- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
- ;;
-
- *)
- echo "postrm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
=====================================
debian/apacheds.sysusers
=====================================
@@ -0,0 +1 @@
+u! apacheds - - /var/lib/apacheds /bin/bash
=====================================
debian/apacheds.tmpfiles
=====================================
@@ -0,0 +1,11 @@
+d /etc/apacheds 2770 root apacheds
+z /etc/apacheds/config.ldif 0640 apacheds apacheds
+z /etc/apacheds/log4j.properties 0640 apacheds apacheds
+d /var/log/apacheds 0755 apacheds apacheds
+d /var/lib/apacheds 0755 apacheds apacheds
+d /var/lib/apacheds/instances 0755 apacheds apacheds
+d /var/lib/apacheds/instances/default 0755 apacheds apacheds
+d /var/lib/apacheds/instances/default/cache 0755 apacheds apacheds
+d /var/lib/apacheds/instances/default/partitions 0755 apacheds apacheds
+d /var/lib/apacheds/instances/default/run 0755 apacheds apacheds
+Z /var/lib/apacheds - apacheds apacheds
=====================================
debian/control
=====================================
@@ -8,6 +8,7 @@ Build-Depends:
debhelper-compat (= 13),
default-jdk,
dh-sequence-cruft,
+ dh-sequence-installsysusers,
junit4,
libapache-directory-api-java (>= 2.1),
libapache-directory-jdbm-java,
@@ -88,7 +89,6 @@ Description: Apache Directory Server (i18n)
Package: apacheds
Architecture: all
Depends:
- adduser,
default-jre-headless | java7-runtime-headless,
libapacheds-java (= ${source:Version}),
${misc:Depends}
View it on GitLab: https://salsa.debian.org/java-team/apache-directory-server/-/compare/4123027511939db5f2cfa69c1d7b7ba067e343c5...2ceaa8b291c69cbed79a05f43b1e4d6356b449d4
--
View it on GitLab: https://salsa.debian.org/java-team/apache-directory-server/-/compare/4123027511939db5f2cfa69c1d7b7ba067e343c5...2ceaa8b291c69cbed79a05f43b1e4d6356b449d4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20260620/ec3eaa91/attachment.htm>
More information about the pkg-java-commits
mailing list