Bug#925473: tomcat9: sysvinit script missing (Policy §9.11¶2 =?UTF-8?Q?=E2=80=9Cmust=E2=80=9D?=)

Tue Apr 2 15:54:49 BST 2019

Hi Emmanuel,

> This restores the ability to create the tomcat user without systemd.

due to your objection against perceived complexity, I changed the way
I’ve implemented this. Doing this at all is required because the hard
“Depends: systemd” will not work on many non-systemd systems, and, as
it’s only used for a tool to add a user account, is overly harsh.

This now reads as follows:

• The change to debian/control stays the same
• The lintian override is no longer necessary
• The postinst diff goes down to:

diff --git a/debian/tomcat9.postinst b/debian/tomcat9.postinst
index 55fb55c2..8edcfc5c 100644
--- a/debian/tomcat9.postinst
+++ b/debian/tomcat9.postinst
@@ -5,6 +5,7 @@
 
 set -e
 
+# Note these are no longer configurable (as of commit 243d00dc688ea47f4c7cde570ccaaa70efe269bf)
 TOMCAT_USER="tomcat"
 TOMCAT_GROUP="tomcat"
 
@@ -12,8 +13,8 @@ CONFFILES="tomcat-users.xml web.xml server.xml logging.properties context.xml ca
 
 case "$1" in
     configure)
-	# Create the tomcat user as defined in /usr/lib/sysusers.d/tomcat9.conf
-	systemd-sysusers
+	# Create the tomcat user
+	/usr/libexec/tomcat9/create-sysuser.sh
 
 	# Install the configuration files
 	for conffile in $CONFFILES;

• There is a new file, which I’ll gladly maintain as part of the init
  script effort, with an appropriate entry in debian/tomcat9.install:

diff --git a/debian/libexec/create-sysuser.sh b/debian/libexec/create-sysuser.sh
new file mode 100755
index 00000000..3fd6dcd5
--- /dev/null
+++ b/debian/libexec/create-sysuser.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Create the tomcat system user
+#
+
+set -e
+
+if id tomcat >/dev/null 2>&1; then
+	# The user already exists
+	exit 0
+fi
+
+if which systemd-sysusers >/dev/null; then
+	# Use /usr/lib/sysusers.d/tomcat9.conf and systemd
+	systemd-sysusers
+else
+	# Use adduser instead, takes care of user and group both
+	adduser --system --home /var/lib/tomcat9 \
+	    --shell /usr/sbin/nologin --no-create-home \
+	    --group --disabled-password --disabled-login \
+	    --gecos 'Apache Tomcat' tomcat
+fi

Do note that this is already much less complexity than it was in
tomcat8, because we don’t even call addgroup but let adduser handle
this part of the account creation. (I’ve also moved the check for
prior existence up; no sense in calling tools if not necessary.)

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

**********

Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.

Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.

**********

