[Pkg-utopia-maintainers] Bug#1087525: Bug#1087525: polkitd: polkit-tmpfiles.conf overrides dpkg-statoverride
Luca Boccassi
bluca at debian.org
Tue Dec 17 15:19:19 GMT 2024
On Fri, 15 Nov 2024 01:03:00 +0000 Luca Boccassi <bluca at debian.org>
wrote:
> On Fri, 15 Nov 2024 at 00:57, Michael Biebl <biebl at debian.org> wrote:
> >
> > Am 15.11.24 um 00:29 schrieb Luca Boccassi:
> > > On Thu, 14 Nov 2024 at 23:27, Simon McVittie <smcv at debian.org>
wrote:
> > >>
> > >> On Thu, 14 Nov 2024 at 22:47:05 +0000, Luca Boccassi wrote:
> > >>> Incidentally, we also have some leftovers handling of
/var/lib/polkit-1
> > >>> - I think that's no longer necessary as well, given Michael
dropped
> > >>> pkla support entirely, right?
> > >>
> > >> In existing installations it might still be the home directory
of the
> > >> polkitd user (we try to change it to /nonexistent, but we might
not be
> > >> able to if there's some stray process running as polkitd), and
we can't
> > >> `rm -r` it because other packages might still own files in
there.
> > >>
> > >> I don't think that necessarily blocks removing all of the
leftover
> > >> handling of it, but it will need doing a bit carefully.
> > >
> > > Yeah removing might not be feasible, however we can at least stop
> > > creating it, setting the user/groups, etc, right?
> >
> > I think it's safe (and probably a good idea) to drop
> > - set_perms root polkitd 750 /var/lib/polkit-1
> > from polkitd.postinst.
> >
> > I'm not so sure we can easily drop it from polkitd.dirs.
> > This would cause dpkg to attempt its removal on upgrades which
might not
> > be a good idea if the polkitd system user, as Simon explained
above,
> > could not successfully be updated to the new home directory.
> > That said, it's indeed a bit unclean that we still ship the old
> > directory in the package.
>
> But we have code to change the old users homedir though, so it's a
> fallback for a fallback for a fallback... we should just change it to
> assert that the user is correctly configured after trying to change
> it, and refuse to continue unless manual action is taken to repair
it,
> with an explicit error. That way we know that even in the corner case
> of a corner case of a corner case, it's safe to drop.
Here's the change, it errors out with a clear error when the user
homedir cannot be fixed automatically, tested by mangling it manually
and it seems to work as intended:
https://salsa.debian.org/utopia-team/polkit/-/merge_requests/15
More information about the Pkg-utopia-maintainers
mailing list