[Pkg-utopia-maintainers] Bug#1087525: Bug#1087525: polkitd: polkit-tmpfiles.conf overrides dpkg-statoverride
Michael Biebl
biebl at debian.org
Sat Jan 18 13:15:02 GMT 2025
On Fri, 15 Nov 2024 01:57:49 +0100 Michael Biebl <biebl at debian.org> wrote:
> Am 15.11.24 um 00:29 schrieb Luca Boccassi:
> > On Thu, 14 Nov 2024 at 23:27, Simon McVittie <smcv at debian.org> wrote:
> >>
> >> On Thu, 14 Nov 2024 at 22:47:05 +0000, Luca Boccassi wrote:
> >>> Incidentally, we also have some leftovers handling of /var/lib/polkit-1
> >>> - I think that's no longer necessary as well, given Michael dropped
> >>> pkla support entirely, right?
> >>
> >> In existing installations it might still be the home directory of the
> >> polkitd user (we try to change it to /nonexistent, but we might not be
> >> able to if there's some stray process running as polkitd), and we can't
> >> `rm -r` it because other packages might still own files in there.
> >>
> >> I don't think that necessarily blocks removing all of the leftover
> >> handling of it, but it will need doing a bit carefully.
> >
> > Yeah removing might not be feasible, however we can at least stop
> > creating it, setting the user/groups, etc, right?
>
> I think it's safe (and probably a good idea) to drop
> - set_perms root polkitd 750 /var/lib/polkit-1
> from polkitd.postinst.
>
> I'm not so sure we can easily drop it from polkitd.dirs.
> This would cause dpkg to attempt its removal on upgrades which might not
> be a good idea if the polkitd system user, as Simon explained above,
> could not successfully be updated to the new home directory.
> That said, it's indeed a bit unclean that we still ship the old
> directory in the package.
>
I completely forgot, that we had patched polkitd to us use chdir('/')
(and this patch is now also upstream, thanks Luca).
So I actually think we can drop the directory safely from the package,
even if we have failed to update the polkitd user to use /nonexistent as
its home directory. This would not lead to a failure when trying to
start the service and it's thus mostly a cosmetic issue. I would
therefor not fail hard in postinst as implemented in MR
https://salsa.debian.org/utopia-team/polkit/-/merge_requests/15
I've uploaded a simpler approach
https://salsa.debian.org/utopia-team/polkit/-/commit/fcf58579a073a7bdfe56fc1926fcebcce45d1fa0
as 126-2 to unstable
Regards,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20250118/55995c6d/attachment.sig>
More information about the Pkg-utopia-maintainers
mailing list