[tryton-debian-vcs] tryton-server branch debian updated. debian/3.0.1-1-1-gfc45816

Mathias Behrle tryton-debian-vcs at alioth.debian.org
Wed Dec 25 23:16:42 UTC 2013 

The following commit has been merged in the debian branch:
https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi/?p=tryton/tryton-server.git;a=commitdiff;h=debian/3.0.1-1-1-gfc45816

commit fc458169864460fcb178664ec34236a744875530
Author: Mathias Behrle <mathiasb at m9s.biz>
Date:   Thu Dec 26 00:04:08 2013 +0100

    Using dpkg-statoverride to allow local overrides of (otherwise) enforced restricted access permissions to /etc/trytond.conf, /var/lib/tryton and /var/log/tryton.

diff --git a/debian/tryton-server.postinst b/debian/tryton-server.postinst
index 2d3436a..cb739b5 100644
--- a/debian/tryton-server.postinst
+++ b/debian/tryton-server.postinst
@@ -15,18 +15,28 @@ case "${1}" in
 		# Creating home directory (also used for storage of attachments)
 		mkdir -p ${TRYTON_HOMEDIR}
 		chown ${TRYTON_USER}:${TRYTON_USER} ${TRYTON_HOMEDIR}
-		chmod 0750 ${TRYTON_HOMEDIR}
 
 		# Creating log directory
 		mkdir -p ${TRYTON_LOGDIR}
 		chown ${TRYTON_USER}:adm ${TRYTON_LOGDIR}
-		chmod 0750 ${TRYTON_LOGDIR}
 
 		# Setting ownership and permissions on configuration file
 		# trytond uses internal defaults, if it cannot read the
 		# configuration file.
 		chown ${TRYTON_USER}:${TRYTON_USER} ${TRYTON_CONFFILE}
-		chmod 0440 ${TRYTON_CONFFILE}
+		if ! dpkg-statoverride --list "${TRYTON_CONFFILE}" > /dev/null 2>&1
+		then
+			chmod 0440 "${TRYTON_CONFFILE}"
+		fi
+
+		# Restricting access to home and log directories for security reasons (private information)
+		for _DIRECTORY in "${TRYTON_HOMEDIR}" "${TRYTON_LOGDIR}"
+		do
+			if ! dpkg-statoverride --list "${_DIRECTORY}" > /dev/null 2>&1
+			then
+				chmod 0750 "${_DIRECTORY}"
+			fi
+		done
 		;;
 
 	abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/debian/tryton-server.postrm b/debian/tryton-server.postrm
index c412725..8122e05 100644
--- a/debian/tryton-server.postrm
+++ b/debian/tryton-server.postrm
@@ -3,9 +3,18 @@
 set -e
 
 TRYTON_USER="tryton"
+TRYTON_CONFFILE="/etc/trytond.conf"
+TRYTON_LOGDIR="/var/log/tryton"
+TRYTON_HOMEDIR="/var/lib/tryton"
 
 case "${1}" in
 	purge)
+		# Removing evtl. dpkg-statoverrides
+		for _ITEM in "${TRYTON_CONFFILE}" "${TRYTON_HOMEDIR}" "${TRYTON_LOGDIR}"
+		do
+			dpkg-statoverride --force --remove "${_ITEM}" > /dev/null 2>&1 || true
+		done
+
 		# Removing system user
 		if [ -x /usr/sbin/deluser ]
 		then
@@ -13,10 +22,10 @@ case "${1}" in
 		fi
 
 		# Removing log directory
-		rmdir --ignore-fail-on-non-empty /var/log/tryton > /dev/null 2>&1 || true
+		rmdir --ignore-fail-on-non-empty ${TRYTON_LOGDIR} > /dev/null 2>&1 || true
 
 		# Removing (potentially) empty directories
-		rmdir --ignore-fail-on-non-empty /var/lib/tryton > /dev/null 2>&1 || true
+		rmdir --ignore-fail-on-non-empty ${TRYTON_HOMEDIR} > /dev/null 2>&1 || true
 		;;
 
 	remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-- 
tryton-server

More information about the tryton-debian-vcs mailing list