chown/mods for systemd case for more smooth upgrade

diff --git a/builder-support/debian/dnsdist/debian-buster/dnsdist.postinst b/builder-support/debian/dnsdist/debian-buster/dnsdist.postinst
index 319a26406a4ff8a367cc228ed1953382f706791c..7bbf10b16b81f26892692cfe5b1a8623e3d29654 100644 (file)
--- a/builder-support/debian/dnsdist/debian-buster/dnsdist.postinst
+++ b/builder-support/debian/dnsdist/debian-buster/dnsdist.postinst
@@ -18,6 +18,12 @@ case "$1" in
 
     adduser --force-badname --system --home /nonexistent --group \
         --no-create-home --quiet _dnsdist || true
+
+    if [ "`stat -c '%U:%G' /etc/powerdns/dnsdist.conf`" = "root:root" ]; then
+      chown root:_dnsdist /etc/powerdns/dnsdist.conf
+      # Make sure that dnsdist can read it; the default used to be 0600
+      chmod g+r /etc/powerdns/dnsdist.conf
+    fi
   ;;
 
   abort-upgrade|abort-remove|abort-deconfigure)

diff --git a/builder-support/debian/dnsdist/debian-buster/rules b/builder-support/debian/dnsdist/debian-buster/rules
index 8ff24d0a0ec8fd716783276f1feda95f6b4c7ada..23fc6f8bff37d4ea9591f696b44dfff78e387d9d 100755 (executable)
--- a/builder-support/debian/dnsdist/debian-buster/rules
+++ b/builder-support/debian/dnsdist/debian-buster/rules
@@ -75,3 +75,7 @@ override_dh_installexamples:
 override_dh_installinit:
        # do nothing here. avoids referencing a non-existant init script.
 
+override_dh_fixperms:
+       dh_fixperms
+        # these files often contain passwords. 640 as it is chowned to root:_dnsdist
+       chmod 0640 debian/pdns-server/etc/powerdns/dnsdist.conf

diff --git a/builder-support/debian/dnsdist/debian-jessie/dnsdist.postinst b/builder-support/debian/dnsdist/debian-jessie/dnsdist.postinst
index 319a26406a4ff8a367cc228ed1953382f706791c..7bbf10b16b81f26892692cfe5b1a8623e3d29654 100644 (file)
--- a/builder-support/debian/dnsdist/debian-jessie/dnsdist.postinst
+++ b/builder-support/debian/dnsdist/debian-jessie/dnsdist.postinst
@@ -18,6 +18,12 @@ case "$1" in
 
     adduser --force-badname --system --home /nonexistent --group \
         --no-create-home --quiet _dnsdist || true
+
+    if [ "`stat -c '%U:%G' /etc/powerdns/dnsdist.conf`" = "root:root" ]; then
+      chown root:_dnsdist /etc/powerdns/dnsdist.conf
+      # Make sure that dnsdist can read it; the default used to be 0600
+      chmod g+r /etc/powerdns/dnsdist.conf
+    fi
   ;;
 
   abort-upgrade|abort-remove|abort-deconfigure)

diff --git a/builder-support/debian/dnsdist/debian-jessie/rules b/builder-support/debian/dnsdist/debian-jessie/rules
index 1d80904bc575e7ff020e7473af2b51ddd50275b3..82d3fa407ed1d0d93a9a1b85841b4516a975cc89 100755 (executable)
--- a/builder-support/debian/dnsdist/debian-jessie/rules
+++ b/builder-support/debian/dnsdist/debian-jessie/rules
@@ -74,3 +74,8 @@ override_dh_strip:
 override_dh_installinit:
        dh_installinit
        dh_systemd_start -pdnsdist --restart-after-upgrade dnsdist.service
+
+override_dh_fixperms:
+       dh_fixperms
+        # these files often contain passwords. 640 as it is chowned to root:_dnsdist
+       chmod 0640 debian/pdns-server/etc/powerdns/dnsdist.conf

diff --git a/builder-support/debian/dnsdist/debian-stretch/dnsdist.postinst b/builder-support/debian/dnsdist/debian-stretch/dnsdist.postinst
index 319a26406a4ff8a367cc228ed1953382f706791c..7bbf10b16b81f26892692cfe5b1a8623e3d29654 100644 (file)
--- a/builder-support/debian/dnsdist/debian-stretch/dnsdist.postinst
+++ b/builder-support/debian/dnsdist/debian-stretch/dnsdist.postinst
@@ -18,6 +18,12 @@ case "$1" in
 
     adduser --force-badname --system --home /nonexistent --group \
         --no-create-home --quiet _dnsdist || true
+
+    if [ "`stat -c '%U:%G' /etc/powerdns/dnsdist.conf`" = "root:root" ]; then
+      chown root:_dnsdist /etc/powerdns/dnsdist.conf
+      # Make sure that dnsdist can read it; the default used to be 0600
+      chmod g+r /etc/powerdns/dnsdist.conf
+    fi
   ;;
 
   abort-upgrade|abort-remove|abort-deconfigure)

diff --git a/builder-support/debian/dnsdist/debian-stretch/rules b/builder-support/debian/dnsdist/debian-stretch/rules
index c310e01700d2582298ea66a9e4f4f47cf8523994..2b01ea3ef7029adddf7660c0afadc0fcfd2d8382 100755 (executable)
--- a/builder-support/debian/dnsdist/debian-stretch/rules
+++ b/builder-support/debian/dnsdist/debian-stretch/rules
@@ -74,3 +74,7 @@ override_dh_installexamples:
 override_dh_installinit:
        # do nothing here. avoids referencing a non-existant init script.
 
+override_dh_fixperms:
+       dh_fixperms
+        # these files often contain passwords. 640 as it is chowned to root:_dnsdist
+       chmod 0640 debian/pdns-server/etc/powerdns/dnsdist.conf