From: Otto Moerbeek Date: Mon, 30 Sep 2019 15:54:27 +0000 (+0200) Subject: chown/mods for systemd case for more smooth upgrade X-Git-Tag: auth-4.3.0-beta2~34^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c98c0ef694de0c536e6d71af8c58a16f6635ea35;p=thirdparty%2Fpdns.git chown/mods for systemd case for more smooth upgrade --- diff --git a/builder-support/debian/dnsdist/debian-buster/dnsdist.postinst b/builder-support/debian/dnsdist/debian-buster/dnsdist.postinst index 319a26406a..7bbf10b16b 100644 --- a/builder-support/debian/dnsdist/debian-buster/dnsdist.postinst +++ b/builder-support/debian/dnsdist/debian-buster/dnsdist.postinst @@ -18,6 +18,12 @@ case "$1" in adduser --force-badname --system --home /nonexistent --group \ --no-create-home --quiet _dnsdist || true + + if [ "`stat -c '%U:%G' /etc/powerdns/dnsdist.conf`" = "root:root" ]; then + chown root:_dnsdist /etc/powerdns/dnsdist.conf + # Make sure that dnsdist can read it; the default used to be 0600 + chmod g+r /etc/powerdns/dnsdist.conf + fi ;; abort-upgrade|abort-remove|abort-deconfigure) diff --git a/builder-support/debian/dnsdist/debian-buster/rules b/builder-support/debian/dnsdist/debian-buster/rules index 8ff24d0a0e..23fc6f8bff 100755 --- a/builder-support/debian/dnsdist/debian-buster/rules +++ b/builder-support/debian/dnsdist/debian-buster/rules @@ -75,3 +75,7 @@ override_dh_installexamples: override_dh_installinit: # do nothing here. avoids referencing a non-existant init script. +override_dh_fixperms: + dh_fixperms + # these files often contain passwords. 640 as it is chowned to root:_dnsdist + chmod 0640 debian/pdns-server/etc/powerdns/dnsdist.conf diff --git a/builder-support/debian/dnsdist/debian-jessie/dnsdist.postinst b/builder-support/debian/dnsdist/debian-jessie/dnsdist.postinst index 319a26406a..7bbf10b16b 100644 --- a/builder-support/debian/dnsdist/debian-jessie/dnsdist.postinst +++ b/builder-support/debian/dnsdist/debian-jessie/dnsdist.postinst @@ -18,6 +18,12 @@ case "$1" in adduser --force-badname --system --home /nonexistent --group \ --no-create-home --quiet _dnsdist || true + + if [ "`stat -c '%U:%G' /etc/powerdns/dnsdist.conf`" = "root:root" ]; then + chown root:_dnsdist /etc/powerdns/dnsdist.conf + # Make sure that dnsdist can read it; the default used to be 0600 + chmod g+r /etc/powerdns/dnsdist.conf + fi ;; abort-upgrade|abort-remove|abort-deconfigure) diff --git a/builder-support/debian/dnsdist/debian-jessie/rules b/builder-support/debian/dnsdist/debian-jessie/rules index 1d80904bc5..82d3fa407e 100755 --- a/builder-support/debian/dnsdist/debian-jessie/rules +++ b/builder-support/debian/dnsdist/debian-jessie/rules @@ -74,3 +74,8 @@ override_dh_strip: override_dh_installinit: dh_installinit dh_systemd_start -pdnsdist --restart-after-upgrade dnsdist.service + +override_dh_fixperms: + dh_fixperms + # these files often contain passwords. 640 as it is chowned to root:_dnsdist + chmod 0640 debian/pdns-server/etc/powerdns/dnsdist.conf diff --git a/builder-support/debian/dnsdist/debian-stretch/dnsdist.postinst b/builder-support/debian/dnsdist/debian-stretch/dnsdist.postinst index 319a26406a..7bbf10b16b 100644 --- a/builder-support/debian/dnsdist/debian-stretch/dnsdist.postinst +++ b/builder-support/debian/dnsdist/debian-stretch/dnsdist.postinst @@ -18,6 +18,12 @@ case "$1" in adduser --force-badname --system --home /nonexistent --group \ --no-create-home --quiet _dnsdist || true + + if [ "`stat -c '%U:%G' /etc/powerdns/dnsdist.conf`" = "root:root" ]; then + chown root:_dnsdist /etc/powerdns/dnsdist.conf + # Make sure that dnsdist can read it; the default used to be 0600 + chmod g+r /etc/powerdns/dnsdist.conf + fi ;; abort-upgrade|abort-remove|abort-deconfigure) diff --git a/builder-support/debian/dnsdist/debian-stretch/rules b/builder-support/debian/dnsdist/debian-stretch/rules index c310e01700..2b01ea3ef7 100755 --- a/builder-support/debian/dnsdist/debian-stretch/rules +++ b/builder-support/debian/dnsdist/debian-stretch/rules @@ -74,3 +74,7 @@ override_dh_installexamples: override_dh_installinit: # do nothing here. avoids referencing a non-existant init script. +override_dh_fixperms: + dh_fixperms + # these files often contain passwords. 640 as it is chowned to root:_dnsdist + chmod 0640 debian/pdns-server/etc/powerdns/dnsdist.conf