Hi!
On Tue, 2019-05-14 at 11:29:04 +0200, Holger Levsen wrote:
> Package: debian-security-support
> Version: 2019.02.02
> Severity: minor
> check-support-status.hook contains code (copied from postinst) to create
> the d-s-s user, which (I believe) is useless as the user is created in
> postinst
> anyway and this hook will only be run after postinst.
The hook is called always after a dpkg run, but those runs can be for
any dpkg command. In addition the hook cannot control how dpkg was
called. So the following could easily happen for example:
run 0
unpack \
debian-security-support \
libfoo \
libbar \
# EOL
post-invoke hook
run 1
configure \
libfoo \
libbar \
# EOL
post-invoke hook
run 2
configure \
debian-security-support
# EOL
post-invoke hook
And only on the last one the user would have already been created.
Restricting the action via DPKG_HOOK_ACTION == configure, would not
help much either as it would strip over the above scenario.
> we should clean this up after the release of buster.
I'm not sure this is feasible, given the way this package currently
works?
Thanks,
Guillem
