Package: stow
Version: 2.4.1-2
Severity: normal
User: [email protected]
Usertags: dh-usrlocal
Prompted by recent changes in fontconfig and its handling of
/usr/local/share/fonts, I noticed that stow also creates a directory
below /usr/local with mode 2775 and owner root:staff.
According to Policy ยง9.1.2, since Policy 4.1.4 (2018), directories below
/usr/local should normally be created with mode 0755 and owner
root:root, a change that was made to avoid privilege escalation by
members of the staff group. (There's a flag file to opt back in to the
old behaviour.)
Instead of open-coding the necessary logic, I would suggest using
dh_usrlocal to create this directory. The procedure to do that is
something like this:
1. create debian/stow/usr/local/stow, for example by using debian/dirs
2. make sure dh_usrlocal is run (normally dh will run it)
3. remove open-coded logic in debian/postinst to create this directory
4. if debian/postinst is now empty (likely), delete it, or if non-empty,
make sure it still has the #DEBHELPER# placeholder
dh_usrlocal will insert maintainer script snippets generated from
/usr/share/debhelper/autoscripts/ to create the directory when
appropriate.
dh_usrlocal doesn't remove first-level subdirectories of /usr/local on
removal, so debian/prerm will still need to remove the directory if it's
empty.
Thanks,
smcv
