I have a question about dpkg-statoverride. I won't submit a bug, since maybe I'm just trying to use it improperly, but as far as I can tell, it sucks badly.
I'm packaging the new version of mirrormagic, which has a series of data directories all with the setgid bit set (mode g+s). In particular it needs setgid for writing high scores to /var/lib/games/mirrormagic, which has a hierarchy of subdirectories underneath them, also setgid. I want to be able to set /var/lib/games/mirrormagic with something like chmod -R g+rws, recursively into all subdirectories. Now when I do this by hand in debian/rules, it all works just fine. But I was given to understand that setting gid mode was better done using dpkg-statoverride for security reasons in the postinst script, using something like: /usr/sbin/dpkg-statoverride --update --add root games 2775 /var/lib/games/mirrormagic However, there are then two problems with that: 1) first of all, dpkg-statoverride doesn't work recursively, so I'd have to explicitly go all the way down the subdirectory heirarchies, listing each one one by one. 2) even when I do list one of the directories in postinst, it doesn't work, with the dpkg-statoverride command in postinst complaining: Setting up mirrormagic (2.0.0-1) ... warning: --update given but /var/lib/games/mirrormagic does not exist warning: --update given but /var/lib/games/mirrormagic/scores does not exist The directories *do* exist, by the way (and I don't get this message with /usr/games/mirrormagic, the executable file). Needless to say, the respective directories end up without mode g+rws, and therefore highscores are lost. Does this all mean that dpkg-statoverride is complete crap, or that my usage of it is crap, or that it is simply intended only to handle setuid for executable files, not setgid for directories (contrary to the man page which says it does handle directories)? Drew -- PGP public key available at http://dparsons.webjump.com/drewskey.txt Fingerprint: A110 EAE1 D7D2 8076 5FE0 EC0A B6CE 7041 6412 4E4A
