On Fri, 15 Nov 2024 01:03:00 +0000 Luca Boccassi <[email protected]> wrote: > On Fri, 15 Nov 2024 at 00:57, Michael Biebl <[email protected]> wrote: > > > > Am 15.11.24 um 00:29 schrieb Luca Boccassi: > > > On Thu, 14 Nov 2024 at 23:27, Simon McVittie <[email protected]> wrote: > > >> > > >> On Thu, 14 Nov 2024 at 22:47:05 +0000, Luca Boccassi wrote: > > >>> Incidentally, we also have some leftovers handling of /var/lib/polkit-1 > > >>> - I think that's no longer necessary as well, given Michael dropped > > >>> pkla support entirely, right? > > >> > > >> In existing installations it might still be the home directory of the > > >> polkitd user (we try to change it to /nonexistent, but we might not be > > >> able to if there's some stray process running as polkitd), and we can't > > >> `rm -r` it because other packages might still own files in there. > > >> > > >> I don't think that necessarily blocks removing all of the leftover > > >> handling of it, but it will need doing a bit carefully. > > > > > > Yeah removing might not be feasible, however we can at least stop > > > creating it, setting the user/groups, etc, right? > > > > I think it's safe (and probably a good idea) to drop > > - set_perms root polkitd 750 /var/lib/polkit-1 > > from polkitd.postinst. > > > > I'm not so sure we can easily drop it from polkitd.dirs. > > This would cause dpkg to attempt its removal on upgrades which might not > > be a good idea if the polkitd system user, as Simon explained above, > > could not successfully be updated to the new home directory. > > That said, it's indeed a bit unclean that we still ship the old > > directory in the package. > > But we have code to change the old users homedir though, so it's a > fallback for a fallback for a fallback... we should just change it to > assert that the user is correctly configured after trying to change > it, and refuse to continue unless manual action is taken to repair it, > with an explicit error. That way we know that even in the corner case > of a corner case of a corner case, it's safe to drop.
Here's the change, it errors out with a clear error when the user homedir cannot be fixed automatically, tested by mangling it manually and it seems to work as intended: https://salsa.debian.org/utopia-team/polkit/-/merge_requests/15 _______________________________________________ Pkg-utopia-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
