Bug#962420: /usr/local/share/fonts owned by group staff even if /etc/staff-group-for-usr-local not present
Package: fontconfig-config Followup-For: Bug #962420 Control: tags -1 patch I attach a patch that fixes this problem. /usr/local/share/fonts will be root:staff 2775 only if /etc/staff-group-for-usr-local exists >From ee17357e3fb18323d5373a575ec6cb3c77ba6a89 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 4 Aug 2023 12:44:30 + Subject: [PATCH] use staff group only when requested --- debian/fontconfig-config.postinst | 12 +++- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/debian/fontconfig-config.postinst b/debian/fontconfig-config.postinst index 457cce5..a6e17b1 100644 --- a/debian/fontconfig-config.postinst +++ b/debian/fontconfig-config.postinst @@ -142,11 +142,13 @@ fi # end changes applied only for initial config / reconfiguration # Create /usr/local/share/fonts LOCALDIR=/usr/local/share/fonts -if [ ! -d $LOCALDIR ]; then - if mkdir $LOCALDIR 2>/dev/null ; then -chmod 2775 $LOCALDIR -chown root:staff $LOCALDIR - fi +if [ ! -d "$LOCALDIR" ]; then +if mkdir "$LOCALDIR" 2>/dev/null; then +if [ -f /etc/staff-group-for-usr-local ]; then +chmod 2775 "$LOCALDIR" +chown root:staff "$LOCALDIR" +fi +fi fi # fontconfig-config 2.11.0-5 (and earlier) created /etc/fonts.conf.d by mistake -- 2.39.2
Bug#962420: /usr/local/share/fonts owned by group staff even if /etc/staff-group-for-usr-local not present
Package: fontconfig Version: 2.14.1-4 Followup-For: Bug #962420 Dear Maintainer, Is there any progress on this bug? It is present in stable release of bookworm too now. -- System Information: Debian Release: 12.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages fontconfig depends on: ii fontconfig-config 2.14.1-4 ii libc6 2.36-9 ii libfontconfig1 2.14.1-4 ii libfreetype6 2.12.1+dfsg-5 fontconfig recommends no packages. fontconfig suggests no packages. -- no debconf information
Bug#962420: /usr/local/share/fonts owned by group staff even if /etc/staff-group-for-usr-local not present
I believe using dh_usrlocal(1) debhelper should do this automatically. Manpage: If a directory is owned by root:root, then ownership will be determined at install time. The ownership and permission bits will either be root:root mode 0755 or root:staff mode 02775. The actual choice depends on whether the system has /etc/staff-group-for-usr-local (as documented in the Debian Policy Manual §9.1.2 since version 4.1.4)
Bug#962420: /usr/local/share/fonts owned by group staff even if /etc/staff-group-for-usr-local not present
Le dimanche 07 juin 2020 à 21:26 +0200, Sébastien Villemot a écrit : > This is a violation of Debian Policy §9.1.2. Those specific ownerships and > permissions should only be given when the file /etc/staff-group-for-usr-local > is present. When it is not, the directory should be owned by root:root and > have > permissions 0775. Sorry, I meant 0755. -- ⢀⣴⠾⠻⢶⣦⠀ Sébastien Villemot ⣾⠁⢠⠒⠀⣿⡁ Debian Developer ⢿⡄⠘⠷⠚⠋⠀ https://sebastien.villemot.name ⠈⠳⣄ https://www.debian.org signature.asc Description: This is a digitally signed message part
Bug#962420: /usr/local/share/fonts owned by group staff even if /etc/staff-group-for-usr-local not present
Package: fontconfig-config Version: 2.13.1-2 Severity: normal The /usr/local/share/fonts directory, as created by the postinst script of fontconfig-config, is always owned by group staff, with permissions 2775. This is a violation of Debian Policy §9.1.2. Those specific ownerships and permissions should only be given when the file /etc/staff-group-for-usr-local is present. When it is not, the directory should be owned by root:root and have permissions 0775. Note that, since buster, new installations do not have /etc/staff-group-for-usr-local by default, which makes this bug biting more often. Best, -- ⢀⣴⠾⠻⢶⣦⠀ Sébastien Villemot ⣾⠁⢠⠒⠀⣿⡁ Debian Developer ⢿⡄⠘⠷⠚⠋⠀ http://sebastien.villemot.name ⠈⠳⣄ http://www.debian.org
