Re: should postrm script purge system-users?
Hello, [ I'm not a DD nor an expert, so you may want to wait for others opinion too ] On Fri, 23 Dec 2022 21:18:48 + Peymaneh wrote: > Dear mentors list, > > a package that I maintain[1] creates a new system-user and -group > ("caddy") and creates a homedirectory in /var/lib/caddy upon > installation[2] intended for the systemd service file. > > When purging the package, all of these are currently left on the > system. > > It was suggested to me that the not only the directories, but also > user and group should be removed.[3] but i am unsure if purging even > users from the system could maybe a bad idea, because they still > might be owners of other files on the system? I don't think there is a fixed rule to follow on this: the safest thing (for reason you mentioned above and others too) is to leave everything on the system and lock the user. On the other hand leaving files around and not freeing the UID has a cost, so if you know that the user doesn't leave files around or that it writes only to some predictable location it might worth to search and remove all files owned by the user and then remove the user on purge. Removing non empty home and files around requires some extra check, see links at the bottom > > The debian wiki and policy only covers removal of files/dirs and does > not seem to mention the handling of system users.. > > Peymaneh > > ps: please keep me in CC, i am not member of the list > > --- > [1] https://salsa.debian.org/go-team/packages/caddy/ > [2] > https://salsa.debian.org/go-team/packages/caddy/-/blob/debian/sid/dist/scripts/postinstall.sh user created with 'nologin', so only the caddy service should create files with that user? But I see that you also add the www-data supplementary group, so I guess it your service write/read also somewhere else under /var ? You should know this as maintainer or you can ask to upstream. > [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022260 Lorenzo For reference, see also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981918 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23848239 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848240
Bug#1026921: RFS: speedcrunch/0.12.0-6 [RC] -- High precision calculator
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "speedcrunch": * Package name : speedcrunch Version : 0.12.0-6 Upstream contact : speedcru...@googlegroups.com * URL : http://www.speedcrunch.org/ * License : GPL-2+, CC0-1.0 * Vcs : https://salsa.debian.org/fkrull-guest/pkg-speedcrunch Section : math The source builds the following binary packages: speedcrunch - High precision calculator To access further information about this package, please visit the following URL: https://mentors.debian.net/package/speedcrunch/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/s/speedcrunch/speedcrunch_0.12.0-6.dsc Changes since the last upload: speedcrunch (0.12.0-6) unstable; urgency=medium . * d/patches: use Sphinx built-in i18n support for extensions - Closes: #1026816 Regards, Felix Krull
should postrm script purge system-users?
Dear mentors list, a package that I maintain[1] creates a new system-user and -group ("caddy") and creates a homedirectory in /var/lib/caddy upon installation[2] intended for the systemd service file. When purging the package, all of these are currently left on the system. It was suggested to me that the not only the directories, but also user and group should be removed.[3] but i am unsure if purging even users from the system could maybe a bad idea, because they still might be owners of other files on the system? The debian wiki and policy only covers removal of files/dirs and does not seem to mention the handling of system users.. Peymaneh ps: please keep me in CC, i am not member of the list --- [1] https://salsa.debian.org/go-team/packages/caddy/ [2] https://salsa.debian.org/go-team/packages/caddy/-/blob/debian/sid/dist/scripts/postinstall.sh [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022260 OpenPGP_signature Description: OpenPGP digital signature
Bug#1026907: RFS: dwm/6.4-1 [ITS] -- dynamic window manager
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "dwm": * Package name : dwm Version : 6.4-1 * URL : https://dwm.suckless.org/ * License : Expat Section : x11 The source builds the following binary packages: dwm - dynamic window manager To access further information about this package, please visit the following URL: https://mentors.debian.net/package/dwm/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/d/dwm/dwm_6.4-1.dsc Changes since the last upload: dwm (6.4-1) unstable; urgency=low . * Salvage package (Closes: #1025325). * New upstream release. * debian/control: - Add new maintainer. - Bump Standards-Version to 4.6.2. - Remove old maintainer's VCS fields. - Change Rules-Requires-Root field to no. * debian/copyright: - Update copyright for new upstream release. - Update Matteo's email address. * debian/dwm.menu: - Delete menu file due to Technical Committee decision. * debian/icons: - Update dwm.png with upstream one. - Add hicolor scalable icon in places dir (dwm_badge-symbolic.svg) for lightdm-gtk-greeter. * debian/patches/*: - Refresh patches for new upstream release. * debian/upstream/metadata: - Add basic upstream meta-information. Regards, -- Matteo Bini
Bug#1026900: RFS: openclonk/8.1-3 [QA] [RC] -- multiplayer game of strategy, action and skill
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "openclonk": * Package name : openclonk Version : 8.1-3 Upstream contact : [fill in name and email of upstream] * URL : https://www.openclonk.org * License : [fill in] * Vcs : https://salsa.debian.org/games-team/openclonk Section : games The source builds the following binary packages: openclonk - multiplayer game of strategy, action and skill openclonk-data - multiplayer game of strategy, action and skill - data To access further information about this package, please visit the following URL: https://mentors.debian.net/package/openclonk/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/o/openclonk/openclonk_8.1-3.dsc Changes since the last upload: openclonk (8.1-3) unstable; urgency=medium . * QA upload. * Fix FTCBFS: Pass -DIMPORT_NATIVE_TOOLS=path-to-native-build. Thanks to Helmut Grohne. (Closes: #996841) * Fix ftbfs on GCC-11. (Closes: #984274) -- Regards, -- Bo YU signature.asc Description: PGP signature
Re: sbuild foo_2.0-2 and upload to NEW
On Sun, Dec 18, 2022 at 11:12:05PM +0100, Santiago Vila wrote: > Hello Geert. > > El 15/12/22 a las 23:12, Geert Stappers escribió: > > Which paramaters to provide to sbuild > > to get the .orig.tar.xz included? > > I think you need both --source and --force-orig-source. > (Maybe you were trying only one at a time?) I did. Doing sbuild --source --force-orig-source got foo build 2.0, Debian version 2. The upload looked scary $ dput ../foo_2.0-2_amd64.changes Trying to upload package to ftp-master (ftp.upload.debian.org) Package includes an .orig.tar.gz file although the debian revision suggests that it might not be required. Multiple uploads of the .orig.tar.gz may be rejected by the upload queue management software. Uploading to ftp-master (via ftp to ftp.upload.debian.org): Uploading foo_2.0-2.dsc: done. Uploading foo_2.0.orig.tar.gz: done. Uploading foo_2.0-2.debian.tar.xz: done. Uploading foo-headless_2.0-2_all.deb: done. Uploading foo_2.0-2_all.deb: done. Uploading foo_2.0-2_amd64.buildinfo: done. Uploading foo_2.0-2_amd64.changes: done. Successfully uploaded packages. $ But that was fine, there was no reject. Foo got accepted. > btw: There is a bug about this problem (need to include source again > when there are new binaries) here: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831562 > Another by the way: foo_source.changes and foo_armhf.changes Both were in my directory, I might have been checking the wrong one. Luckly I got an off-list advice on it. Now sharing that advice: Check the correct .changes Groeten Geert Stappers -- Silence is hard to parse
Bug#1026880: RFS: d11amp/0.59-1 [ITP] -- Oldskool MP3 player
Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package "d11amp": So, I fine-tuned the package a little bit (i.e. making it more robust in terms of the build process, and changed its description from "simple MP3 player" to "OLDSKOOL MP3 player"). Now it is upload number #11. I would be more than happy if one of you guys could have a look. * Package name : d11amp Version : 0.59-1 Upstream contact : Thomas Dettbarn * URL : https://www.dettus.net/d11amp/ * License : BSD-2-Clause * Vcs : https://github.com/dettus/d11amp/ Section : sound The source builds the following binary packages: d11amp - Oldskool MP3 player To access further information about this package, please visit the following URL: https://mentors.debian.net/package/d11amp/ Alternatively, you can download the package with 'dget' using this command: dget -x https://mentors.debian.net/debian/pool/main/d/d11amp/d11amp_0.59-1.dsc Changes for the initial release: d11amp (0.59-1) unstable; urgency=low