Re: should postrm script purge system-users?

[Lorenzo]

Hello,

[ I'm not a DD nor an expert, so you may want to wait for others opinion
too ]

On Fri, 23 Dec 2022 21:18:48 +
Peymaneh  wrote:

> Dear mentors list,
> 
> a package that I maintain[1] creates a new system-user and -group 
> ("caddy") and creates a homedirectory in /var/lib/caddy upon 
> installation[2] intended for the systemd service file.
> 
> When purging the package, all of these are currently left on the
> system.
> 
> It was suggested to me that the not only the directories, but also
> user and group should be removed.[3] but i am unsure if purging even
> users from the system could maybe a bad idea, because they still
> might be owners of other files on the system?

I don't think there is a fixed rule to follow on this: the safest thing
(for reason you mentioned above and others too) is to leave everything
on the system and lock the user.
On the other hand leaving files around and not freeing the UID has a
cost, so if you know that the user doesn't leave files around or that it
writes only to some predictable location it might worth to search and
remove all files owned by the user and then remove the user on purge.
Removing non empty home and files around requires some extra check, see
links at the bottom

> 
> The debian wiki and policy only covers removal of files/dirs and does 
> not seem to mention the handling of system users..
> 
> Peymaneh
> 
> ps: please keep me in CC, i am not member of the list
> 
> ---
> [1] https://salsa.debian.org/go-team/packages/caddy/
> [2] 
> https://salsa.debian.org/go-team/packages/caddy/-/blob/debian/sid/dist/scripts/postinstall.sh

user created with 'nologin', so only the caddy service should create
files with that user?
But I see that you also add the www-data supplementary group, so I
guess it your service write/read also somewhere else under /var ?
You should know this as maintainer or you can ask to upstream.

> [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022260

Lorenzo

For reference, see also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981918
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23848239
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848240

Bug#1026921: RFS: speedcrunch/0.12.0-6 [RC] -- High precision calculator

[Felix Krull]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "speedcrunch":

 * Package name : speedcrunch
   Version  : 0.12.0-6
   Upstream contact : speedcru...@googlegroups.com
 * URL  : http://www.speedcrunch.org/
 * License  : GPL-2+, CC0-1.0
 * Vcs  : https://salsa.debian.org/fkrull-guest/pkg-speedcrunch
   Section  : math

The source builds the following binary packages:

  speedcrunch - High precision calculator

To access further information about this package, please visit the
following URL:

  https://mentors.debian.net/package/speedcrunch/

Alternatively, you can download the package with 'dget' using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/s/speedcrunch/speedcrunch_0.12.0-6.dsc

Changes since the last upload:

 speedcrunch (0.12.0-6) unstable; urgency=medium
 .
   * d/patches: use Sphinx built-in i18n support for extensions
 - Closes: #1026816

Regards,
Felix Krull

should postrm script purge system-users?

[Peymaneh]

Dear mentors list,

a package that I maintain[1] creates a new system-user and -group 
("caddy") and creates a homedirectory in /var/lib/caddy upon 
installation[2] intended for the systemd service file.


When purging the package, all of these are currently left on the system.

It was suggested to me that the not only the directories, but also user 
and group should be removed.[3] but i am unsure if purging even users 
from the system could maybe a bad idea, because they still might be 
owners of other files on the system?


The debian wiki and policy only covers removal of files/dirs and does 
not seem to mention the handling of system users..


Peymaneh

ps: please keep me in CC, i am not member of the list

---
[1] https://salsa.debian.org/go-team/packages/caddy/
[2] 
https://salsa.debian.org/go-team/packages/caddy/-/blob/debian/sid/dist/scripts/postinstall.sh

[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022260


OpenPGP_signature
Description: OpenPGP digital signature

Bug#1026907: RFS: dwm/6.4-1 [ITS] -- dynamic window manager

[Matteo Bini]

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "dwm":

 * Package name : dwm
   Version  : 6.4-1
 * URL  : https://dwm.suckless.org/
 * License  : Expat
   Section  : x11

The source builds the following binary packages:

  dwm - dynamic window manager

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/dwm/

Alternatively, you can download the package with 'dget' using this command:

  dget -x https://mentors.debian.net/debian/pool/main/d/dwm/dwm_6.4-1.dsc

Changes since the last upload:

 dwm (6.4-1) unstable; urgency=low
 .
   * Salvage package (Closes: #1025325).
   * New upstream release.
   * debian/control:
 - Add new maintainer.
 - Bump Standards-Version to 4.6.2.
 - Remove old maintainer's VCS fields.
 - Change Rules-Requires-Root field to no.
   * debian/copyright:
 - Update copyright for new upstream release.
 - Update Matteo's email address.
   * debian/dwm.menu:
 - Delete menu file due to Technical Committee decision.
   * debian/icons:
 - Update dwm.png with upstream one.
 - Add hicolor scalable icon in places dir (dwm_badge-symbolic.svg) for
   lightdm-gtk-greeter.
   * debian/patches/*:
 - Refresh patches for new upstream release.
   * debian/upstream/metadata:
 - Add basic upstream meta-information.

Regards,

-- 
Matteo Bini

Bug#1026900: RFS: openclonk/8.1-3 [QA] [RC] -- multiplayer game of strategy, action and skill

[Bo YU]

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "openclonk":

 * Package name : openclonk
   Version  : 8.1-3
   Upstream contact : [fill in name and email of upstream]
 * URL  : https://www.openclonk.org
 * License  : [fill in]
 * Vcs  : https://salsa.debian.org/games-team/openclonk
   Section  : games

The source builds the following binary packages:

  openclonk - multiplayer game of strategy, action and skill
  openclonk-data - multiplayer game of strategy, action and skill - data

To access further information about this package, please visit the following 
URL:

  https://mentors.debian.net/package/openclonk/

Alternatively, you can download the package with 'dget' using this command:

  dget -x 
https://mentors.debian.net/debian/pool/main/o/openclonk/openclonk_8.1-3.dsc

Changes since the last upload:

 openclonk (8.1-3) unstable; urgency=medium
 .
   * QA upload.
   * Fix FTCBFS: Pass -DIMPORT_NATIVE_TOOLS=path-to-native-build.
 Thanks to Helmut Grohne. (Closes: #996841)
   * Fix ftbfs on GCC-11. (Closes: #984274)

-- 
Regards,
--
  Bo YU



signature.asc
Description: PGP signature

Re: sbuild foo_2.0-2 and upload to NEW

[Geert Stappers]

On Sun, Dec 18, 2022 at 11:12:05PM +0100, Santiago Vila wrote:
> Hello Geert.
> 
> El 15/12/22 a las 23:12, Geert Stappers escribió:
> > Which paramaters to provide to sbuild
> > to get the   .orig.tar.xz  included?
> 
> I think you need both --source and --force-orig-source.
> (Maybe you were trying only one at a time?)

I did.  Doing

  sbuild --source --force-orig-source

got foo build 2.0, Debian version 2.
 
The upload looked scary

$ dput ../foo_2.0-2_amd64.changes
Trying to upload package to ftp-master (ftp.upload.debian.org)
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ftp-master (via ftp to ftp.upload.debian.org):
  Uploading foo_2.0-2.dsc: done.
  Uploading foo_2.0.orig.tar.gz: done.
  Uploading foo_2.0-2.debian.tar.xz: done.
  Uploading foo-headless_2.0-2_all.deb: done.
  Uploading foo_2.0-2_all.deb: done.
  Uploading foo_2.0-2_amd64.buildinfo: done.
  Uploading foo_2.0-2_amd64.changes: done.
Successfully uploaded packages.
$

But that was fine, there was no reject.  Foo got accepted.


> btw: There is a bug about this problem (need to include source again
> when there are new binaries) here:
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831562
> 


Another  by the way:

   foo_source.changes and  foo_armhf.changes

Both were in my directory, I might have been checking the wrong one.
Luckly I got an off-list advice on it. Now sharing that advice:

   Check the correct  .changes


Groeten
Geert Stappers
-- 
Silence is hard to parse

Bug#1026880: RFS: d11amp/0.59-1 [ITP] -- Oldskool MP3 player

[Thomas Dettbarn]

Package: sponsorship-requests
Severity: wishlist

Dear mentors,

I am looking for a sponsor for my package "d11amp":

So, I fine-tuned the package a little bit (i.e. making it more
robust in terms of the build process, and changed its description
from "simple MP3 player" to "OLDSKOOL MP3 player").

Now it is upload number #11. I would be more than happy if one
of you guys could have a look.



* Package name : d11amp
Version : 0.59-1
Upstream contact : Thomas Dettbarn 
* URL : https://www.dettus.net/d11amp/
* License : BSD-2-Clause
* Vcs : https://github.com/dettus/d11amp/
Section : sound

The source builds the following binary packages:

d11amp - Oldskool MP3 player

To access further information about this package, please visit the 
following URL:


https://mentors.debian.net/package/d11amp/

Alternatively, you can download the package with 'dget' using this command:

dget -x 
https://mentors.debian.net/debian/pool/main/d/d11amp/d11amp_0.59-1.dsc


Changes for the initial release:

d11amp (0.59-1) unstable; urgency=low