[subversion-commit] SVN tex-common commit + diffs: r925 - tex-common/trunk/debian

[Frank Küster]

Author: frank
Date: 2006-02-23 17:04:27 +0000 (Thu, 23 Feb 2006)
New Revision: 925

Modified:
   tex-common/trunk/debian/README.Debian
   tex-common/trunk/debian/config.in
Log:
fix logic in config script, and adjust README.Debian

Modified: tex-common/trunk/debian/README.Debian
===================================================================
--- tex-common/trunk/debian/README.Debian	2006-02-23 16:34:32 UTC (rev 924)
+++ tex-common/trunk/debian/README.Debian	2006-02-23 17:04:27 UTC (rev 925)
@@ -3,18 +3,23 @@
 =====================
 
 By default and according to long-standing tradition, the TeX font
-cache directory /var/cache/fonts is writable by the "users" group.
-Since this allows every group member to create arbitrary files on the
-/var partition, this might be a security risk, depending on local
-requirements and policy.
+cache directory /var/cache/fonts is world-writable.  We suggest that
+you at least restrict write permissions to a particular group,
+e.g. "users".  Since this still allows every group member to create
+arbitrary files on the /var partition, even this might be a security
+risk, depending on local requirements and policy.
 
-If you don't like this, use "dpkg-reconfigure -plow tex-common" to switch
-group ownership of the directory to a different group, or remove the
-group write permission.  In this case, the local administrator should
-probably fill the font cache, using the commands "allneeded" or
-"allcm" and "allec" in the teTeX or TeXlive packages.
+You can use "dpkg-reconfigure -plow tex-common" to restrict write
+access to some group.  Alternatively, you could put /var/cache/fonts
+on a different partition, e.g. using bind-mount.
 
-Alternatively, you could put /var/cache/fonts on a different
-partition, e.g. using bind-mount.
+Removing group write permission completely must be done manually (but
+will be respected by debconf, of course).  In this case, the local
+administrator should probably fill the font cache, using the commands
+"allneeded" or "allcm" and "allec" in the teTeX or TeXlive packages.
 
- -- Frank Küster <frank at debian.org>, Fri Feb 17 10:53:28 2006
+If you had version 0.16 installed and want to get back world-writable
+cache directories, please make this change manually.
+
+
+ -- Frank Küster <frank at debian.org>, Thu Feb 23 18:02:37 2006

Modified: tex-common/trunk/debian/config.in
===================================================================
--- tex-common/trunk/debian/config.in	2006-02-23 16:34:32 UTC (rev 924)
+++ tex-common/trunk/debian/config.in	2006-02-23 17:04:27 UTC (rev 925)
@@ -1,5 +1,5 @@
 #include variables
-#!/bin/sh -e
+#!/bin/sh -ex
 # 
 # config maintainer script for the Debian <:=${PACKAGE}:> package.
 # $Id: config.in 114 2005-08-04 15:04:01Z frn $
@@ -74,13 +74,16 @@
     fi
   else
     # this question has not been seen, so if the permissions are 
-    # - either the permissions as shipped in the deb
-    # - or empty, because the file is not yet present
+    # - either empty, because the file is not yet present
     # - or the new permissions <:=$FONTCACHE_PERMS:> as we want to ship them
     # - or the permissions as shipped by old tetex versions
     # then set the managecache to true, otherwise to false
     # we will later change it to <:=$FONTCACHE_PERMS:> in the true case
-    if [ "$PERMS" = 755 ] || [ -z "$PERMS" ] || [ "$PERMS" = $FONTCACHE_PERMS ] || [ "$PERMS" = 1777 ]; then
+    #
+    # If the permissions are as shipped in the deb, don't set to true
+    # (after noninteractive install in pbuilder etc., dir needs to be world-writable).
+
+    if [ -z "$PERMS" ] || [ "$PERMS" = $FONTCACHE_PERMS ] || [ "$PERMS" = 1777 ]; then
       db_set tex-common/managecache true || true
     else
       db_set tex-common/managecache false || true