[subversion-commit] SVN tex-common commit + diffs: r1288 -
tex-common/trunk/debian
Frank Küster
frank at costa.debian.org
Mon May 8 09:57:00 UTC 2006
Author: frank
Date: 2006-05-08 09:56:59 +0000 (Mon, 08 May 2006)
New Revision: 1288
Modified:
tex-common/trunk/debian/changelog
tex-common/trunk/debian/config.in
tex-common/trunk/debian/postinst.in
tex-common/trunk/debian/templates
Log:
Change the configuration scheme again a little: Before accepting a
group name typed by the user, test whether it really exists.
Furthermore, if there is only one user in the "normal user" range in
/etc/passwd, suggest their group as the owner of the font cache. And
finally, make the wording clearer everywhere. Many thanks to Anthony
DeRobertis <anthony at derobert.net>, James R. Van Zandt"
<jrvz at comcast.net> and Helge Hafting <helge.hafting at aitel.hist.no>
(closes: #366107, #366095, #365513) [frank]
Modified: tex-common/trunk/debian/changelog
===================================================================
--- tex-common/trunk/debian/changelog 2006-05-08 09:44:34 UTC (rev 1287)
+++ tex-common/trunk/debian/changelog 2006-05-08 09:56:59 UTC (rev 1288)
@@ -6,8 +6,16 @@
* Debconf translations:
- updated wording of swedish template, thanks to Daniel Nylander
<yeager at lidkoping.net> (closes: #365992) [frank]
+ * Change the configuration scheme again a little: Before accepting a
+ group name typed by the user, test whether it really exists.
+ Furthermore, if there is only one user in the "normal user" range in
+ /etc/passwd, suggest their group as the owner of the font cache. And
+ finally, make the wording clearer everywhere. Many thanks to Anthony
+ DeRobertis <anthony at derobert.net>, James R. Van Zandt"
+ <jrvz at comcast.net> and Helge Hafting <helge.hafting at aitel.hist.no>
+ (closes: #366107, #366095, #365513) [frank]
- -- Frank Küster <frank at debian.org> Thu, 4 May 2006 15:43:36 +0200
+ -- Frank Küster <frank at debian.org> Sat, 6 May 2006 18:41:47 +0200
tex-common (0.21) unstable; urgency=low
Modified: tex-common/trunk/debian/config.in
===================================================================
--- tex-common/trunk/debian/config.in 2006-05-08 09:44:34 UTC (rev 1287)
+++ tex-common/trunk/debian/config.in 2006-05-08 09:56:59 UTC (rev 1288)
@@ -1,5 +1,5 @@
#include variables
-#!/bin/sh -e
+#!/bin/sh -ex
#
# config maintainer script for the Debian <:=${PACKAGE}:> package.
# $Id: config.in 114 2005-08-04 15:04:01Z frn $
@@ -43,7 +43,7 @@
# we set the groupname seen flag to false in any case since now it has
# a completely new meaning
-db_fset tex-common/groupname seen false || true
+# db_fset tex-common/groupname seen false || true
# this script may be run twice: Once by dpkg-preconfigure, once again by
# debconf when it is sourced in the postinst script. We must do the
@@ -72,7 +72,8 @@
# if the permissions are still <:=$FONTCACHE_PERMS:> we set managecache to true
if [ $PERMS = $FONTCACHE_PERMS ] ; then
db_set tex-common/managecache true || true
- db_set tex-common/groupname "$GROUP" || true
+ db_set tex-common/groupname_single "$GROUP" || true
+ db_set tex-common/groupname_multi "$GROUP" || true
else
db_set tex-common/managecache false || true
fi
@@ -92,6 +93,28 @@
else
db_set tex-common/managecache false || true
fi
+ # now check whether this machine has only one normal user account (outside the system range)
+ usercount=0
+ userid=""
+ for uid in `cut -d ':' -f 3 /etc/passwd`; do
+ if [ $uid -ge 1000 ] && [ $uid -le 29999 ]; then
+ userid=$uid
+ : $((usercount++))
+ fi
+ done
+ if [ $usercount -eq 1 ]; then
+ db_set tex-common/singleuser true
+ # exactly one user account, number in $userid: suggest its group
+ # this might break with other authentication setups than /etc/passwd,
+ # but it's only a suggestion
+ groupID=`sed -n -e "/^[^:]\{1,\}:[^:]\{1,\}:$userid:/ \
+ { s@^[^:]\{1,\}:[^:]\{1,\}:$userid:\([[:digit:]]\{1,\}\):.*@\1@; p }" \
+ /etc/passwd`
+ GROUP=`sed -n -e "/^[^:]\{1,\}:[^:]\{1,\}:$userid/ \
+ {s@^\([^:]\{1,\}\):[^:]\{1,\}:$userid:.*@\1@; p}" \
+ /etc/group`
+ db_set tex-common/groupname_single "$GROUP" || true
+ fi
fi
cache_debconf_priority=medium
db_input $cache_debconf_priority tex-common/managecache || true
@@ -99,8 +122,30 @@
db_get tex-common/managecache || true
if [ "$RET" = true ]; then
- db_input $cache_debconf_priority tex-common/groupname || true
- db_go
+ groupname_variant=multi
+ if [ $usercount -eq 1 ]; then
+ groupname_variant=single
+ fi
+ while true; do
+ db_input $cache_debconf_priority tex-common/groupname_$groupname_variant || true
+ db_go || true
+ db_get tex-common/groupname_$groupname_variant || true
+ GROUP="$RET"
+ # now check whether the returned group name exists. This time, we can't rely on
+ # /etc/group, since we would never get out of this loop if the group information
+ # comes from somewhere else.
+ # Instead, we try to chown a file to that group
+ dobreak=true # means: execute /bin/true, do not break out of the loop
+ tempfile=`mktemp`
+ if [ -n "$GROUP" ] && chown :$GROUP $tempfile; then # no redirecting of stderr!
+ dobreak=break
+ fi
+ $dobreak
+ # still there? invalid group
+ db_subst tex-common/invalid_groupname badgroup $GROUP || true
+ db_input $cache_debconf_priority tex-common/invalid_groupname || true
+ db_go
+ done
fi
fi
Modified: tex-common/trunk/debian/postinst.in
===================================================================
--- tex-common/trunk/debian/postinst.in 2006-05-08 09:44:34 UTC (rev 1287)
+++ tex-common/trunk/debian/postinst.in 2006-05-08 09:56:59 UTC (rev 1288)
@@ -1,5 +1,5 @@
<::>//
-#!/bin/sh -e
+#!/bin/sh -ex
#
# postinst maintainer script for the Debian <:=${PACKAGE}:> package.
# $Id$
@@ -126,7 +126,12 @@
# do the config stuff
db_get tex-common/managecache || true
if [ $RET = true ] ; then
- db_get tex-common/groupname || true
+ db_get tex-common/singleuser || true
+ if [ "$RET" = true ]; then
+ db_get tex-common/groupname_single || true
+ else
+ db_get tex-common/groupname_multi || true
+ fi
GROUP="$RET"
if [ -n "$GROUP" ] ; then
echo -n "Adjusting permissions of TeX font cache... "
Modified: tex-common/trunk/debian/templates
===================================================================
--- tex-common/trunk/debian/templates 2006-05-08 09:44:34 UTC (rev 1287)
+++ tex-common/trunk/debian/templates 2006-05-08 09:56:59 UTC (rev 1288)
@@ -2,41 +2,83 @@
Type: boolean
Default: false
_Description: Manage the permissions of the TeX font cache with debconf?
- A TeX system may have to generate new font data (pixel data, metric,
+ A TeX system needs to generate new font data (pixel data, metric,
sources) on the fly. These files can be saved into the TeX font cache
in /var/cache/fonts and later reused.
.
- If you accept, you can specify a group name and *all* directories under
+ If you do not accept, the font cache directory will be
+ world-writeable, which is a security risk - everybody is able to fill
+ up the /var partition.
+ .
+ If you accept, you can specify a group name and all directories under
/var/cache/fonts will get ownership root:<groupname> and permission
bits 3775 (i.e. writable for the group <groupname>, sticky and setgid
- bit set). Accordingly, the ls-R index file will be owned and writable
+ bit set). Accordingly, the ls-R index file will be owned and writable
by that group.
.
- If you accept, font generation will only work for users that have been
- added to the group you chose - this has to be done manually by you!
+ If you accept, font generation on multi-user machines will only work
+ for users that have been added to the group you chose - this has to
+ be done manually by you! On machines used only by a single user, the
+ setup will try to automatically detect a suitable group.
.
The default is not to manage permissions with debconf, but this is just
- because this is required for building other Debian packages. In almost
- every other setup, like desktop machines or multi-user servers, accepting
- this (and adding users to the group) is strongly recommended!
+ because this is required for automatic installs on Debian package
+ building machines (buildds). In almost every other setup, like
+ desktop machines or multi-user servers, accepting
+ this is strongly recommended!
-Template: tex-common/groupname
+Template: tex-common/singleuser
+Type: boolean
+Default: false
+Description: internal item
+ Internal item which tells postinst whether we think only one user
+ works on this system
+
+Template: tex-common/groupname_multi
Type: string
Default: users
#flag:comment:3
-# In this paragraph, the wording is ambiguous (it could be read as,
-# but does *not* mean: 'the account "nobody" is member of
-# "users"'). This should be changed the next time that we have to
-# change the english templates, anyway. Meanwhile, translators
-# should take care to take the correct meaning.
+# Don't translate "users" in quotation marks, it is the name of the
+# default group as found in /etc/groups.
_Description: Group that should own the TeX font cache
You can choose a specific group which will own all directories under and
including the TeX font cache /var/cache/fonts. These directories will
get permission 3775.
.
- Note that on a Debian system, nobody is member of the "users" group by
- default, so local users have to be added manually!
+ The default is "users", Note that on a Debian system, no local user is
+ member of the "users" group by default, so you have to add them manually!
+Template: tex-common/groupname_single
+Type: string
+Default: users
+#flag:comment:4
+# Don't translate "users" in quotation marks, it is the name of the
+# default group as found in /etc/groups.
+_Description: Group that should own the TeX font cache
+ You can choose a specific group which will own all directories under and
+ including the TeX font cache /var/cache/fonts. These directories will
+ get permission 3775.
+ .
+ The setup detected only a single user who works on this system. If
+ this is correct, the best choice is to choose this user's private group
+ with the same name as the user name.
+ .
+ If it is incorrect and more users are supposed to work on this
+ machine, or if daemons running as system users will use TeX, it is
+ suggested to choose an existing group, like "users", and add the
+ required users manually.
+
+Template: tex-common/invalid_groupname
+Type: note
+Description: The group name you entered, ${badgroup}, does not exist
+ The setup has tried to change ownership of a test file to the group
+ you entered in the previous dialog box,
+ .
+ ${badgroup}
+ .
+ but this failed. You will be asked again; please enter the name (not
+ the numeric ID) of a group that exists on your system.
+
Template: tex-common/cnf_name
Type: note
_Description: Change of name of files in /etc/texmf/texmf.d/
More information about the Pkg-tetex-commits
mailing list