From 9f16b61fe4a46e1452bedbf2f5e1bc9e5722c41a Mon Sep 17 00:00:00 2001 From: Chris Hofstaedtler Date: Sun, 2 Jun 2024 19:15:17 +0200 Subject: [PATCH] Use debputy to avoid Rules-Requires-Root: binary-targets --- debian/{README.debian => README.Debian} | 0 debian/control | 22 ++++----------- debian/debputy.manifest | 37 +++++++++++++++++++++++++ debian/rules | 19 ------------- 4 files changed, 42 insertions(+), 36 deletions(-) rename debian/{README.debian => README.Debian} (100%) create mode 100644 debian/debputy.manifest diff --git a/debian/README.debian b/debian/README.Debian similarity index 100% rename from debian/README.debian rename to debian/README.Debian diff --git a/debian/control b/debian/control index 3de8dbf5..96a1b427 100644 --- a/debian/control +++ b/debian/control @@ -8,6 +8,7 @@ Priority: required Build-Depends: bison, debhelper-compat (= 13), + dh-sequence-zz-debputy-rrr (>= 0.1.23~), docbook-xml , docbook-xsl , gettext, @@ -24,15 +25,13 @@ Standards-Version: 4.6.1 Vcs-Git: https://salsa.debian.org/debian/shadow.git -b master Vcs-Browser: https://salsa.debian.org/debian/shadow Homepage: https://github.com/shadow-maint/shadow -Rules-Requires-Root: binary-targets +Rules-Requires-Root: no Package: passwd Architecture: any Multi-Arch: foreign Depends: - libpam-modules, - ${misc:Depends}, - ${shlibs:Depends} + libpam-modules Recommends: sensible-utils Description: change and administer password and group data @@ -47,9 +46,7 @@ Multi-Arch: foreign Essential: yes Pre-Depends: libpam-modules, - libpam-runtime, - ${misc:Depends}, - ${shlibs:Depends} + libpam-runtime Breaks: hurd (<< 20140206~) [hurd-any] Conflicts: @@ -66,9 +63,6 @@ Package: uidmap Architecture: any Multi-Arch: foreign Priority: optional -Depends: - ${misc:Depends}, - ${shlibs:Depends} Description: programs to help use subuids These programs help unprivileged users to create uid and gid mappings in user namespaces. @@ -78,11 +72,6 @@ Section: libs Priority: optional Architecture: any Multi-Arch: same -Pre-Depends: - ${misc:Pre-Depends} -Depends: - ${misc:Depends}, - ${shlibs:Depends} Description: subordinate id handling library -- shared library The library provides an interface for querying, granding and ungranting subordinate user and group ids. @@ -93,8 +82,7 @@ Priority: optional Architecture: any Multi-Arch: same Depends: - libsubid4 (= ${binary:Version}), - ${misc:Depends} + libsubid4 (= ${binary:Version}) Description: subordinate id handling library -- shared library The library provides an interface for querying, granding and ungranting subordinate user and group ids. diff --git a/debian/debputy.manifest b/debian/debputy.manifest new file mode 100644 index 00000000..d4e1ef70 --- /dev/null +++ b/debian/debputy.manifest @@ -0,0 +1,37 @@ +manifest-version: '0.1' +packages: + passwd: + transformations: + - path-metadata: + path: usr/bin/chfn + mode: "u=rwxs,go=rx" + - path-metadata: + path: usr/bin/chsh + mode: "u=rwxs,go=rx" + - path-metadata: + path: usr/bin/gpasswd + mode: "u=rwxs,go=rx" + - path-metadata: + path: usr/bin/passwd + mode: "u=rwxs,go=rx" + - path-metadata: + path: usr/bin/chage + group: "shadow" + mode: "u=rwx,go=rxs" + - path-metadata: + path: usr/bin/expiry + group: "shadow" + mode: "u=rwx,go=rxs" + login: + transformations: + - path-metadata: + path: usr/bin/newgrp + mode: "u=rwxs,go=rx" + uidmap: + transformations: + - path-metadata: + path: usr/bin/newgidmap + mode: "u=rwxs,go=rx" + - path-metadata: + path: usr/bin/newuidmap + mode: "u=rwxs,go=rx" diff --git a/debian/rules b/debian/rules index b7ff08bd..6256182c 100755 --- a/debian/rules +++ b/debian/rules @@ -55,25 +55,6 @@ override_dh_installpam: dh_installpam -p passwd --name=chpasswd dh_installpam -p passwd --name=newusers -override_dh_builddeb-arch: - # uidmap - chmod u+s debian/uidmap/usr/bin/newuidmap - chmod u+s debian/uidmap/usr/bin/newgidmap - # login - # No real need for login to be setuid root - # chmod u+s debian/login/bin/login - chmod u+s debian/login/usr/bin/newgrp - # passwd - chmod u+s debian/passwd/usr/bin/chfn - chmod u+s debian/passwd/usr/bin/chsh - chmod u+s debian/passwd/usr/bin/gpasswd - chmod u+s debian/passwd/usr/bin/passwd - chgrp shadow debian/passwd/usr/bin/chage - chgrp shadow debian/passwd/usr/bin/expiry - chmod g+s debian/passwd/usr/bin/chage - chmod g+s debian/passwd/usr/bin/expiry - dh_builddeb -a - override_dh_auto_clean: sed -i 's/# Linux only # //' debian/login.pam dh_auto_clean