chown/mods for systemd case for more smooth upgrade

PowerDNS · Sep 30, 2019 · c98c0ef · c98c0ef
1 parent d2138f2
commit c98c0ef
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 0 deletions.
diff --git a/builder-support/debian/dnsdist/debian-buster/dnsdist.postinst b/builder-support/debian/dnsdist/debian-buster/dnsdist.postinst
@@ -18,6 +18,12 @@ case "$1" in
 
     adduser --force-badname --system --home /nonexistent --group \
         --no-create-home --quiet _dnsdist || true
+
+    if [ "`stat -c '%U:%G' /etc/powerdns/dnsdist.conf`" = "root:root" ]; then
+      chown root:_dnsdist /etc/powerdns/dnsdist.conf
+      # Make sure that dnsdist can read it; the default used to be 0600
+      chmod g+r /etc/powerdns/dnsdist.conf
+    fi
   ;;
 
   abort-upgrade|abort-remove|abort-deconfigure)

diff --git a/builder-support/debian/dnsdist/debian-buster/rules b/builder-support/debian/dnsdist/debian-buster/rules
@@ -75,3 +75,7 @@ override_dh_installexamples:
 override_dh_installinit:
 	# do nothing here. avoids referencing a non-existant init script.
 
+override_dh_fixperms:
+	dh_fixperms
+        # these files often contain passwords. 640 as it is chowned to root:_dnsdist
+	chmod 0640 debian/pdns-server/etc/powerdns/dnsdist.conf
diff --git a/builder-support/debian/dnsdist/debian-jessie/dnsdist.postinst b/builder-support/debian/dnsdist/debian-jessie/dnsdist.postinst
@@ -18,6 +18,12 @@ case "$1" in
 
     adduser --force-badname --system --home /nonexistent --group \
         --no-create-home --quiet _dnsdist || true
+
+    if [ "`stat -c '%U:%G' /etc/powerdns/dnsdist.conf`" = "root:root" ]; then
+      chown root:_dnsdist /etc/powerdns/dnsdist.conf
+      # Make sure that dnsdist can read it; the default used to be 0600
+      chmod g+r /etc/powerdns/dnsdist.conf
+    fi
   ;;
 
   abort-upgrade|abort-remove|abort-deconfigure)

diff --git a/builder-support/debian/dnsdist/debian-jessie/rules b/builder-support/debian/dnsdist/debian-jessie/rules
@@ -74,3 +74,8 @@ override_dh_strip:
 override_dh_installinit:
 	dh_installinit
 	dh_systemd_start -pdnsdist --restart-after-upgrade dnsdist.service
+
+override_dh_fixperms:
+	dh_fixperms
+        # these files often contain passwords. 640 as it is chowned to root:_dnsdist
+	chmod 0640 debian/pdns-server/etc/powerdns/dnsdist.conf
diff --git a/builder-support/debian/dnsdist/debian-stretch/dnsdist.postinst b/builder-support/debian/dnsdist/debian-stretch/dnsdist.postinst
@@ -18,6 +18,12 @@ case "$1" in
 
     adduser --force-badname --system --home /nonexistent --group \
         --no-create-home --quiet _dnsdist || true
+
+    if [ "`stat -c '%U:%G' /etc/powerdns/dnsdist.conf`" = "root:root" ]; then
+      chown root:_dnsdist /etc/powerdns/dnsdist.conf
+      # Make sure that dnsdist can read it; the default used to be 0600
+      chmod g+r /etc/powerdns/dnsdist.conf
+    fi
   ;;
 
   abort-upgrade|abort-remove|abort-deconfigure)

diff --git a/builder-support/debian/dnsdist/debian-stretch/rules b/builder-support/debian/dnsdist/debian-stretch/rules
@@ -74,3 +74,7 @@ override_dh_installexamples:
 override_dh_installinit:
 	# do nothing here. avoids referencing a non-existant init script.
 
+override_dh_fixperms:
+	dh_fixperms
+        # these files often contain passwords. 640 as it is chowned to root:_dnsdist
+	chmod 0640 debian/pdns-server/etc/powerdns/dnsdist.conf