Re: [Refdb-users] Build Debian bin pkg from Ubunt scr pkg
Status: Beta
Brought to you by:
mhoenicka
Menu
▾
▴
Re: [Refdb-users] Build Debian bin pkg from Ubunt scr pkg
|
From: Stefan S. <ste...@ya...> - 2009-09-29 22:09:28
|
Hallo!
Torsten Bronger writes:
>>
>> - After the binary installation I started the "refdb-init" script
>> as root.
>
> I don't like that. Unless there are very good reasons, a daemon
> should have non-root privileges. RefDB works fine as an ordinary
> user.
The manual says: "The interactive script refdb-init must be run with root permission as it tries to fiddle with a couple of files that a regular user should not have write permission for." So starting "refdb-init" as root seems to be necessary. This does not mean that the "refdb" server runs as root. As I understand it, the command "/usr/sbin/refdbd" (called as $MYREFDBD) is merely used to set up the "refdb" database. The refdbd server is started after that by the command
$MYREFDBCTL start || endScript "Could not start refdbd" "failed"
which starts it with the "refdb" user (see the variable DAEMONUSER in the "/etc/init.d/refdb" script).
>> -- I had to execute: "/usr/sbin/refdbd" as root and change the
>> ownership of the "/var/lib/refdb/db" hierarchy afterwards.
>
> Then I have to fix this because this must not be necessary.
> Probably it's a Sqlite config issue because with Postgres, the
> limited privileges work fine, including properly writing the PID and
> the log file.
Simply remove the 09_refdbd_user_always_refdb_in_refdb-init.patch from the Ubuntu source package, the original script is ok:
# create the main database
if [ "${engine_name}" = "pgsql" ]; then
su $postgres_name -c "$MYREFDBD -a -e 0 -l 6 -u $dbadmin_name -w $dbadmin_password" || endScript "Check for PostgreSQL authentication problems" "failed"
else
$MYREFDBD -a -e 0 -l 6 -u $dbadmin_name -w $dbadmin_password || endScript "Failed to install or upgrade main database" "failed"
fi
which means that in the sqlite(3) case the "/usr/sbin/refdb" is run as root.
>> ...
>
> No, PID and log files are set to permissions which allow the "refdb"
> user to write them.
You are right, the permissions are set correctly. But removing the above patch does not completely solve the problem for me, I have to execute
chown -R refdb:refdb /var/lib/refdb/db
after the "refdb" database is set up.
Because "/usr/sbin/refdbd" runs as root the "refdb" database file that it sets-up is owned by root. When the "refdba" command subsequently tries to add styles this is - to my understanding - done via the "refdbd"-server. Because the "refdbd"-server runs as user "refdb" it fails to access the "refdb" database, which is owned by "root" and has permissions 644.
In addition to that a reference database is set up with the command
$MYREFDBA -c stdout -C createdb ${referencedb_name}
For this to succeed the "/var/lib/refdb/db" directory has to be owned by the user "refdb" for the same reason as above.
>> - I do not know which of the original shortcomings have already
>> been addressed in a possible new version of Torsten's Ubuntu
>> source package. As I am building and installing in a Debian
>> context, I do not know if these (or which of these) shortcomings
>> should be handled in an Ubuntu package.
>
> I didn't do anything except fixing the wrong MYREFDBCTL path above.
> I won't have time for it until the weekend.
>
> Anyway, the Ubuntu package must be built in a way that only minimal
> modifications are necessary for Debian.
Full ack.
> I don't have any experience with packages beyond packaging RefDB,
> let alone with packaging for Debian. How is it done normally? Is
> there one "source" package (my Ubuntu package in this case) and one
> "derived" package with a couple of meta-patches (your Debian package
> in this case)? How do packagers organise this?
Good question, but as I already mentioned in a pre-post although I am using Debian for quite a while I am newbie concerning Debian packaging and I do not currently posses any knowledge of the interplay between Debian and Ubuntu packages. Nevertheless, I would really love to collaborate in the building of the refdb Debian/Ubuntu package: Debian packaging is one of the top points in my current learning agenda. But because I have very tight schedule until mid of November I wont be able to deliver any substantial input until then.
The definitive sources concerning packaging for Debian are:
- the "Debian New Maintainers' Guide" (http://www.debian.org/doc/manuals/maint-guide/)
- the "Debian Developer's Reference" (http://www.debian.org/doc/manuals/developers-reference/) and
- the "Debian Policy Manual" (http://www.debian.org/doc/debian-policy/).
Additional important information contains the documentation of the "debconf" package/system.
An excellent book on these topics (and more) is Martin F. Krafft's: "The Debian System"
There is an equivalent of the "Debian Policy Manual" for Ubuntu, see for example: http://people.canonical.com/~cjwatson/ubuntu-policy/policy.html/. The Ubuntu wiki also contains valuable information, see for example "Working with Debian-format Packages" at https://wiki.ubuntu.com/UbuntuDevelopment.
Kind regards
Stefan
|
