From 157376af7e800cf319584e49e9a6eca62bc1333f Mon Sep 17 00:00:00 2001 From: Echo Date: Sun, 3 May 2026 02:35:32 +0000 Subject: [PATCH] chore: bump version to 0.3.3 for dpkg and service fixes --- debian/changelog | 7 +++++++ debian/linux-patch-api/DEBIAN/postinst | 4 ++-- debian/linux-patch-api/DEBIAN/postrm | 12 ------------ debian/linux-patch-api/DEBIAN/preinst | 23 +++-------------------- 4 files changed, 12 insertions(+), 34 deletions(-) diff --git a/debian/changelog b/debian/changelog index 68ef445..43905b1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +linux-patch-api (0.3.3-1) unstable; urgency=low + + * Fix dpkg packaging: Remove linux-patch-api user creation, fix directory ownership + * Fix package install: Remove sudo from apt commands (service runs as root) + * Remove NoNewPrivileges and RestrictSUIDSGID from systemd service + + -- Echo Sat, 03 May 2026 02:30:00 -0500 linux-patch-api (0.3.2-1) unstable; urgency=low * Fix package install: Remove sudo from apt commands (service runs as root) diff --git a/debian/linux-patch-api/DEBIAN/postinst b/debian/linux-patch-api/DEBIAN/postinst index 1063d94..d1eb487 100755 --- a/debian/linux-patch-api/DEBIAN/postinst +++ b/debian/linux-patch-api/DEBIAN/postinst @@ -13,14 +13,14 @@ if [ "$1" = "configure" ]; then echo "Creating default config.yaml..." cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml chmod 640 /etc/linux_patch_api/config.yaml - chown linux-patch-api:linux-patch-api /etc/linux_patch_api/config.yaml + chown root:root /etc/linux_patch_api/config.yaml fi if [ ! -f "/etc/linux_patch_api/whitelist.yaml" ]; then echo "Creating default whitelist.yaml..." cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml chmod 640 /etc/linux_patch_api/whitelist.yaml - chown linux-patch-api:linux-patch-api /etc/linux_patch_api/whitelist.yaml + chown root:root /etc/linux_patch_api/whitelist.yaml fi # Reload systemd daemon to pick up new service file diff --git a/debian/linux-patch-api/DEBIAN/postrm b/debian/linux-patch-api/DEBIAN/postrm index fbde51f..dcb2195 100755 --- a/debian/linux-patch-api/DEBIAN/postrm +++ b/debian/linux-patch-api/DEBIAN/postrm @@ -39,18 +39,6 @@ if [ "$1" = "purge" ]; then rm -rf /var/log/linux_patch_api fi - # Remove system user - if getent passwd linux-patch-api > /dev/null 2>&1; then - echo "Removing user linux-patch-api..." - userdel linux-patch-api 2>/dev/null || true - fi - - # Remove system group - if getent group linux-patch-api > /dev/null 2>&1; then - echo "Removing group linux-patch-api..." - groupdel linux-patch-api 2>/dev/null || true - fi - echo "linux-patch-api purged successfully" fi diff --git a/debian/linux-patch-api/DEBIAN/preinst b/debian/linux-patch-api/DEBIAN/preinst index ec05903..17def06 100755 --- a/debian/linux-patch-api/DEBIAN/preinst +++ b/debian/linux-patch-api/DEBIAN/preinst @@ -9,31 +9,14 @@ if [ -d "/etc/linux_patch_api" ]; then echo "Detected existing installation - performing upgrade" fi -# Create system user if it doesn't exist -if ! getent group linux-patch-api > /dev/null 2>&1; then - echo "Creating group linux-patch-api..." - groupadd --system linux-patch-api -fi - -if ! getent passwd linux-patch-api > /dev/null 2>&1; then - echo "Creating user linux-patch-api..." - useradd --system \ - --gid linux-patch-api \ - --home-dir /var/lib/linux_patch_api \ - --no-create-home \ - --shell /usr/sbin/nologin \ - --comment "Linux Patch API Service" \ - linux-patch-api -fi - # Create required directories mkdir -p /etc/linux_patch_api/certs mkdir -p /var/lib/linux_patch_api mkdir -p /var/log/linux_patch_api -# Set proper ownership -chown -R linux-patch-api:linux-patch-api /var/lib/linux_patch_api -chown -R linux-patch-api:linux-patch-api /var/log/linux_patch_api +# Set proper ownership (service runs as root) +chown -R root:root /var/lib/linux_patch_api +chown -R root:root /var/log/linux_patch_api # Set secure permissions chmod 750 /etc/linux_patch_api