fix: align all non-Ubuntu packages with Debian baseline behavior

- Arch: remove system user creation, root:root ownership, fix $startdir path in PKGBUILD - RPM: uncomment BuildRequires, add runtime deps (openssl-libs, ca-certificates), remove system user, root:root ownership - Alpine: remove system user creation, root:root ownership, co-locate install script with APKBUILD - All platforms now match Debian: no system user, root:root, create dirs, copy example configs, enable service
2026-05-20 02:01:52 +00:00
parent f428a7cc1e
commit 63b0bfce34
6 changed files with 118 additions and 112 deletions
--- a/configs/linux-patch-api.install
+++ b/configs/linux-patch-api.install
@ -1,31 +1,15 @@
 # Arch Linux install hooks for linux-patch-api
-# Reference: debian/{preinst,postinst,prerm,postrm}
+# Matches Debian preinst/postinst behavior: no system user, root:root ownership

 post_install() {
-    # Create system group
-    if ! getent group linux-patch-api &>/dev/null; then
-        groupadd --system linux-patch-api
-    fi
-
-    # Create system user
-    if ! getent passwd linux-patch-api &>/dev/null; then
-        useradd --system \
-            --gid linux-patch-api \
-            --home-dir /var/lib/linux_patch_api \
-            --no-create-home \
-            --shell /usr/bin/nologin \
-            --comment "Linux Patch API Service" \
-            linux-patch-api
-    fi
-
    # Create required directories
    mkdir -p /etc/linux_patch_api/certs
    mkdir -p /var/lib/linux_patch_api
    mkdir -p /var/log/linux_patch_api

-    # Set proper ownership
-    chown -R linux-patch-api:linux-patch-api /var/lib/linux_patch_api
-    chown -R linux-patch-api:linux-patch-api /var/log/linux_patch_api
+    # Set proper ownership (service runs as root)
+    chown -R root:root /var/lib/linux_patch_api
+    chown -R root:root /var/log/linux_patch_api

    # Set secure permissions
    chmod 750 /etc/linux_patch_api
@ -37,13 +21,13 @@ post_install() {
    if [ ! -f "/etc/linux_patch_api/config.yaml" ]; then
        cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml
        chmod 640 /etc/linux_patch_api/config.yaml
-        chown linux-patch-api:linux-patch-api /etc/linux_patch_api/config.yaml
+        chown root:root /etc/linux_patch_api/config.yaml
    fi

    if [ ! -f "/etc/linux_patch_api/whitelist.yaml" ]; then
        cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml
        chmod 640 /etc/linux_patch_api/whitelist.yaml
-        chown linux-patch-api:linux-patch-api /etc/linux_patch_api/whitelist.yaml
+        chown root:root /etc/linux_patch_api/whitelist.yaml
    fi

    # Reload systemd daemon
@ -90,7 +74,6 @@ post_remove() {
    systemctl daemon-reload 2>/dev/null || true

    # Remove directories only if empty (preserve user data on upgrade/reinstall)
-    # Arch doesn't have purge vs remove distinction like Debian
    rmdir --ignore-fail-on-non-empty /var/lib/linux_patch_api 2>/dev/null || true
    rmdir --ignore-fail-on-non-empty /var/log/linux_patch_api 2>/dev/null || true