git-echo/linux_patch_api
Private
Public Access
1
0
Fork 0
Code Releases 32 Wiki Activity

fix: align all non-Ubuntu packages with Debian baseline behavior
Some checks failed
CI/CD Pipeline / Code Format (push) Successful in 4s
Details
CI/CD Pipeline / Clippy Lints (push) Successful in 44s
Details
CI/CD Pipeline / All Unit Tests (push) Successful in 1m12s
Details
CI/CD Pipeline / Security Audit (push) Successful in 5s
Details
CI/CD Pipeline / Enrollment Tests (push) Successful in 1m15s
Details
CI/CD Pipeline / Build Debian Package (push) Has been cancelled
Details
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Has been cancelled
Details
CI/CD Pipeline / Build Arch Package (push) Has been cancelled
Details
CI/CD Pipeline / Build RPM Package (push) Has been cancelled
Details
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Has been cancelled
Details
CI/CD Pipeline / Build Alpine Package (push) Has been cancelled
Details

Browse Source 
- Arch: remove system user creation, root:root ownership, fix $startdir path in PKGBUILD
- RPM: uncomment BuildRequires, add runtime deps (openssl-libs, ca-certificates), remove system user, root:root ownership
- Alpine: remove system user creation, root:root ownership, co-locate install script with APKBUILD
- All platforms now match Debian: no system user, root:root, create dirs, copy example configs, enable service
This commit is contained in:
Echo
2026-05-20 02:01:52 +00:00
parent bcc0d40413
commit 8952589efd
6 changed files with 118 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
configs/linux-patch-api.apk-install
View File

@ -1,28 +1,18 @@
#!/bin/sh
# Alpine Linux install hooks for linux-patch-api
# Reference: debian/{preinst,postinst,prerm,postrm}
# Matches Debian preinst/postinst behavior: no system user, root:root ownership
# Alpine APKBUILD install script format: pre-install, post-install, pre-deinstall, post-deinstall
# Pre-install: Create user/group and directories before files are laid down
# Pre-install: Create directories before files are laid down
pre_install() {
# Create system group
if ! getent group linux-patch-api >/dev/null; then
addgroup --system linux-patch-api
fi
# Create system user
if ! getent passwd linux-patch-api >/dev/null; then
adduser --system --ingroup linux-patch-api --home /var/lib/linux_patch_api --no-create-home --shell /sbin/nologin --gecos "Linux Patch API Service" --disabled-password linux-patch-api
fi
# Create required directories
mkdir -p /etc/linux_patch_api/certs
mkdir -p /var/lib/linux_patch_api
mkdir -p /var/log/linux_patch_api
# Set proper ownership
chown -R linux-patch-api:linux-patch-api /var/lib/linux_patch_api
chown -R linux-patch-api:linux-patch-api /var/log/linux_patch_api
# Set proper ownership (service runs as root)
chown -R root:root /var/lib/linux_patch_api
chown -R root:root /var/log/linux_patch_api
# Set secure permissions
chmod 750 /etc/linux_patch_api
@ -40,7 +30,7 @@ post_install() {
if [ -f "/etc/linux_patch_api/config.yaml.example" ]; then
cp /etc/linux_patch_api/config.yaml.example /etc/linux_patch_api/config.yaml
chmod 640 /etc/linux_patch_api/config.yaml
chown linux-patch-api:linux-patch-api /etc/linux_patch_api/config.yaml
chown root:root /etc/linux_patch_api/config.yaml
fi
fi
@ -48,7 +38,7 @@ post_install() {
if [ -f "/etc/linux_patch_api/whitelist.yaml.example" ]; then
cp /etc/linux_patch_api/whitelist.yaml.example /etc/linux_patch_api/whitelist.yaml
chmod 640 /etc/linux_patch_api/whitelist.yaml
chown linux-patch-api:linux-patch-api /etc/linux_patch_api/whitelist.yaml
chown root:root /etc/linux_patch_api/whitelist.yaml
fi
fi