Control: tags -1 patch Hi!
On Tue, 2025-01-07 at 13:08:28 -0700, Sam Hartman wrote: > >>>>> "Lucas" == Lucas Nussbaum <lu...@debian.org> writes: > > install: cannot change ownership of > > 'debian/krb5-admin-server/usr/sbin/krb5_newrealm': Operation not permitted > It looks like this is a result of defaulting to rules-requires-root: no > (was that change in your rebuild?) Yes. > I think that I need to set rules-requires-root to binary-targets to deal > with the setuid bit on ksu. Is that still correct? Setting the set-user-ID bit should not be a privileged operation, the only problem should be with the chown:s. The attached patch seems to work for me with a local build, but just to make sure we still have the set-user-ID bit, I checked the .deb: $ dpkg-deb -c krb5-user_1.21.3-3_amd64.deb | grep bin/ksu -rwsr-xr-x root/root 56520 2024-07-05 19:25 ./usr/bin/ksu.mit But perhaps you want to do two builds with the different Rules-Requires-Root values and debdiff/diffoscope them to make extra sure. The patch should work with the old binary-targets default, as the files will then get installed via fakeroot, and with the new default as the .deb will be built using dpkg-deb --root-owner-group, which forces the user:group to be root:root, w/o any need to set the Rules-Requires-Root field. Thanks, Guillem
diff --git i/debian/rules w/debian/rules index d868ca7..b5508a9 100755 --- i/debian/rules +++ w/debian/rules @@ -122,9 +122,9 @@ override_dh_install-arch: docbook-to-man debian/krb5_newrealm.sgml \ > debian/krb5-admin-server/usr/share/man/man8/krb5_newrealm.8 - install -o root -g root -m 755 debian/krb5_newrealm \ + install -m 755 debian/krb5_newrealm \ debian/krb5-admin-server/usr/sbin - install -o root -g root -m 644 debian/kdc.conf \ + install -m 644 debian/kdc.conf \ debian/krb5-kdc/usr/share/krb5-kdc/kdc.conf.template ln -s /usr/share/krb5-kdc/kdc.conf.template \ debian/krb5-kdc/usr/share/doc/krb5-kdc/examples/kdc.conf
