Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package trousers
[ Reason ]
The current package manages the /var/lib/tpm and tss user, but other
packages in debian, namely the tpm-udev package, is also doing so. Same
for the udev rules that shipped in both the trousers package and the
tpm-udev one.
The goal was to migrate the management of the tss user and its home
directory and the needed udev rules to a central package so the
different implementaitons of the tpm stack could co-exist.
[ Impact ]
Multiple udev rules will be evaluated for the same device.
Also, if the trousers package is purged, the tss user will be removed
and the udev rules shipped by the tpm-udev package will not work
anymore.
[ Tests ]
I tried to purge the tpm-udev and trousers package an tried to
reinstall them. Trousers daemon starts properly
The permissions on the /dev/tpm devices are ok, even after reboot.
[ Risks ]
if the tss user or /var/lib/tpm is not properly created, the daemon will
more than probably fail to start.
The way of creating the tss user is the same between the tpm-udev and
former trousers package so that shouldn't be a problem
tpm-udev:
adduser --system --ingroup tss --shell /bin/false --home /var/lib/tpm
--no-create-home --gecos "TPM software stack" tss
trousers:
adduser --system --quiet --home /var/lib/tpm --shell /bin/false
--no-create-home --group tss
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
The trousers package is not shipping the /var/lib/tpm directory anymore,
I decided to give full ownership of that directory to the tpm-udev
package, not sure if that was the best solution
Also note bug #989867
unblock trousers/0.3.14+fixed1-1.2
diff -Nru trousers-0.3.14+fixed1/debian/changelog
trousers-0.3.14+fixed1/debian/changelog
--- trousers-0.3.14+fixed1/debian/changelog 2020-08-17 07:36:43.000000000
+0200
+++ trousers-0.3.14+fixed1/debian/changelog 2021-06-15 00:29:18.000000000
+0200
@@ -1,3 +1,12 @@
+trousers (0.3.14+fixed1-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Migrate to tpm-udev package, do not ship the udev rule file, create the
+ user or /var/lib/tpm directory anymore (Closes: #787244, #889491, #944751)
+ * debian/trousers.prerm: Remove migration code path that predates Jessie
+
+ -- Laurent Bigonville <bi...@debian.org> Tue, 15 Jun 2021 00:29:18 +0200
+
trousers (0.3.14+fixed1-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru trousers-0.3.14+fixed1/debian/control
trousers-0.3.14+fixed1/debian/control
--- trousers-0.3.14+fixed1/debian/control 2016-11-20 16:10:31.000000000
+0100
+++ trousers-0.3.14+fixed1/debian/control 2021-06-14 23:19:13.000000000
+0200
@@ -13,7 +13,7 @@
Package: trousers
Architecture: any
-Depends: ${misc:Depends}, ${shlibs:Depends}, adduser, lsb-base (>= 3.0-6)
+Depends: ${misc:Depends}, ${shlibs:Depends}, lsb-base (>= 3.0-6), tpm-udev
Breaks: udev (<< 136-1)
Description: open-source TCG Software Stack (daemon)
TrouSerS is an implementation of the Trusted Computing Group's Software Stack
diff -Nru trousers-0.3.14+fixed1/debian/rules
trousers-0.3.14+fixed1/debian/rules
--- trousers-0.3.14+fixed1/debian/rules 2016-11-20 16:10:31.000000000 +0100
+++ trousers-0.3.14+fixed1/debian/rules 2021-06-14 23:15:06.000000000 +0200
@@ -16,6 +16,3 @@
override_dh_strip:
dh_strip --dbg-package=trousers-dbg
-
-override_dh_installudev:
- dh_installudev -n --priority=45
diff -Nru trousers-0.3.14+fixed1/debian/trousers.install
trousers-0.3.14+fixed1/debian/trousers.install
--- trousers-0.3.14+fixed1/debian/trousers.install 2016-11-20
16:10:31.000000000 +0100
+++ trousers-0.3.14+fixed1/debian/trousers.install 2021-06-15
00:06:23.000000000 +0200
@@ -2,4 +2,3 @@
/usr/sbin
/usr/share/man/man8
/usr/share/man/man5
-/var/lib/tpm
diff -Nru trousers-0.3.14+fixed1/debian/trousers.postinst
trousers-0.3.14+fixed1/debian/trousers.postinst
--- trousers-0.3.14+fixed1/debian/trousers.postinst 2016-11-20
16:10:31.000000000 +0100
+++ trousers-0.3.14+fixed1/debian/trousers.postinst 2021-06-14
23:25:54.000000000 +0200
@@ -4,22 +4,11 @@
case "${1}" in
configure)
- # Adding tss system user
- adduser --system --quiet --home /var/lib/tpm --shell /bin/false
--no-create-home --group tss
-
# Setting owner
- chown tss:tss /var/lib/tpm -R
chown tss:tss /etc/tcsd.conf
# Setting permissions
chmod 0600 /etc/tcsd.conf
- chmod 0700 /var/lib/tpm
-
- # ask udev to check for new udev rules (and fix device
permissions)
- if [ -e /dev/tpm0 ] && udevadm --version > /dev/null; then
- udevadm control --reload-rules ||:
- udevadm trigger --sysname-match="tpm[0-9]*" ||:
- fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
diff -Nru trousers-0.3.14+fixed1/debian/trousers.postrm
trousers-0.3.14+fixed1/debian/trousers.postrm
--- trousers-0.3.14+fixed1/debian/trousers.postrm 2016-11-20
16:10:31.000000000 +0100
+++ trousers-0.3.14+fixed1/debian/trousers.postrm 1970-01-01
01:00:00.000000000 +0100
@@ -1,26 +0,0 @@
-#!/bin/sh
-
-set -e
-
-case "${1}" in
- remove)
- if [ -x /usr/sbin/deluser ]
- then
- deluser --system --remove-home tss || true
- deluser --group --only-if-empty tss || true
- fi
- ;;
-
- purge|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-
- ;;
-
- *)
- echo "postrm called with unknown argument \`${1}'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
diff -Nru trousers-0.3.14+fixed1/debian/trousers.preinst
trousers-0.3.14+fixed1/debian/trousers.preinst
--- trousers-0.3.14+fixed1/debian/trousers.preinst 2016-11-20
16:10:31.000000000 +0100
+++ trousers-0.3.14+fixed1/debian/trousers.preinst 1970-01-01
01:00:00.000000000 +0100
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if [ "$1" = install ] || [ "$1" = upgrade ]; then
- if [ -e "/etc/udev/rules.d/45-trousers.rules" ]; then
- if [ "`md5sum \"/etc/udev/rules.d/45-trousers.rules\" | sed -e
\"s/ .*//\"`" = \
- "`dpkg-query -W -f='${Conffiles}' trousers | sed -n -e
\"\\\\' /etc/udev/rules.d/45-trousers.rules '{s/ obsolete$//;s/.* //p}\"`" ]
- then
- rm -f "/etc/udev/rules.d/45-trousers.rules"
- fi
- fi
-fi
-
-#DEBHELPER#
diff -Nru trousers-0.3.14+fixed1/debian/trousers.prerm
trousers-0.3.14+fixed1/debian/trousers.prerm
--- trousers-0.3.14+fixed1/debian/trousers.prerm 2016-11-20
16:10:31.000000000 +0100
+++ trousers-0.3.14+fixed1/debian/trousers.prerm 1970-01-01
01:00:00.000000000 +0100
@@ -1,45 +0,0 @@
-#!/bin/sh
-# prerm script for trousers
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <prerm> `remove'
-# * <old-prerm> `upgrade' <new-version>
-# * <new-prerm> `failed-upgrade' <old-version>
-# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
-# * <deconfigured's-prerm> `deconfigure' `in-favour'
-# <package-being-installed> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- remove|upgrade|deconfigure)
- ;;
-
- failed-upgrade)
- if dpkg --compare-versions "$2" lt 0.3.8-3; then
- # hack to avoid #676828
- # removing the executable will make the init script exit gracefully
- rm -f /usr/sbin/tcsd
- # kill tcsd (and any other process owned by the tss user)
- killall -u tss 2>/dev/null || true
- fi
- ;;
-
- *)
- echo "prerm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff -Nru trousers-0.3.14+fixed1/debian/trousers.udev
trousers-0.3.14+fixed1/debian/trousers.udev
--- trousers-0.3.14+fixed1/debian/trousers.udev 2016-11-20 16:10:31.000000000
+0100
+++ trousers-0.3.14+fixed1/debian/trousers.udev 1970-01-01 01:00:00.000000000
+0100
@@ -1 +0,0 @@
-KERNEL=="tpm[0-9]*", MODE="0600", OWNER="tss", GROUP="tss"
