DevHeads.net

debuginfod non-standard-uid and cache permissions

Hi fedora devel list,

The new elfutils upstream comes with a debuginfod server which we want
packaged (as a sub-package) for fedora. Testing looks good and
everything seems to work, but rpmlint flags a couple of issues that I
don't think should be real issues. Could someone help me understand why
rpmlint seems unhappy with:

elfutils-debuginfod.x86_64: W: non-standard-uid /var/cache/debuginfod debuginfod
elfutils-debuginfod.x86_64: W: non-standard-gid /var/cache/debuginfod debuginfod
elfutils-debuginfod.x86_64: E: non-standard-dir-perm /var/cache/debuginfod 700
elfutils-debuginfod.x86_64: W: non-standard-uid /var/cache/debuginfod/debuginfod.sqlite debuginfod
elfutils-debuginfod.x86_64: W: non-standard-gid /var/cache/debuginfod/debuginfod.sqlite debuginfod
elfutils-debuginfod.x86_64: E: non-readable /var/cache/debuginfod/debuginfod.sqlite 600
elfutils-debuginfod.x86_64: E: zero-length /var/cache/debuginfod/debuginfod.sqlite

These are all done deliberately through the following constructs in the spec file:

In %pre to create the debuginfod user:

getent group debuginfod >/dev/null || groupadd -r debuginfod
getent passwd debuginfod >/dev/null || \
useradd -r -g debuginfod -d /var/cache/debuginfod -s /sbin/nologin \
-c "elfutils debuginfo server" debuginfod
exit 0

In %install to create the dir/file artifacts:

mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/cache/debuginfod
touch ${RPM_BUILD_ROOT}%{_localstatedir}/cache/debuginfod/debuginfod.sqlite

And in %files to install them with the right permissions:

%dir %attr(0700,debuginfod,debuginfod) %{_localstatedir}/cache/debuginfod
%verify(not md5 size mtime) %attr(0600,debuginfod,debuginfod) %{_localstatedir}/cache/debuginfod/debuginfod.sqlite

Should anything be done differently or does any of that violate
(rpmlint) policy somehow?

Thanks,

Mark

Comments

Re: debuginfod non-standard-uid and cache permissions

By Frank Ch. Eigler at 11/27/2019 - 10:14

Hi -

These are all intended to use the preferred "dynamic allocation" model:

<a href="https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/" title="https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/">https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/</a>

- FChE