Fix lintian's maintainer-script-should-not-use-recursive-chown-or-chmod

* The file ownership and access rights setup was moved from postinst to rules to avoid the hardlink attack vulnerability, as described in: $ lintian-info -t maintainer-script-should-not-use-recursive-chown-or-chmod * Solution #1 was chosen as all files should belong to root.

Fix lintian's maintainer-script-should-not-use-recursive-chown-or-chmod
0ea4df16 · Radko Krkoš · fb95b35f · 0ea4df16 · 0ea4df16
Commit 0ea4df16 authored 3 years ago by Radko Krkoš
--- a/packaging/debian/postinst
+++ b/packaging/debian/postinst
@@ -100,20 +100,5 @@ do
    chmod 775 "$d"
 done

-# Make sure all configuration files have proper ownerships
-find /etc/mentat/ -exec chown root:root {} \;
-
-# Make sure all configuration directories have proper permissions
-find /etc/mentat/ -type d -exec chmod 755 {} \;
-
-# Make sure all configuration files have proper permissions
-find /etc/mentat/ -name "*.conf*" -exec chmod 644 {} \;
-find /etc/mentat/ -name "*.json*" -exec chmod 644 {} \;
-find /etc/mentat/cron/ -name "*.cron" -exec chmod 644 {} \;
-
-# Make sure all executable scripts have proper permissions
-find /etc/mentat/scripts/ -name "*.py" -exec chmod 755 {} \;
-find /etc/mentat/scripts/ -name "*.sh" -exec chmod 755 {} \;
-
 # Create PostgreSQL database
 /etc/mentat/scripts/sqldb-init.sh
--- a/packaging/debian/rules
+++ b/packaging/debian/rules
@@ -26,6 +26,21 @@ binary:
 	cp -r ../etc/init.d debian/mentat-ng/etc/
 	cp -r ../etc/systemd debian/mentat-ng/etc/

+	# Make sure all configuration files have proper ownerships
+	find debian/mentat-ng/etc/mentat/ -exec chown root:root {} \;
+
+	# Make sure all configuration directories have proper permissions
+	find debian/mentat-ng/etc/mentat/ -type d -exec chmod 755 {} \;
+
+	# Make sure all configuration files have proper permissions
+	find debian/mentat-ng/etc/mentat/ -name "*.conf*" -exec chmod 644 {} \;
+	find debian/mentat-ng/etc/mentat/ -name "*.json*" -exec chmod 644 {} \;
+	find debian/mentat-ng/etc/mentat/cron/ -name "*.cron" -exec chmod 644 {} \;
+
+	# Make sure all executable scripts have proper permissions
+	find debian/mentat-ng/etc/mentat/scripts/ -name "*.py" -exec chmod 755 {} \;
+	find debian/mentat-ng/etc/mentat/scripts/ -name "*.sh" -exec chmod 755 {} \;
+
 ifeq ($(BUILD_SUITE),production)
 	echo "mentat-ng" > debian/mentat-ng/etc/mentat/install.pip
 else ifeq ($(BUILD_SUITE),release)