Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OF-2873 Improve debian package #2523

Merged
merged 11 commits into from
Sep 17, 2024
Merged

OF-2873 Improve debian package #2523

merged 11 commits into from
Sep 17, 2024

Conversation

stokito
Copy link
Contributor

@stokito stokito commented Sep 17, 2024

I added a link to the Transifex to make it easier to find. It would be great to add it also on the website.

In the README I also spitted long lines to separate lines to make it easier to read without any work wrapping.

The debian lintian reports a lot of warnings for the deb package itself and I tried to fix some of them.

The biggest change is in the last commit d530fe9
The linitan reported: W: openfire: recursive-privilege-change "chmod -R" [postinst:39]:

mkdir -p /var/log/openfire
mkdir -p /var/lib/openfire/embedded-db
chown -R openfire:openfire /usr/share/openfire
chown -R openfire:openfire /var/lib/openfire
chown -R openfire:openfire /var/log/openfire
chown -R openfire:openfire /etc/openfire
chmod -R o-rwx /usr/share/openfire
chmod -R o-rwx /var/lib/openfire
chmod -R o-rwx /var/log/openfire
chmod -R o-rwx /etc/openfire

Here we have a few problems:

  1. The dirs can be created by the openfire.dirs or even better by the make install and then deb package will contain them too.
  2. The /usr/share/openfire should contain things like images and assets so it should be read only for anyone and there should be no any need to chown it to the openfire. I removed the chown.
  3. The /var/log/openfire actually may be removed and logs by default should be printed to stdout or syslog where they can be collected by the systemd-journald and then available from the journalctl -u openfire -f command. This is not our business how to persist logs. The Prosody allows both: syslog and the append to a log file. This needs to be discussed separately.
  4. The /etc/openfire folder is also shouldn't be writable but I see that it may be used for some backup (?). Maybe it would be better to save backups to the /var/lib/openfire folder instead.

@guusdk guusdk requested a review from akrherz September 17, 2024 19:04
@guusdk
Copy link
Member

guusdk commented Sep 17, 2024

On a cursory look, I can't spot major issues with this, but I'm not familiar with Debian packaging at all.

@akrherz
Copy link
Member

akrherz commented Sep 17, 2024

@stokito Thanks, I added you in Jira to a group that should allow issue creation there against Openfire.

@akrherz akrherz added the backport 4.9 on merge, GHA will generate a PR with these changes against 4.9 branch label Sep 17, 2024
@akrherz akrherz changed the title Improve debian package OF-2873 Improve debian package Sep 17, 2024
@akrherz akrherz merged commit 343159f into igniterealtime:main Sep 17, 2024
16 checks passed
@github-actions GitHub Actions
Copy link

Successfully created backport PR for 4.9:

@github-actions github-actions bot mentioned this pull request Sep 17, 2024
Merged
@stokito stokito deleted the chore branch September 17, 2024 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akrherz akrherz akrherz approved these changes

Assignees
No one assigned
Labels
backport 4.9 on merge, GHA will generate a PR with these changes against 4.9 branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stokito @guusdk @akrherz