in `debian/ceph-common.postinst` and `debian/cephadm.postinst`, we
use `adduser --system` to create the system user when configuring
the corresponding package.
before this change, the dependency is not listed in the runtime
`Depends` section of ceph-common and cephadm.
in this change, the dependency is added. this is also suggested
by Securing Debian Manual, see
https://www.debian.org/doc/manuals/securing-debian-manual/bpp-lower-privs.en.html
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
(cherry picked from commit
2a30ddccd04b204821f0496856847e8ffc07835d)
Package: cephadm
Architecture: linux-any
Recommends: podman (>= 2.0.2) | docker.io | docker-ce
-Depends: lvm2,
+Depends: adduser (>= 3.11),
+ lvm2,
python3,
${python3:Depends},
Description: cephadm utility to bootstrap ceph daemons with systemd and containers
Package: ceph-common
Architecture: linux-any
-Depends: librbd1 (= ${binary:Version}),
+Depends: adduser (>= 3.11),
+ librbd1 (= ${binary:Version}),
python3-cephfs (= ${binary:Version}),
python3-ceph-argparse (= ${binary:Version}),
python3-ceph-common (= ${binary:Version}),