]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
debian/control: add adduser to Depends of cephadm and ceph-common
authorKefu Chai <tchaikov@gmail.com>
Wed, 17 Jan 2024 15:09:02 +0000 (23:09 +0800)
committerMatthew Vernon <mvernon@wikimedia.org>
Thu, 22 Feb 2024 10:06:29 +0000 (10:06 +0000)
in `debian/ceph-common.postinst` and `debian/cephadm.postinst`, we
use `adduser --system` to create the system user when configuring
the corresponding package.

before this change, the dependency is not listed in the runtime
`Depends` section of ceph-common and cephadm.

in this change, the dependency is added. this is also suggested
by Securing Debian Manual, see
https://www.debian.org/doc/manuals/securing-debian-manual/bpp-lower-privs.en.html

Signed-off-by: Kefu Chai <tchaikov@gmail.com>
(cherry picked from commit 2a30ddccd04b204821f0496856847e8ffc07835d)

debian/control

index 837a55a371670874dc91efb835f417e63f16481a..14ac6958c64c2364800ce384aab0b8bdd0027faa 100644 (file)
@@ -184,7 +184,8 @@ Description: debugging symbols for ceph-base
 Package: cephadm
 Architecture: linux-any
 Recommends: podman (>= 2.0.2) | docker.io | docker-ce
-Depends: lvm2,
+Depends: adduser (>= 3.11),
+        lvm2,
         python3,
         ${python3:Depends},
 Description: cephadm utility to bootstrap ceph daemons with systemd and containers
@@ -610,7 +611,8 @@ Description: debugging symbols for rbd-nbd
 
 Package: ceph-common
 Architecture: linux-any
-Depends: librbd1 (= ${binary:Version}),
+Depends: adduser (>= 3.11),
+         librbd1 (= ${binary:Version}),
          python3-cephfs (= ${binary:Version}),
          python3-ceph-argparse (= ${binary:Version}),
          python3-ceph-common (= ${binary:Version}),