Make dbus-daemon-launch-helper permissions more robust (Closes: #773107)debian/1.9.4-2

* postinst: use dpkg-statoverride to set the permissions for
  dbus-daemon-launch-helper (expected to be 04754 root:messagebus)
  as suggested in Policy §10.9. This avoids a temporarily broken state
  when an upgraded dbus is unpacked but not yet configured (Closes: #773107)
* preinst: opportunistically set up the same dpkg-statoverride entry
  if the group already exists, to avoid the same broken state during
  upgrades from older versions without needing Pre-Depends: adduser
* postrm: delete the dpkg-statoverride entry on purge

4 files changed, 42 insertions, 2 deletions

diff --git a/debian/changelog b/debian/changelog
index 502aa4f4..ad7899af 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+dbus (1.9.4-2) experimental; urgency=medium
+
+  * postinst: use dpkg-statoverride to set the permissions for
+    dbus-daemon-launch-helper (expected to be 04754 root:messagebus)
+    as suggested in Policy §10.9. This avoids a temporarily broken state
+    when an upgraded dbus is unpacked but not yet configured (Closes: #773107)
+  * preinst: opportunistically set up the same dpkg-statoverride entry
+    if the group already exists, to avoid the same broken state during
+    upgrades from older versions without needing Pre-Depends: adduser
+  * postrm: delete the dpkg-statoverride entry on purge
+
+ -- Simon McVittie <smcv@debian.org>  Mon, 15 Dec 2014 08:18:15 +0000
+
 dbus (1.9.4-1) experimental; urgency=medium
 
   * New upstream release 1.9.4
diff --git a/debian/dbus.postinst b/debian/dbus.postinst
index e4c5cf5a..27f77c22 100644
--- a/debian/dbus.postinst
+++ b/debian/dbus.postinst
@@ -31,9 +31,10 @@ if [ "$1" = configure ]; then
             --disabled-password \
             --group "$MESSAGEUSER"
 
+    # The preinst might have done this already, or a sysadmin might have
+    # set up their own dpkg-statoverride. Keep this in sync with the preinst.
     if ! dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1; then
-            chown root:"$MESSAGEUSER" "$LAUNCHER"
-            chmod 4754 "$LAUNCHER"
+        dpkg-statoverride --update --add root "$MESSAGEUSER" 4754 "$LAUNCHER"
     fi
 
     # This is idempotent, so it's OK to do every time. The system bus' init
diff --git a/debian/dbus.postrm b/debian/dbus.postrm
index 7fa3f5af..2081898b 100644
--- a/debian/dbus.postrm
+++ b/debian/dbus.postrm
@@ -7,6 +7,12 @@ if [ "$1" = "purge" ] ; then
 
 	rm -f /var/lib/dbus/machine-id
 	rmdir /var/lib/dbus || true
+
+	LAUNCHER=/usr/lib/dbus-1.0/dbus-daemon-launch-helper
+
+	if dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1 ; then
+		dpkg-statoverride --remove "$LAUNCHER"
+	fi
 fi
 
 #DEBHELPER#
diff --git a/debian/dbus.preinst b/debian/dbus.preinst
new file mode 100644
index 00000000..4588ef08
--- /dev/null
+++ b/debian/dbus.preinst
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+MESSAGEUSER=messagebus
+LAUNCHER=/usr/lib/dbus-1.0/dbus-daemon-launch-helper
+
+# Avoid having the new $LAUNCHER temporarily go back to
+# its permissions and ownership from the .deb (0755 root:root).
+# We do this opportunistically - only if $MESSAGEUSER already exists
+# (i.e. dbus is installed or has been installed in the past) - to avoid having
+# to pre-depend on adduser, and we don't do it if the postinst or
+# the sysadmin has already set up a dpkg-statoverride.
+# Keep this in sync with the postinst.
+if getent group "$MESSAGEUSER" >/dev/null && \
+        ! dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1; then
+    dpkg-statoverride --update --add root "$MESSAGEUSER" 4754 "$LAUNCHER"
+fi
+
+#DEBHELPER#