From d2a3b1587bee63f5019fab23725bf1a096e01dab Mon Sep 17 00:00:00 2001
From: Niels Thykier <niels@thykier.net>
Date: Sat, 7 Apr 2018 19:05:34 +0000
Subject: dh_usrlocal: Use default owner+mode from Policy v4.1.4

Signed-off-by: Niels Thykier <niels@thykier.net>
---
 autoscripts/postinst-usrlocal | 17 +++++++++++++++--
 debian/changelog              |  2 ++
 dh_usrlocal                   | 29 +++++++++++++++++------------
 t/dh_usrlocal/01-basic.t      |  2 +-
 4 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/autoscripts/postinst-usrlocal b/autoscripts/postinst-usrlocal
index ca207488..e856e0f8 100644
--- a/autoscripts/postinst-usrlocal
+++ b/autoscripts/postinst-usrlocal
@@ -1,12 +1,25 @@
 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ]; then
 (
+	default_mode=0755
+	default_user=root
+	default_group=root
+	if [ -e /etc/staff-group-for-usr-local ]; then
+		default_mode=02775
+		default_group=staff
+	fi
 	while read line; do
 		set -- $line
 		dir="$1"; mode="$2"; user="$3"; group="$4"
+		if [ "$mode" = "default" ]; then
+			mode="$default_mode"
+			user="$default_user"
+			group="$default_group"
+		fi
 		if [ ! -e "$dir" ]; then
 			if mkdir "$dir" 2>/dev/null; then
-				chown "$user":"$group" "$dir"
-				chmod "$mode" "$dir"
+				if chown "$user":"$group" "$dir" ; then
+					chmod "$mode" "$dir" || true
+				fi
 			fi
 		fi
 	done
diff --git a/debian/changelog b/debian/changelog
index dd465fd2..ca1559a4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -24,6 +24,8 @@ debhelper (11.2) UNRELEASED; urgency=medium
     Schauer for the suggestion.
   * dh_usrlocal: Implement a simple guard for directories that
     will likely cause issues in the shell snippets.
+  * dh_usrlocal: Use the new rules from Debian Policy 4.1.4 to
+    determine the default ownership and mode for directories.
 
   [ Nicolas Boulenguez ]
   * dh_installxfonts: Fix typo that causes a misc:Depends on
diff --git a/dh_usrlocal b/dh_usrlocal
index 93bf3d6b..cda686f2 100755
--- a/dh_usrlocal
+++ b/dh_usrlocal
@@ -33,18 +33,19 @@ snippets are inserted into the maintainer scripts by B<dh_installdeb>. See
 L<dh_installdeb(1)> for an explanation of debhelper maintainer script
 snippets.
 
-When the I<Rules-Requires-Root> field is not (effectively)
-I<binary-targets>, the directories in F</usr/local> will have
-ownership root:staff and the mode will be 02775.  These values have
-been chosen to comply with the recommendations of the Debian policy
-for directories in F</usr/local>.
+When the I<DEB_RULES_REQUIRES_ROOT> environment variable is not (effectively)
+I<binary-targets>, the directories in F</usr/local> will be handled as if
+they were owned by root:root (see below).
 
-When I<Rules-Requires-Root> has an effective value of
+When the I<DEB_RULES_REQUIRES_ROOT> environment variable has an effective value of
 I<binary-targets>, the owners, groups and permissions will be
-preserved with one exception.  If the directory is owned by root:root,
-then ownership will be reset to root:staff and mode will be reset to
-02775. This is useful, since that is the group and mode policy
-recommends for directories in F</usr/local>.
+preserved with the sole exception where the directory is owned by root:root.
+
+If a directory is owned by root:root, then ownership will be determined
+at install time.  The ownership and permission bits will either be root:root
+mode 0755 or root:staff mode 02775.  The actual choice depends on whether
+the system has F/etc/staff-group-for-usr-local> (as documented in the Debian
+Policy Manual §9.1.2 since version 4.1.4)
 
 =head1 OPTIONS
 
@@ -107,7 +108,9 @@ foreach my $package (@{$dh{DOPACKAGES}}) {
 				  if (should_use_root()) {
 					  my $stat = stat $File::Find::dir;
 					  if ($stat->uid == 0 && $stat->gid == 0) {
-						  push @dirs, "$fn 02775 root staff";
+						  # Figure out the ownership and permission at runtime
+						  # (required by Policy 9.1.2)
+						  push(@dirs, "$fn default");
 					  } else {
 						  my $user = getpwuid $stat->uid;
 						  my $group = getgrgid $stat->gid;
@@ -115,7 +118,9 @@ foreach my $package (@{$dh{DOPACKAGES}}) {
 						  push @dirs, "$fn $mode $user $group";
 					  }
 				  } else {
-					  push @dirs, "$fn 02775 root staff";
+					  # Figure out the ownership and permission at runtime
+					  # (required by Policy 9.1.2)
+					  push(@dirs, "$fn default");
 				  }
 		      }}, "$tmp/usr/local");
 
diff --git a/t/dh_usrlocal/01-basic.t b/t/dh_usrlocal/01-basic.t
index e79e615b..2cd3f842 100755
--- a/t/dh_usrlocal/01-basic.t
+++ b/t/dh_usrlocal/01-basic.t
@@ -51,7 +51,7 @@ sub perform_test {
 	@prerm = extract_generated_lines("debian/debhelper.prerm.debhelper");
 
 	is_deeply(\@postinst,
-			  [map { "$_ 02775 root staff" } @{$expected_dirs_postinst}],
+			  [map { "$_ default" } @{$expected_dirs_postinst}],
 			  "Correct postinst"
 		) or do { diag("postinst: $_") for @postinst; };
 	is_deeply(\@prerm,
-- 
cgit v1.2.3