WIP - Testing salt-master maintain ownership fixes

pkg/debian/salt-master.config

@@ -1,7 +1,7 @@
-#!/bin/sh -e
-
-# Source debconf library.
-. /usr/share/debconf/confmodule
-
-db_input medium salt-master/user || true
-db_go || true
+## TBD DGM #!/bin/sh -e
+## TBD DGM
+## TBD DGM # Source debconf library.
+## TBD DGM . /usr/share/debconf/confmodule
+## TBD DGM
+## TBD DGM db_input medium salt-master/user || true
+## TBD DGM db_go || true

pkg/debian/salt-master.preinst

@@ -1,5 +1,11 @@
+#!/bin/sh -e
+
+. /usr/share/debconf/confmodule
+
+## TBD DGM need to allow for salt-minion having been installed previously and need to allow for it's ownership
+
 case "$1" in
-  install|upgrade)
+  install)
     [ -z "$SALT_HOME" ] && SALT_HOME=/opt/saltstack/salt
     [ -z "$SALT_USER" ] && SALT_USER=salt
     [ -z "$SALT_NAME" ] && SALT_NAME="Salt"
@@ -7,10 +13,36 @@ case "$1" in
     PY_VER=$(/opt/saltstack/salt/bin/python3 -c "import sys; sys.stdout.write('{}.{}'.format(*sys.version_info)); sys.stdout.flush();")
 
     # Reset permissions to fix previous installs
-    # TBD DGM Need to check this code for root:root, doesn't seem correct, needs to be whatever the user is
     find ${SALT_HOME} /etc/salt /var/log/salt /var/cache/salt /var/run/salt \
-        \! \( -path /etc/salt/cloud.deploy.d\* -o -path /var/log/salt/cloud -o -path /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy\* \) -a \
-        \( -user ${SALT_USER} -o -group ${SALT_GROUP} \) -exec chown root:root \{\} \;
+        \! \( -path /etc/salt/cloud.deploy.d\* -o -path /var/log/salt/cloud -o -path \
+        /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy\* \) -a \( -user ${SALT_USER} \
+        -o -group ${SALT_GROUP} \) -exec chown ${SALT_USER}:${SALT_GROUP} \{\} \;
+
+    ;;
+    esac
+
+  # remove incorrectly installed ufw salt-master directory - issue 57712
+  test -d /etc/ufw/applications.d/salt-master && rm -rf /etc/ufw/applications.d/salt-master || /bin/true
+
+  ;;
+
+  upgrade)
+    [ -z "$SALT_HOME" ] && SALT_HOME=/opt/saltstack/salt
+    [ -z "$SALT_USER" ] && SALT_USER=salt
+    [ -z "$SALT_NAME" ] && SALT_NAME="Salt"
+    [ -z "$SALT_GROUP" ] && SALT_GROUP=salt
+    PY_VER=$(/opt/saltstack/salt/bin/python3 -c "import sys; sys.stdout.write('{}.{}'.format(*sys.version_info)); sys.stdout.flush();")
+
+    # Reset permissions to fix previous installs
+##     find ${SALT_HOME} /etc/salt /var/log/salt /var/cache/salt /var/run/salt \
+##         \! \( -path /etc/salt/cloud.deploy.d\* -o -path /var/log/salt/cloud -o -path /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy\* \) -a \
+##         \( -user ${SALT_USER} -o -group ${SALT_GROUP} \) -exec chown root:root \{\} \;
+    CUR_USER = $(ls -dl /run/salt/master | cur -d ' ' -f 3)
+    CUR_GROUP = $(ls -dl /run/salt/master | cur -d ' ' -f 4)
+    db_set salt-master/user $CUR_USER
+      chown -R $CUR_USER:$CUR_GROUP /etc/salt/pki/master /etc/salt/master.d /var/log/salt/master \
+        /var/log/salt/key /var/cache/salt/master /var/run/salt/master
+    fi
 
     ;;
     esac

pkg/rpm/salt.spec

@@ -631,6 +631,24 @@ else
     chown -R %{_SALT_USER}:%{_SALT_GROUP} /var/log/salt/api
 fi
 
+%posttrans minion
+if [ ! -e "/var/log/salt/minion" ]; then
+  touch /var/log/salt/minion
+  chmod 640 /var/log/salt/minion
+fi
+if [ ! -e "/var/log/salt/key" ]; then
+  touch /var/log/salt/key
+  chmod 640 /var/log/salt/key
+fi
+if [ $1 -gt 1 ] ; then
+    # Reset permissions to match previous installs - performing upgrade
+#    _CUR_USER=$(ls -dl /run/salt/minion | cut -d ' ' -f 3)
+#    _CUR_GROUP=$(ls -dl /run/salt/minion | cut -d ' ' -f 4)
+    chown -R %{_CUR_USER}:%{_CUR_GROUP} /etc/salt/pki/minion /etc/salt/minion.d /var/log/salt/minion /var/cache/salt/minion /var/run/salt/minion
+else
+    chown -R %{_SALT_USER}:%{_SALT_GROUP} /etc/salt/pki/minion /etc/salt/minion.d /var/log/salt/minion /var/cache/salt/minion /var/run/salt/minion
+fi
+
 
 %preun
 if [ $1 -eq 0 ]; then