From da8281218d90cbdd5567d3654e59626da111092a Mon Sep 17 00:00:00 2001
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Sun, 23 Oct 2016 12:35:06 -0700
Subject: delete _keysafe user and group after chowning

---
 debian/keysafe-server.postrm | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'debian/keysafe-server.postrm')

diff --git a/debian/keysafe-server.postrm b/debian/keysafe-server.postrm
index ad695da..9c9ac85 100755
--- a/debian/keysafe-server.postrm
+++ b/debian/keysafe-server.postrm
@@ -3,9 +3,16 @@
 set -e
 
 # ensure the server process has been killed before calling userdel(1)
-
 #DEBHELPER#
 
+# delete the _keysafe user and group, after chowning the shard storage
+# to root so that it does not end up owned by another system user
+if [ "$1" = "purge" ]; then
+    chown -R root:root /var/lib/keysafe
+    userdel _keysafe || true
+    groupdel _keysafe || true
+fi
+
 # For the time being, at the request of upstream, we don't ever delete
 # /var/lib/keysafe, even on a purge (note that for security this
 # requires that we also never delete the _keysafe user and group)
@@ -14,11 +21,4 @@ set -e
 # people's private keys, so it probably shouldn't ever happen
 # automatically
 
-# Nevertheless, we might want to revisit this decision when it's time
-# to upload keysafe to sid, so the following maintscript is retained,
-# commented-out:
-
-#if [ "$1" = "purge" ]; then
-#    userdel --remove _keysafe || true
-#    groupdel _keysafe || true
-#fi
+# We might want to revisit this before uploading to sid
-- 
cgit v1.2.3