.deb/.rpm: add osmocom user during package install

Created osmocom user & group during package installation.
Fix the configuration dir/files permission to match.

Related: OS#4107
Tweaked-By: Oliver Smith <osmith@sysmocom.de>
Change-Id: I625c993ab03dfe32976c651acca9c35c33a768e7

contrib/osmo-hlr.spec.in

@@ -127,22 +127,34 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %check
 make %{?_smp_mflags} check || (find . -name testsuite.log -exec cat {} +)
 
-%if 0%{?suse_version}
 %preun
+%if 0%{?suse_version}
 %service_del_preun %{name}.service
+%endif
 
 %postun
+%if 0%{?suse_version}
 %service_del_postun %{name}.service
+%endif
 
 %pre
+getent group osmocom >/dev/null || groupadd --system osmocom
+getent passwd osmocom >/dev/null || useradd --system --gid osmocom --home-dir /var/lib/osmocom \
+                                            --shell /sbin/nologin --comment "Open Source Mobile Communications" osmocom
+%if 0%{?suse_version}
 %service_add_pre %{name}.service
 %endif
+exit 0
 
 %post
 %if 0%{?suse_version}
 %service_add_post %{name}.service
 %endif
 /usr/share/osmocom/osmo-hlr-post-upgrade.sh
+chown osmocom:osmocom /etc/osmocom/osmo-hlr.cfg
+chmod 0660 /etc/osmocom/osmo-hlr.cfg
+chown root:osmocom /etc/osmocom
+chmod 2775 /etc/osmocom
 
 %post   -n libosmo-gsup-client0 -p /sbin/ldconfig
 %postun -n libosmo-gsup-client0 -p /sbin/ldconfig

contrib/systemd/osmo-hlr.service

@@ -9,6 +9,8 @@ Type=simple
 Restart=always
 StateDirectory=osmocom
 WorkingDirectory=%S/osmocom
+User=osmocom
+Group=osmocom
 ExecStart=/usr/bin/osmo-hlr -c /etc/osmocom/osmo-hlr.cfg -l /var/lib/osmocom/hlr.db
 RestartSec=2
 ProtectHome=true

debian/control

@@ -20,7 +20,7 @@ Homepage: https://projects.osmocom.org/projects/osmo-hlr
 
 Package: osmo-hlr
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
 Description: Osmocom Home Location Register
  OsmoHLR is a Osmocom implementation of HLR (Home Location Registrar) which
  works over GSUP protocol. The subscribers are store in sqlite DB.

debian/postinst

@@ -3,3 +3,42 @@
 # post-upgrade script in both cases, it won't do anything if there is nothing
 # to do.
 /usr/share/osmocom/osmo-hlr-post-upgrade.sh
+
+# Create 'osmocom' user and group (if it doesn't exist yet) and adjust permissions
+# of directories which are not automatically adjusted by systemd from previous (root-owned)
+# install.
+
+# N. B: the user is intentionally NOT removed during package uninstall:
+# see https://wiki.debian.org/AccountHandlingInMaintainerScripts for reasoning.
+chperms() {
+	# chperms <user> <group> <perms> <file>
+	if ! OVERRIDE=`dpkg-statoverride --list $4 2>&1`; then
+		if [ -e $4 ]; then
+			chown $1:$2 $4
+			chmod $3 $4
+		fi
+	fi
+}
+
+case "$1" in
+  configure)
+    if ! getent passwd osmocom > /dev/null; then
+        adduser --quiet \
+                --system \
+                --group \
+                --no-create-home \
+                --disabled-password \
+                --home /var/lib/osmocom \
+                --gecos "Open Source Mobile Communications" \
+                osmocom
+    fi
+# Set permissions according to https://www.debian.org/doc/debian-policy/ch-files.html#s-permissions-owners
+    chperms osmocom osmocom 0660 /etc/osmocom/osmo-hlr.cfg
+    chperms root osmocom 2775 /etc/osmocom
+
+  ;;
+esac
+
+# dh_installdeb(1) will replace this with shell code automatically
+# generated by other debhelper scripts.
+#DEBHELPER#