Make auto-generated runscripts invoke svlogd(8) as `runit-log' user.

 * Make auto-generated runscripts invoke svlogd(8) as `runit-log' user.
 * Impose dependency on (runit >= 2.1.2-20), which provides `runit-log'
   user.

4 files changed, 15 insertions, 21 deletions

diff --git a/debian/changelog b/debian/changelog
index 578581d..0a35570 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+dh-runit (2.8.1) UNRELEASED; urgency=medium
+
+  * Make auto-generated runscripts invoke svlogd(8) as `runit-log' user.
+  * Impose dependency on (runit >= 2.1.2-20), which provides `runit-log'
+    user.
+
+ -- Dmitry Bogatov <KAction@debian.org>  Wed, 12 Dec 2018 02:15:19 +0000
+
 dh-runit (2.7.3) unstable; urgency=medium
 
   * Do not re-enable serice on upgrade, if it was disable by local
diff --git a/debian/control b/debian/control
index 20dde40..b3f58df 100644
--- a/debian/control
+++ b/debian/control
@@ -11,7 +11,6 @@ Homepage: https://salsa.debian.org/runit-team/dh-runit
 Package: dh-runit
 Architecture: all
 Depends: debhelper (>= 9),
-         dh-sysuser,
          ${misc:Depends},
          ${shlibs:Depends}
 Description: debhelper add-on to handle runit runscripts
diff --git a/dh_runit b/dh_runit
index e0a8d7e..bf2a49a 100755
--- a/dh_runit
+++ b/dh_runit
@@ -87,23 +87,23 @@ PKG: foreach my $pkg (@{$dh{DOPACKAGES}}) {
             install_dir($tmp . $logdir);
 
             my $run_log = "$sv_dir/$name/log/run";
-            my $log_user = "_log-". $name;
             open(RUN_LOG, ">$run_log") || die $!;
             print RUN_LOG << "HERE";
 #!/bin/sh
-chown -R '$log_user' '$logdir'
-exec chpst -u '$log_user' svlogd -tt '$logdir'
+chown -R runit-log:adm '$logdir'
+chmod 750 '$logdir'
+chmod u+rw,g+r,o-rwx '$logdir'/*
+exec chpst -u runit-log svlogd -tt '$logdir'
 HERE
             close(RUN_LOG);
             chmod(0755, $run_log);
-            doit('dh_sysuser', '-p', $pkg, $log_user, 'defaults');
             make_symlink("/etc/sv/$name/log/supervise",
                          "/var/lib/runit/log/supervise/$name", $tmp);
             install_dir("$tmp/var/lib/runit/log/supervise/$name");
         }
     }
-    addsubstvar($pkg, 'misc:Depends', 'runit', '>= 2.1.2-7');
-    addsubstvar($pkg, 'misc:Depends', 'runit-helper', '>= 2.7.3');
+    addsubstvar($pkg, 'misc:Depends', 'runit', '>= 2.1.2-20~');
+    addsubstvar($pkg, 'misc:Depends', 'runit-helper', '>= 2.8.1~');
 }
 
 # PROMISE: DH NOOP WITHOUT runit
diff --git a/runit-helper b/runit-helper
index 05724af..051cbfa 100755
--- a/runit-helper
+++ b/runit-helper
@@ -38,24 +38,11 @@ postrm () {
         # Links in other runsvdirs is responsibility of administrator.
         rm -f "/etc/runit/runsvdir/default/$NAME"
 
-        # Following code makes sure, that after removal of package, in default
-        # setup, the only files belonged to log user, belong to root.
-        #
-        # This way user can be safely removed, solving part of #848239 (need
-        # interoperation from dh-sysuser).
-        #
-        # Sure, system administrator can make stupid thing and chown some file
-        # to log user, but consequences do not seem to be so severe. After
-        # all, with great power comes great responsibility.
-        if [ -d "/var/log/runit/$NAME" ] ; then
-                chown --recursive root:root "/var/log/runit/$NAME"
-        fi
-
         # If runscript was never invoked, there will be no files
         # in this directory, and `dpkg' will remove it. In this case,
         # we have nothing to do.
         for supervise in "/var/lib/runit/supervise/$NAME" \
-                             "/var/lib/runit/log/supervise/$NAME" ; do
+                         "/var/lib/runit/log/supervise/$NAME" ; do
                 if [ -d "$supervise" ] ; then
 
                         # Actually only `down' may be absent, but it does not