Fix users on debian and add postinstall reqs

Stevenjin8 · Stevenjin8 · commit bc4ec9418093 · 2025-11-25T20:10:40.000-05:00
diff --git a/packaging/linux/deb/debroot.go b/packaging/linux/deb/debroot.go
@@ -741,11 +741,6 @@ func setArtifactCapabilitiesPostInst(w *bytes.Buffer, spec *dalec.Spec, target s
 		sorted := dalec.SortMapKeys(artifacts)
 		for _, key := range sorted {
 			cfg := artifacts[key]
-			// We use the %cap macro when possible and only use setcap postinstall
-			// if there is a user/group because chmod clear any capabilities previously set.
-			if cfg.Group == "" && cfg.User == "" {
-				continue
-			}
 			capString := dalec.CapabilitiesString(cfg.Capabilities)
 			if capString == "" {
 				continue
diff --git a/packaging/linux/rpm/template.go b/packaging/linux/rpm/template.go
@@ -181,6 +181,30 @@ func getUserPostRequires(users []dalec.AddUserConfig, groups []dalec.AddGroupCon
 	return out
 }
 
+// We need this because AlmaLinux9 do not have chown/chgrp at install time.
+// However, AzureLinux cannot resolve the /usr/bin/chown requirement.
+// Thus, we just require coreutils which provides chown/chgrp on all distros hopefully.
+func getOwnershipPostRequires(artifacts dalec.Artifacts) string {
+	out := "Requires(post): coreutils\n"
+	for _, cfg := range artifacts.Binaries {
+		if cfg.User != "" || cfg.Group != "" {
+			return out
+		}
+	}
+	for _, cfg := range artifacts.Libs {
+		if cfg.User != "" || cfg.Group != "" {
+			return out
+		}
+	}
+	for _, cfg := range artifacts.Libexec {
+		if cfg.User != "" || cfg.Group != "" {
+			return out
+		}
+	}
+
+	return ""
+}
+
 func (w *specWrapper) Requires() fmt.Stringer {
 	b := &strings.Builder{}
 
@@ -192,6 +216,7 @@ func (w *specWrapper) Requires() fmt.Stringer {
 	// package names... something to consider as we expand functionality.
 	b.WriteString(getSystemdRequires(artifacts.Systemd))
 	b.WriteString(getUserPostRequires(artifacts.Users, artifacts.Groups))
+	b.WriteString(getOwnershipPostRequires(artifacts))
 
 	deps := w.GetPackageDeps(w.Target)
 	buildDeps := deps.GetBuild()
diff --git a/test/linux_target_test.go b/test/linux_target_test.go
@@ -3915,13 +3915,16 @@ func testArtifactCapabilities(ctx context.Context, t *testing.T, testConfig test
 	rpmTarget := dalec.Target{
 		Dependencies: &dalec.PackageDependencies{
 			Runtime: map[string]dalec.PackageConstraints{
-				"libcap": {},
+				"coreutils": {},
+				"libcap":    {},
 			},
 			Build: map[string]dalec.PackageConstraints{
-				"libcap": {},
+				"coreutils": {},
+				"libcap":    {},
 			},
 			Test: map[string]dalec.PackageConstraints{
 				"coreutils": {},
+				"libcap":    {},
 			},
 		},
 	}
@@ -4012,7 +4015,7 @@ echo "This is a third test binary"
 					},
 				},
 				"/tmp/ping3": {
-					Name: "ping3",
+					Name:  "ping3",
 					Group: "testgroup",
 					Capabilities: []dalec.ArtifactCapability{
 						{
@@ -4047,6 +4050,7 @@ echo "This is a third test binary"
 			"focal":       debTarget,
 			"jammy":       debTarget,
 			"noble":       debTarget,
+			"trixie":      debTarget,
 		},
 		Tests: []*dalec.TestSpec{
 			{
@@ -4055,13 +4059,19 @@ echo "This is a third test binary"
 					{
 						Command: "getcap /usr/bin/ping",
 						Stdout: dalec.CheckOutput{
-							Equals: "/usr/bin/ping cap_net_admin=eip cap_net_raw+ep \n",
+							// Different distros list capabilities different ways
+							Contains: []string{
+								"/usr/bin/ping", "cap_net_admin", "eip", "cap_net_raw", "ep",
+							},
 						},
 					},
 					{
 						Command: "getcap /usr/bin/ping2",
 						Stdout: dalec.CheckOutput{
-							Equals: "/usr/bin/ping2 cap_net_raw=ep\n",
+							// Different distros list capabilities different ways
+							Contains: []string{
+								"/usr/bin/ping2", "cap_net_raw", "ep",
+							},
 						},
 					},
 					{
@@ -4073,13 +4083,16 @@ echo "This is a third test binary"
 					{
 						Command: "getcap /usr/bin/ping3",
 						Stdout: dalec.CheckOutput{
-							Equals: "/usr/bin/ping3 cap_net_bind_service=ep\n",
+							// Different distros list capabilities different ways
+							Contains: []string{
+								"/usr/bin/ping3", "cap_net_bind_service", "ep",
+							},
 						},
 					},
 					{
 						Command: "stat -c '%G' /usr/bin/ping3",
 						Stdout: dalec.CheckOutput{
-							Equals: "testgroup\n",
+							Contains: []string{"testgroup\n"},
 						},
 					},
 				},
