From e5d71fa3d2791e2c762fe2a88d7d3462ee8310e7 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 2 Oct 2022 14:43:05 +0200
Subject: Adding debconf options for container directory permissions.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/open-infrastructure-container-tools.config    |  4 ++++
 debian/open-infrastructure-container-tools.postinst  |  7 +++++--
 debian/open-infrastructure-container-tools.templates | 13 +++++++++++++
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/debian/open-infrastructure-container-tools.config b/debian/open-infrastructure-container-tools.config
index 0139c05..d987936 100644
--- a/debian/open-infrastructure-container-tools.config
+++ b/debian/open-infrastructure-container-tools.config
@@ -30,6 +30,10 @@ db_settitle open-infrastructure-container-tools/title
 db_input low open-infrastructure-container-tools/cache || true
 db_go
 
+db_settitle open-infrastructure-container-tools/title
+db_input low open-infrastructure-container-tools/directory-permissions || true
+db_go
+
 if [ -e /usr/share/compute-tools/build-scripts ]
 then
 	SCRIPT_CHOICES="$(cd /usr/share/compute-tools/build-scripts && find -maxdepth 1 -not -type d -and -not -name 'default' -and -not -name 'debconf' -and -not -name '*.d' -printf '%P\n' | sort)"
diff --git a/debian/open-infrastructure-container-tools.postinst b/debian/open-infrastructure-container-tools.postinst
index af0137f..f697b3b 100755
--- a/debian/open-infrastructure-container-tools.postinst
+++ b/debian/open-infrastructure-container-tools.postinst
@@ -30,10 +30,10 @@ Install ()
 	if ! dpkg-statoverride --list "${DEFAULT}" > /dev/null 2>&1 &&
 	   ! dpkg-statoverride --list "${TARGET}" > /dev/null 2>&1
 	then
-		chmod 0700 "${TARGET}"
+		chmod ${DIRECTORY_PERMISSIONS} "${TARGET}"
 		chown root:root "${TARGET}"
 
-		chmod 0700 "${DEFAULT}"
+		chmod ${DIRECTORY_PERMISSIONS} "${DEFAULT}"
 		chown root:root "${DEFAULT}"
 	fi
 }
@@ -118,6 +118,9 @@ case "${1}" in
 		db_get open-infrastructure-container-tools/cache
 		CACHE="${RET:-/var/cache/container}" # string (w/o empty)
 
+		db_get open-infrastructure-container-tools/directory-permissions
+		DIRECTORY_PERMISSIONS="${RET}" # select (w/o empty)
+
 		db_get open-infrastructure-container-tools/build-script
 		SCRIPT="${RET:-debian}" # string (w/o empty)
 
diff --git a/debian/open-infrastructure-container-tools.templates b/debian/open-infrastructure-container-tools.templates
index 98335a6..dfd615d 100644
--- a/debian/open-infrastructure-container-tools.templates
+++ b/debian/open-infrastructure-container-tools.templates
@@ -61,6 +61,19 @@ _Description: cache directory:
  If unsure, use /var/cache/container (default) or
  /srv/container/cache when using shared storage.
 
+Template: open-infrastructure-container-tools/directory-permissions
+Type: select
+Choices-C: 0700, 0755
+Choices: root-only, read-only
+Default: root-only
+_Description: Do you want system-wide readable container directories?
+ By default, the machines directory (and a few non-critical additional
+ directories such as 'cache' and 'config') is only readable by the root
+ user. If you want any user to be able to see what machines are available,
+ you can select read-only instead of root-only (default).
+ .
+ If unsure, leave at root-only (default).
+
 Template: open-infrastructure-container-tools/build-script
 Type: select
 Choices: ${SCRIPT_CHOICES}
-- 
cgit v1.2.3