From bce0b302eedf3b8dd75c9094f41d712fa5390f0a Mon Sep 17 00:00:00 2001
From: Russ Allbery <eagle@eyrie.org>
Date: Wed, 26 Mar 2014 00:52:01 -0700
Subject: [PATCH] Manage a _history user and the history database directory

* Create a _history user and group and a /var/lib/heimdal-history
  directory on package installation for the use of heimdal-history,
  remove the user and the standard database on purge, and remove the
  directory if empty on package purge or removal.
---
 debian/changelog |  4 ++++
 debian/postinst  | 20 ++++++++++++++++++++
 debian/postrm    | 21 +++++++++++++++++++++
 3 files changed, 45 insertions(+)
 create mode 100755 debian/postinst
 create mode 100755 debian/postrm

diff --git a/debian/changelog b/debian/changelog
index 80cc7ed..4c70b02 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,10 @@ krb5-strength (3.0-1) unstable; urgency=medium
   * Add the upstream signing key to debian/upstream/signing-key.asc and
     configure uscan to do signature validation.  Configure uscan to
     download the xz tarball instead of the gz tarball.
+  * Create a _history user and group and a /var/lib/heimdal-history
+    directory on package installation for the use of heimdal-history,
+    remove the user and the standard database on purge, and remove the
+    directory if empty on package purge or removal.
 
  -- Russ Allbery <rra@debian.org>  Wed, 26 Mar 2014 00:04:13 -0700
 
diff --git a/debian/postinst b/debian/postinst
new file mode 100755
index 0000000..1f23e24
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+# Add a user to own the password history database.
+if ! getent passwd _history >/dev/null ; then
+    echo 'Adding system user for password history' 1>&2
+    adduser --disabled-login --quiet --system --no-create-home \
+        --home /var/lib/heimdal-history --force-badname --group _history
+fi
+
+# Create the directory for the history database, owned by the history user.
+if [ ! -d /var/lib/heimdal-history ] ; then
+    mkdir /var/lib/heimdal-history
+    chown _history:_history /var/lib/heimdal-history
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/postrm b/debian/postrm
new file mode 100755
index 0000000..b6cf353
--- /dev/null
+++ b/debian/postrm
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+# Purge the password history database and remove the _history user and group
+# on package purge.  This user should not be used for any other purpose.
+if [ "$1" = purge ] ; then
+    for file in history.db history.db.lock lengths.db lengths.db.lock ; do
+        rm -f "/var/lib/heimdal-history/$file"
+    done
+    deluser --quiet --system _history >/dev/null || true
+fi
+
+# Remove the directory for the password history database on remove if empty.
+if [ "$1" = purge ] || [ "$1" = remove ] ; then
+    rmdir --ignore-fail-on-non-empty /var/lib/heimdal-history
+fi
+
+#DEBHELPER#
+
+exit 0
-- 
2.39.2