debian packages and user management

<s>Sad</s> Happy discovery of the day

Today I learned a tragic fact: Debian packages create system users for services by means of postinst scripts written in Bash.

I’ve inspected a few packages: bind9, cups, influxdb, ssh, dbus, systemd. They all use adduser to create system users:

set_ssh_agent_permissions() {
        if ! getent group ssh >/dev/null; then
                addgroup --system --quiet ssh
        fi
        if ! dpkg-statoverride --list /usr/bin/ssh-agent >/dev/null; then
                chgrp ssh /usr/bin/ssh-agent
                chmod 2755 /usr/bin/ssh-agent
        fi
}

I absolutely detest writing new bash code by hand. My hands are too weak to bear responsibility for bash-infestation). Yet, it’s the single option available.

There isn’t even a debhelper script to generate this nasty things. Only manual error-prone bash-esque grind is available.

Update

I was pointed at debian-mentors maillist to dh-sysuser package, which provides dh_sysuser helper, which reads sysuser file and do what it says.

There is still a bash script in resulting deb, but, at least, it is generated from configuration file.