Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1055036: bookworm-pu: package crmsh/4.4.1-1+deb12u1
1 view
Skip to first unread message
Valentin Vidic
Oct 29, 2023, 5:30:03 PM10/29/23
to
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.d...@packages.debian.org
Usertags: pu
X-Debbugs-Cc: cr...@packages.debian.org
Control: affects -1 + src:crmsh
[ Reason ]
As reported in #1042448, crmsh has a regression in the bookworm
release if the command is run by a non-root user.
[ Impact ]
Running the command as non-root user results in a permission error
while in Debian 11 this worked correctly:
PermissionError: [Errno 1] Operation not permitted: '/var/log/crmsh/crmsh.log'
[ Tests ]
Updated package was tested with autopkgtest and manually to check if the
permissions error is handled correctly by the command.
[ Risks ]
The change is simple and applied in the upstream and unstable
package for a while now.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Log file is now created by the postinst with the correct permissions
and the code is updated to not fail if the owner of the log file
cannot be updated (as in the case of non-root user).
diff -Nru crmsh-4.4.1/debian/changelog crmsh-4.4.1/debian/changelog
--- crmsh-4.4.1/debian/changelog 2023-03-03 22:48:41.000000000 +0100
+++ crmsh-4.4.1/debian/changelog 2023-10-29 20:46:13.000000000 +0100
@@ -1,3 +1,10 @@
+crmsh (4.4.1-1+deb12u1) bookworm; urgency=medium
+
+ * d/postinst: create a logging directory (Closes: #1042448)
+ * d/patches: add patch for log file error
+
+ -- Valentin Vidic <vvi...@debian.org> Sun, 29 Oct 2023 20:46:13 +0100
+
crmsh (4.4.1-1) unstable; urgency=medium
[ Bas Couwenberg ]
diff -Nru crmsh-4.4.1/debian/control crmsh-4.4.1/debian/control
--- crmsh-4.4.1/debian/control 2023-03-03 22:46:48.000000000 +0100
+++ crmsh-4.4.1/debian/control 2023-10-29 20:46:13.000000000 +0100
@@ -43,6 +43,7 @@
Breaks: pacemaker (<< 1.1.12)
Suggests:
bash-completion,
+ cluster-glue,
csync2,
dmidecode,
fdisk | util-linux (<< 2.29.2-3~),
diff -Nru crmsh-4.4.1/debian/crmsh.postinst crmsh-4.4.1/debian/crmsh.postinst
--- crmsh-4.4.1/debian/crmsh.postinst 1970-01-01 01:00:00.000000000 +0100
+++ crmsh-4.4.1/debian/crmsh.postinst 2023-10-29 20:46:13.000000000 +0100
@@ -0,0 +1,46 @@
+#!/bin/sh
+# postinst script for crmsh
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+ configure)
+ mkdir -p /var/log/crmsh
+ chown hacluster:haclient /var/log/crmsh
+ chmod 0775 /var/log/crmsh
+
+ touch /var/log/crmsh/crmsh.log
+ chown hacluster:haclient /var/log/crmsh/crmsh.log
+ chmod 0664 /var/log/crmsh/crmsh.log
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff -Nru crmsh-4.4.1/debian/crmsh.postrm crmsh-4.4.1/debian/crmsh.postrm
--- crmsh-4.4.1/debian/crmsh.postrm 1970-01-01 01:00:00.000000000 +0100
+++ crmsh-4.4.1/debian/crmsh.postrm 2023-10-29 20:46:13.000000000 +0100
@@ -0,0 +1,41 @@
+#!/bin/sh
+# postrm script for crmsh
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <overwriter>
+# <overwriter-version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ purge)
+ rm -rf /var/log/crmsh
+ ;;
+
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff -Nru crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch
--- crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch 1970-01-01 01:00:00.000000000 +0100
+++ crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch 2023-10-29 20:46:13.000000000 +0100
@@ -0,0 +1,52 @@
+From b4abe21d2fd55ced0f56baff5c4892a4826aa0f7 Mon Sep 17 00:00:00 2001
+From: nicholasyang <nichol...@suse.com>
+Date: Tue, 25 Oct 2022 13:28:40 +0800
+Subject: [PATCH] fix: log: fail to open log file even if user is in haclient
+ group (bsc#1204670)
+
+The file had been created with umask 0022 in usual so that it was not
+group-writable.
+
+Call chown and chmod explicitly to fix it.
+---
+ crmsh/log.py | 21 ++++++++++-----------
+ 1 file changed, 10 insertions(+), 11 deletions(-)
+
+--- a/crmsh/log.py
++++ b/crmsh/log.py
+@@ -423,14 +423,6 @@
+ self.logger.info("offending xml: %s", xml)
+
+
+-def setup_directory_for_logfile():
+- """
+- Create log file's parent directory
+- """
+- _dir = os.path.dirname(CRMSH_LOG_FILE)
+- os.makedirs(_dir, exist_ok=True)
+-
+-
+ def setup_logging(only_help=False):
+ """
+ Setup log directory and loadding logging config dict
+@@ -439,10 +431,17 @@
+ if only_help:
+ LOGGING_CFG["handlers"]["file"] = {'class': 'logging.NullHandler'}
+ else:
+- setup_directory_for_logfile()
++ # dirname(CRMSH_LOG_FILE) should be created by package manager during installation
++ with open(CRMSH_LOG_FILE, 'a') as f:
++ try:
++ shutil.chown(CRMSH_LOG_FILE, group=constants.HA_GROUP)
++ os.fchmod(f.fileno(), 0o664)
++ shutil.chown(CRMSH_LOG_FILE, user=constants.HA_USER)
++ except PermissionError:
++ # The file has been open with O_APPEND, oo logging can write to it.
++ # Failing to change owner or mode is not a fatal error.
++ pass
+ logging.config.dictConfig(LOGGING_CFG)
+- if os.path.exists(CRMSH_LOG_FILE):
+- shutil.chown(CRMSH_LOG_FILE, constants.HA_USER, constants.HA_GROUP)
+
+
+ def setup_logger(name):
diff -Nru crmsh-4.4.1/debian/patches/series crmsh-4.4.1/debian/patches/series
--- crmsh-4.4.1/debian/patches/series 2023-03-03 22:48:18.000000000 +0100
+++ crmsh-4.4.1/debian/patches/series 2023-10-29 20:46:13.000000000 +0100
@@ -14,3 +14,4 @@
0018-Fix-python3-install.patch
getargspec.patch
spelling-errors.patch
+0019-Fix-log-file-error.patch
Severity: normal
Tags: bookworm
User: release.d...@packages.debian.org
Usertags: pu
X-Debbugs-Cc: cr...@packages.debian.org
Control: affects -1 + src:crmsh
[ Reason ]
As reported in #1042448, crmsh has a regression in the bookworm
release if the command is run by a non-root user.
[ Impact ]
Running the command as non-root user results in a permission error
while in Debian 11 this worked correctly:
PermissionError: [Errno 1] Operation not permitted: '/var/log/crmsh/crmsh.log'
[ Tests ]
Updated package was tested with autopkgtest and manually to check if the
permissions error is handled correctly by the command.
[ Risks ]
The change is simple and applied in the upstream and unstable
package for a while now.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Log file is now created by the postinst with the correct permissions
and the code is updated to not fail if the owner of the log file
cannot be updated (as in the case of non-root user).
diff -Nru crmsh-4.4.1/debian/changelog crmsh-4.4.1/debian/changelog
--- crmsh-4.4.1/debian/changelog 2023-03-03 22:48:41.000000000 +0100
+++ crmsh-4.4.1/debian/changelog 2023-10-29 20:46:13.000000000 +0100
@@ -1,3 +1,10 @@
+crmsh (4.4.1-1+deb12u1) bookworm; urgency=medium
+
+ * d/postinst: create a logging directory (Closes: #1042448)
+ * d/patches: add patch for log file error
+
+ -- Valentin Vidic <vvi...@debian.org> Sun, 29 Oct 2023 20:46:13 +0100
+
crmsh (4.4.1-1) unstable; urgency=medium
[ Bas Couwenberg ]
diff -Nru crmsh-4.4.1/debian/control crmsh-4.4.1/debian/control
--- crmsh-4.4.1/debian/control 2023-03-03 22:46:48.000000000 +0100
+++ crmsh-4.4.1/debian/control 2023-10-29 20:46:13.000000000 +0100
@@ -43,6 +43,7 @@
Breaks: pacemaker (<< 1.1.12)
Suggests:
bash-completion,
+ cluster-glue,
csync2,
dmidecode,
fdisk | util-linux (<< 2.29.2-3~),
diff -Nru crmsh-4.4.1/debian/crmsh.postinst crmsh-4.4.1/debian/crmsh.postinst
--- crmsh-4.4.1/debian/crmsh.postinst 1970-01-01 01:00:00.000000000 +0100
+++ crmsh-4.4.1/debian/crmsh.postinst 2023-10-29 20:46:13.000000000 +0100
@@ -0,0 +1,46 @@
+#!/bin/sh
+# postinst script for crmsh
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+ configure)
+ mkdir -p /var/log/crmsh
+ chown hacluster:haclient /var/log/crmsh
+ chmod 0775 /var/log/crmsh
+
+ touch /var/log/crmsh/crmsh.log
+ chown hacluster:haclient /var/log/crmsh/crmsh.log
+ chmod 0664 /var/log/crmsh/crmsh.log
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff -Nru crmsh-4.4.1/debian/crmsh.postrm crmsh-4.4.1/debian/crmsh.postrm
--- crmsh-4.4.1/debian/crmsh.postrm 1970-01-01 01:00:00.000000000 +0100
+++ crmsh-4.4.1/debian/crmsh.postrm 2023-10-29 20:46:13.000000000 +0100
@@ -0,0 +1,41 @@
+#!/bin/sh
+# postrm script for crmsh
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <overwriter>
+# <overwriter-version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ purge)
+ rm -rf /var/log/crmsh
+ ;;
+
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff -Nru crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch
--- crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch 1970-01-01 01:00:00.000000000 +0100
+++ crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch 2023-10-29 20:46:13.000000000 +0100
@@ -0,0 +1,52 @@
+From b4abe21d2fd55ced0f56baff5c4892a4826aa0f7 Mon Sep 17 00:00:00 2001
+From: nicholasyang <nichol...@suse.com>
+Date: Tue, 25 Oct 2022 13:28:40 +0800
+Subject: [PATCH] fix: log: fail to open log file even if user is in haclient
+ group (bsc#1204670)
+
+The file had been created with umask 0022 in usual so that it was not
+group-writable.
+
+Call chown and chmod explicitly to fix it.
+---
+ crmsh/log.py | 21 ++++++++++-----------
+ 1 file changed, 10 insertions(+), 11 deletions(-)
+
+--- a/crmsh/log.py
++++ b/crmsh/log.py
+@@ -423,14 +423,6 @@
+ self.logger.info("offending xml: %s", xml)
+
+
+-def setup_directory_for_logfile():
+- """
+- Create log file's parent directory
+- """
+- _dir = os.path.dirname(CRMSH_LOG_FILE)
+- os.makedirs(_dir, exist_ok=True)
+-
+-
+ def setup_logging(only_help=False):
+ """
+ Setup log directory and loadding logging config dict
+@@ -439,10 +431,17 @@
+ if only_help:
+ LOGGING_CFG["handlers"]["file"] = {'class': 'logging.NullHandler'}
+ else:
+- setup_directory_for_logfile()
++ # dirname(CRMSH_LOG_FILE) should be created by package manager during installation
++ with open(CRMSH_LOG_FILE, 'a') as f:
++ try:
++ shutil.chown(CRMSH_LOG_FILE, group=constants.HA_GROUP)
++ os.fchmod(f.fileno(), 0o664)
++ shutil.chown(CRMSH_LOG_FILE, user=constants.HA_USER)
++ except PermissionError:
++ # The file has been open with O_APPEND, oo logging can write to it.
++ # Failing to change owner or mode is not a fatal error.
++ pass
+ logging.config.dictConfig(LOGGING_CFG)
+- if os.path.exists(CRMSH_LOG_FILE):
+- shutil.chown(CRMSH_LOG_FILE, constants.HA_USER, constants.HA_GROUP)
+
+
+ def setup_logger(name):
diff -Nru crmsh-4.4.1/debian/patches/series crmsh-4.4.1/debian/patches/series
--- crmsh-4.4.1/debian/patches/series 2023-03-03 22:48:18.000000000 +0100
+++ crmsh-4.4.1/debian/patches/series 2023-10-29 20:46:13.000000000 +0100
@@ -14,3 +14,4 @@
0018-Fix-python3-install.patch
getargspec.patch
spelling-errors.patch
+0019-Fix-log-file-error.patch
Debian Bug Tracking System
Oct 29, 2023, 5:30:04 PM10/29/23
to
Processing control commands:
> affects -1 + src:crmsh
Bug #1055036 [release.debian.org] bookworm-pu: package crmsh/4.4.1-1+deb12u1
Added indication that 1055036 affects src:crmsh
--
1055036: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055036
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
> affects -1 + src:crmsh
Added indication that 1055036 affects src:crmsh
--
1055036: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055036
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Jonathan Wiltshire
Feb 12, 2024, 1:30:04 PM2/12/24
to
Control: tag -1 moreinfo
This will happen on every package update, no? What if the local
administrator has set other properties on the log file (e.g. to allow other
users to read it)?
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
administrator has set other properties on the log file (e.g. to allow other
users to read it)?
--
Jonathan Wiltshire j...@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Debian Bug Tracking System
Feb 12, 2024, 1:30:04 PM2/12/24
to
Processing control commands:
> tag -1 moreinfo
> tag -1 moreinfo
Bug #1055036 [release.debian.org] bookworm-pu: package crmsh/4.4.1-1+deb12u1
Added tag(s) moreinfo.
Valentin Vidic
Feb 17, 2024, 11:20:04 AM2/17/24
to
On Mon, Feb 12, 2024 at 06:21:52PM +0000, Jonathan Wiltshire wrote:
> This will happen on every package update, no? What if the local
> administrator has set other properties on the log file (e.g. to allow other
> users to read it)?
Thanks, I have updated the postinst to only make the changes if
> This will happen on every package update, no? What if the local
> administrator has set other properties on the log file (e.g. to allow other
> users to read it)?
the logs don't exist. Updated debdiff attached below...
--
Valentin
Debian Bug Tracking System
Feb 18, 2024, 11:40:04 AM2/18/24
to
Processing control commands:
> tag -1 = bookworm confirmed
> tag -1 = bookworm confirmed
Bug #1055036 [release.debian.org] bookworm-pu: package crmsh/4.4.1-1+deb12u1
Added tag(s) confirmed; removed tag(s) moreinfo.
Jonathan Wiltshire
Feb 18, 2024, 11:40:04 AM2/18/24
to
Control: tag -1 = bookworm confirmed
Please go ahead.
Thanks,
Thanks,
Jonathan Wiltshire
Feb 18, 2024, 2:30:04 PM2/18/24
to
package release.debian.org
tags 1055036 = bookworm pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.
Thanks for your contribution!
Upload details
==============
Package: crmsh
Version: 4.4.1-1+deb12u1
Explanation: create log directory and file on installation
tags 1055036 = bookworm pending
thanks
Hi,
The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.
Thanks for your contribution!
Upload details
==============
Package: crmsh
Version: 4.4.1-1+deb12u1
Explanation: create log directory and file on installation
0 new messages