Your message dated Wed, 04 Jan 2012 14:47:59 +0000
with message-id <e1ris8f-0002hb...@franck.debian.org>
and subject line Bug#654580: fixed in debian-installer-utils 1.88
has caused the Debian Bug report #654580,
regarding di-utils: needs to divert start-stop-daemon and initctl rather than
simply moving them
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
654580: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654580
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: di-utils
Version: 1.87
Severity: grave
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu ubuntu-patch precise
In https://launchpad.net/bugs/900526, we discovered a serious problem
with the way chroot-setup.sh deals with start-stop-daemon and initctl.
The chroot_setup function moves these programs aside, replacing them
with temporary fake versions, and the chroot_cleanup* functions put them
back. However, they do not use dpkg diversions to do so. As a quite
plausible example, if pkgsel applies an update to dpkg,
start-stop-daemon will be moved aside at the start, but the dpkg upgrade
will write a new version of /sbin/start-stop-daemon, and then the
original binary will be moved back at the end. This means: (a) after
dpkg is unpacked the chroot is no longer safe against daemons being
started; (b) the resulting system will claim to have the new dpkg
version but will in fact have the old start-stop-daemon binary!
We actually noticed this with initctl, which is part of upstart, so that
wouldn't happen in typical Debian installs, but the start-stop-daemon
example might well do. Although I can't find a specific reference, I've
definitely seen people turning up with odd symptoms related to
start-stop-daemon in the past which were never fully diagnosed, and I
strongly suspect that some of those were due to this bug.
I intend to apply this patch, which fixes this bug in my tests.
diff --git a/chroot-setup.sh b/chroot-setup.sh
index 733026e..4b98529 100644
--- a/chroot-setup.sh
+++ b/chroot-setup.sh
@@ -25,6 +25,15 @@ update_mtab() {
done ) > $mtab
}
+divert () {
+ chroot /target dpkg-divert --add --divert "$1.REAL" --rename "$1"
+}
+
+undivert () {
+ rm -f "/target$1"
+ chroot /target dpkg-divert --remove --rename "$1"
+}
+
chroot_setup () {
# Bail out if directories we need are not there
if [ ! -d /target/sbin ] || [ ! -d /target/usr/sbin ] || \
@@ -55,7 +64,7 @@ EOF
chmod a+rx /target/usr/sbin/policy-rc.d
if [ -e /target/sbin/start-stop-daemon ]; then
- mv /target/sbin/start-stop-daemon
/target/sbin/start-stop-daemon.REAL
+ divert /sbin/start-stop-daemon
fi
cat > /target/sbin/start-stop-daemon <<EOF
#!/bin/sh
@@ -67,7 +76,7 @@ EOF
# If Upstart is in use, add a dummy initctl to stop it starting jobs.
if [ -x /target/sbin/initctl ]; then
- mv /target/sbin/initctl /target/sbin/initctl.REAL
+ divert /sbin/initctl
cat > /target/sbin/initctl <<EOF
#!/bin/sh
echo 1>&2
@@ -165,9 +174,9 @@ EOF
chroot_cleanup () {
rm -f /target/usr/sbin/policy-rc.d
- mv /target/sbin/start-stop-daemon.REAL /target/sbin/start-stop-daemon
+ undivert /sbin/start-stop-daemon
if [ -x /target/sbin/initctl.REAL ]; then
- mv /target/sbin/initctl.REAL /target/sbin/initctl
+ undivert /sbin/initctl
fi
# Undo the mounts done by the packages during installation.
@@ -188,9 +197,9 @@ chroot_cleanup () {
# Variant of chroot_cleanup that only cleans up chroot_setup's mounts.
chroot_cleanup_localmounts () {
rm -f /target/usr/sbin/policy-rc.d
- mv /target/sbin/start-stop-daemon.REAL /target/sbin/start-stop-daemon
+ undivert /sbin/start-stop-daemon
if [ -x /target/sbin/initctl.REAL ]; then
- mv /target/sbin/initctl.REAL /target/sbin/initctl
+ undivert /sbin/initctl
fi
# Undo the mounts done by the packages during installation.
--
Colin Watson [cjwat...@ubuntu.com]
--- End Message ---
--- Begin Message ---
Source: debian-installer-utils
Source-Version: 1.88
We believe that the bug you reported is fixed in the latest version of
debian-installer-utils, which is due to be installed in the Debian FTP archive:
debian-installer-utils_1.88.dsc
to main/d/debian-installer-utils/debian-installer-utils_1.88.dsc
debian-installer-utils_1.88.tar.gz
to main/d/debian-installer-utils/debian-installer-utils_1.88.tar.gz
di-utils-exit-installer_1.88_all.udeb
to main/d/debian-installer-utils/di-utils-exit-installer_1.88_all.udeb
di-utils-mapdevfs_1.88_i386.udeb
to main/d/debian-installer-utils/di-utils-mapdevfs_1.88_i386.udeb
di-utils-reboot_1.88_all.udeb
to main/d/debian-installer-utils/di-utils-reboot_1.88_all.udeb
di-utils-shell_1.88_all.udeb
to main/d/debian-installer-utils/di-utils-shell_1.88_all.udeb
di-utils-terminfo_1.88_i386.udeb
to main/d/debian-installer-utils/di-utils-terminfo_1.88_i386.udeb
di-utils_1.88_i386.udeb
to main/d/debian-installer-utils/di-utils_1.88_i386.udeb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 654...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated debian-installer-utils
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 Jan 2012 13:37:09 +0000
Source: debian-installer-utils
Binary: di-utils-shell di-utils-reboot di-utils-exit-installer di-utils
di-utils-mapdevfs di-utils-terminfo
Architecture: source all i386
Version: 1.88
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Description:
di-utils - Miscellaneous utilities for the debian installer (udeb)
di-utils-exit-installer - Exit installer (udeb)
di-utils-mapdevfs - mapdevfs utility for the debian installer (udeb)
di-utils-reboot - Reboot (udeb)
di-utils-shell - Execute a shell (udeb)
di-utils-terminfo - Terminfo entries needed by newt/slang in debian installer
(udeb)
Closes: 654580
Changes:
debian-installer-utils (1.88) unstable; urgency=low
.
[ Colin Watson ]
* chroot_setup.sh: Divert start-stop-daemon and initctl rather than simply
moving them aside (closes: #654580).
.
[ Updated translations ]
* Icelandic (is.po) by Sveinn í Felli
* Kannada (kn.po) by Prabodh C P
Checksums-Sha1:
a550c05ce0a9016d0e3c3e7e48d142b2228cfa15 2180 debian-installer-utils_1.88.dsc
18511c917b7d3b3c64a65841402ac93d16b3ab04 108518
debian-installer-utils_1.88.tar.gz
235d3f3c150768cd84c3f78ce80fcdbfa5dcdcbf 21306 di-utils-shell_1.88_all.udeb
b6c53f5a5d91468eb88cbf08cee95373f7d40d5d 9642 di-utils-reboot_1.88_all.udeb
4232518c774a3f71e2a1eb066bf9e7cabbb04ce5 2714
di-utils-exit-installer_1.88_all.udeb
82d7ee7ebe4d544220ebc9b7ea2e9d289c4aab6e 32464 di-utils_1.88_i386.udeb
e6d1f708233435166bc7542a092a7f043228357e 2354 di-utils-mapdevfs_1.88_i386.udeb
2e27e397e57db4823bc43a30ac25a32964f47ce8 2500 di-utils-terminfo_1.88_i386.udeb
Checksums-Sha256:
493eb0bcf39575f92e7c791e38bf420a48e8aff209d5ab677d8d08244076de44 2180
debian-installer-utils_1.88.dsc
6ba51af159d50da37cbfa985ab3fe8727474533358b8bd0d1197fc96ecf271c1 108518
debian-installer-utils_1.88.tar.gz
de4e8387a41c83fb3f7549d445df665f2ffcd429765fee9e5be80e9512ecc858 21306
di-utils-shell_1.88_all.udeb
58db32f03c420f06138e697d1fb90931017e6191879e5c496cb546c146164683 9642
di-utils-reboot_1.88_all.udeb
9ae199c6fa4feef49d328d5d6570585d7e30665ab356392cd8bc6d2969baffd8 2714
di-utils-exit-installer_1.88_all.udeb
49c5e768315d81fe7df0492e4ae6b12df205fb48d93511bfb19d918d44c04df5 32464
di-utils_1.88_i386.udeb
970aae72a0562312c9254770603509363d28adf5e7f393264feb75aab32dcf35 2354
di-utils-mapdevfs_1.88_i386.udeb
dbc53e2416639668dc5dfb89aad50f720b55b43c7befc1427d1aeb910efc9364 2500
di-utils-terminfo_1.88_i386.udeb
Files:
71a346dc613d2185639a041a07f0b352 2180 debian-installer standard
debian-installer-utils_1.88.dsc
607206a0fecc35dbdf2b17439ee46c16 108518 debian-installer standard
debian-installer-utils_1.88.tar.gz
39be60dae7c1d6753d40517048b886fe 21306 debian-installer standard
di-utils-shell_1.88_all.udeb
9514420677db24bd5a237c4806ee6942 9642 debian-installer standard
di-utils-reboot_1.88_all.udeb
b6743ab0d51db718e8bf9394f210d06c 2714 debian-installer extra
di-utils-exit-installer_1.88_all.udeb
ffda79be52d2f59d3625d3f9253a9f0c 32464 debian-installer standard
di-utils_1.88_i386.udeb
11ea3d9412a728bf36758ffbb1791ab4 2354 debian-installer standard
di-utils-mapdevfs_1.88_i386.udeb
3572c71fb304ede837f16f314719bbc9 2500 debian-installer standard
di-utils-terminfo_1.88_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwat...@debian.org> -- Debian developer
iQIVAwUBTwRbEDk1h9l9hlALAQgcJw//RMqxx4fQx2cCNnwdZttsN64UDkThp2PO
oXgLXRP/1r/eD7lbUBrhyZyb4h+hIe+w6Q8+82Y46L4/Vfsz8Jvs5Ab+6R0Us6ue
lDpRmJwKpu+waZJ5yp9YlpJDWVDPT2H+jJaWwrv04PMXe0T61CettSSKHcQTL8MG
Nt4r6YYNgrJrxgX/ti73coBZ2OWad7ogWw+cu3wuX55iyGevZgP9wIZP6B3fX2GZ
9YRgpnSo2+GpQ/F9NK2gO1OhYRtBSZzJXalWyXXSmlEJkCUcfAOtQ4GH278Fv5At
Jbf0RZPm7J8BQ2fKnGIphbFpTeSUTepTIcJofh+LZWcSxmClqot4j6rPZzKzdOHc
tyZmhely1qmbbFEZ3MaDGud5KKWiyFzTBrVa7Mz5SxbD8Qzum6sUCvV0O0T+QDFv
SQypBaVK7PYSY6xSiPymeDhaPMrkIXIQ/5f24F+Hx8WL0kl+/3Man2p4W9PRJ/1A
gtqH28ugpeYTSuCR3NU1CUpdfWWk/iZyp8A3EOJQNkZWd4ss2vmGXysCXDzaf8px
pWriL7+M40QK/XWk9zTYwnU6p+crK2CSzOHDwlZNVghUpamVpeHiVqLZbWu/C42m
I8oQVca2yApclHf5GqT+NzX5PV5VRRQvixZlLGphp/I6XGnMTEwZedKn/emS1VPb
A324xmXPWl4=
=CzCV
-----END PGP SIGNATURE-----
--- End Message ---
