On Mon, Feb 12, 2024 at 06:21:52PM +0000, Jonathan Wiltshire wrote: > This will happen on every package update, no? What if the local > administrator has set other properties on the log file (e.g. to allow other > users to read it)?
Thanks, I have updated the postinst to only make the changes if the logs don't exist. Updated debdiff attached below... -- Valentin
diff -Nru crmsh-4.4.1/debian/changelog crmsh-4.4.1/debian/changelog --- crmsh-4.4.1/debian/changelog 2023-03-03 22:48:41.000000000 +0100 +++ crmsh-4.4.1/debian/changelog 2023-10-29 20:46:13.000000000 +0100 @@ -1,3 +1,10 @@ +crmsh (4.4.1-1+deb12u1) bookworm; urgency=medium + + * d/postinst: create a logging directory (Closes: #1042448) + * d/patches: add patch for log file error + + -- Valentin Vidic <vvi...@debian.org> Sun, 29 Oct 2023 20:46:13 +0100 + crmsh (4.4.1-1) unstable; urgency=medium [ Bas Couwenberg ] diff -Nru crmsh-4.4.1/debian/control crmsh-4.4.1/debian/control --- crmsh-4.4.1/debian/control 2023-03-03 22:46:48.000000000 +0100 +++ crmsh-4.4.1/debian/control 2023-10-29 20:46:13.000000000 +0100 @@ -43,6 +43,7 @@ Breaks: pacemaker (<< 1.1.12) Suggests: bash-completion, + cluster-glue, csync2, dmidecode, fdisk | util-linux (<< 2.29.2-3~), diff -Nru crmsh-4.4.1/debian/crmsh.postinst crmsh-4.4.1/debian/crmsh.postinst --- crmsh-4.4.1/debian/crmsh.postinst 1970-01-01 01:00:00.000000000 +0100 +++ crmsh-4.4.1/debian/crmsh.postinst 2023-10-29 20:46:13.000000000 +0100 @@ -0,0 +1,50 @@ +#!/bin/sh +# postinst script for crmsh +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package +# + +case "$1" in + configure) + if [ ! -e /var/log/crmsh ]; then + mkdir /var/log/crmsh + chown hacluster:haclient /var/log/crmsh + chmod 0775 /var/log/crmsh + fi + + if [ ! -e /var/log/crmsh/crmsh.log ]; then + touch /var/log/crmsh/crmsh.log + chown hacluster:haclient /var/log/crmsh/crmsh.log + chmod 0664 /var/log/crmsh/crmsh.log + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff -Nru crmsh-4.4.1/debian/crmsh.postrm crmsh-4.4.1/debian/crmsh.postrm --- crmsh-4.4.1/debian/crmsh.postrm 1970-01-01 01:00:00.000000000 +0100 +++ crmsh-4.4.1/debian/crmsh.postrm 2023-10-29 20:46:13.000000000 +0100 @@ -0,0 +1,41 @@ +#!/bin/sh +# postrm script for crmsh +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postrm> `remove' +# * <postrm> `purge' +# * <old-postrm> `upgrade' <new-version> +# * <new-postrm> `failed-upgrade' <old-version> +# * <new-postrm> `abort-install' +# * <new-postrm> `abort-install' <old-version> +# * <new-postrm> `abort-upgrade' <old-version> +# * <disappearer's-postrm> `disappear' <overwriter> +# <overwriter-version> +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + rm -rf /var/log/crmsh + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff -Nru crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch --- crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch 1970-01-01 01:00:00.000000000 +0100 +++ crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch 2023-10-29 20:46:13.000000000 +0100 @@ -0,0 +1,52 @@ +From b4abe21d2fd55ced0f56baff5c4892a4826aa0f7 Mon Sep 17 00:00:00 2001 +From: nicholasyang <nicholas.y...@suse.com> +Date: Tue, 25 Oct 2022 13:28:40 +0800 +Subject: [PATCH] fix: log: fail to open log file even if user is in haclient + group (bsc#1204670) + +The file had been created with umask 0022 in usual so that it was not +group-writable. + +Call chown and chmod explicitly to fix it. +--- + crmsh/log.py | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +--- a/crmsh/log.py ++++ b/crmsh/log.py +@@ -423,14 +423,6 @@ + self.logger.info("offending xml: %s", xml) + + +-def setup_directory_for_logfile(): +- """ +- Create log file's parent directory +- """ +- _dir = os.path.dirname(CRMSH_LOG_FILE) +- os.makedirs(_dir, exist_ok=True) +- +- + def setup_logging(only_help=False): + """ + Setup log directory and loadding logging config dict +@@ -439,10 +431,17 @@ + if only_help: + LOGGING_CFG["handlers"]["file"] = {'class': 'logging.NullHandler'} + else: +- setup_directory_for_logfile() ++ # dirname(CRMSH_LOG_FILE) should be created by package manager during installation ++ with open(CRMSH_LOG_FILE, 'a') as f: ++ try: ++ shutil.chown(CRMSH_LOG_FILE, group=constants.HA_GROUP) ++ os.fchmod(f.fileno(), 0o664) ++ shutil.chown(CRMSH_LOG_FILE, user=constants.HA_USER) ++ except PermissionError: ++ # The file has been open with O_APPEND, oo logging can write to it. ++ # Failing to change owner or mode is not a fatal error. ++ pass + logging.config.dictConfig(LOGGING_CFG) +- if os.path.exists(CRMSH_LOG_FILE): +- shutil.chown(CRMSH_LOG_FILE, constants.HA_USER, constants.HA_GROUP) + + + def setup_logger(name): diff -Nru crmsh-4.4.1/debian/patches/series crmsh-4.4.1/debian/patches/series --- crmsh-4.4.1/debian/patches/series 2023-03-03 22:48:18.000000000 +0100 +++ crmsh-4.4.1/debian/patches/series 2023-10-29 20:46:13.000000000 +0100 @@ -14,3 +14,4 @@ 0018-Fix-python3-install.patch getargspec.patch spelling-errors.patch +0019-Fix-log-file-error.patch
