Bug#785264: Buggy behaviour around samhain

[Steve McIntyre]

Package: live-build
Version: 4.0.5-1
Severity: normal

Hi,

I've been bitten by this when building multiple live images in
parallel on one system, as we do on pettersson to get better build
times. I'm a little surprised that the code in live-build is modifying
state on the host system here, to say the least!

Ignoring that, what I have seen is that the following code in
chroot_dpkg is prone to race conditions:

    # samhain
    if [ -e /var/state/samhain/samhain_file ]
    then
         mv /var/state/samhain/samhain_file /var/state/samhain/samhain_file.orig
    else
         mkdir -p /var/state/samhain
         touch /var/state/samhain/samhain_file
    fi

and so is the corresponding code that restores the samhain_file
contents afterwards. It's also buggy in that it's unnecessary on
systems that don't have samhain installed at all.

On pettersson, I've simply wrapped the check for samhain data inside a
conditional so that if samhain isn't installed this code never runs;
see the attached patch for that. But that's just a quick hack
workaround - the original code should IMHO be removed and instead some
other way used to stop samhain complaining about live-build work
areas.

--- ./usr/lib/live/build/chroot_dpkg    2015-02-07 05:33:42.000000000 +0000
+++ /./usr/lib/live/build/chroot_dpkg   2015-04-02 11:51:19.932000000 +0100
@@ -63,12 +63,14 @@
                touch chroot/.live-build
 
                # samhain
-               if [ -e /var/state/samhain/samhain_file ]
-               then
+               if (dpkg -l samhain >/dev/null 2>&1) ; then
+                   if [ -e /var/state/samhain/samhain_file ]
+                   then
                        mv /var/state/samhain/samhain_file /var/state/samhain/samhain_file.orig
-               else
+                   else
                        mkdir -p /var/state/samhain
                        touch /var/state/samhain/samhain_file
+                   fi
                fi
 
                # flash-kernel
@@ -98,13 +100,15 @@
                Chroot chroot dpkg-divert --rename --quiet --remove /usr/sbin/flash-kernel
 
                # samhain
-               if [ -e /var/state/samhain/samhain_file.orig ]
-               then
+               if (dpkg -l samhain >/dev/null 2>&1) ; then
+                   if [ -e /var/state/samhain/samhain_file.orig ]
+                   then
                        mv /var/state/samhain/samhain_file.orig /var/state/samhain/samhain_file
-               elif [ -d /var/state/samhain ]
-               then
+                   elif [ -d /var/state/samhain ]
+                   then
                        rm -f /var/state/samhain/samhain_file
                        rmdir --ignore-fail-on-non-empty /var/state/samhain || true
+                   fi
                fi
 
                # Remove custom start-stop-daemon program