Package: release.debian.org Severity: normal Tags: buster User: release.debian....@packages.debian.org Usertags: pu
ganeti-instance-debootstrap (GID) has a RC bug (grave) affecting buster (#942114). I uploaded a minimal package to unstable to fix this problem which has now trickled down into testing and that I think would be important to include in the next point release. The attached patch describes the current diff between stable and testing. All it does is include a patch that changes the `tar` call to store more information in the cache file so that "special" properties (like capabilities) are properly stored across installs. We've been running this patch in production for a few weeks at tor without any problems. A. -- System Information: Debian Release: 10.1 APT prefers stable-debug APT policy: (500, 'stable-debug'), (500, 'stable'), (1, 'experimental'), (1, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog ganeti-instance-debootstrap-0.16/debian/changelog --- ganeti-instance-debootstrap-0.16/debian/changelog 2018-06-20 06:57:18.000000000 -0400 +++ ganeti-instance-debootstrap-0.16/debian/changelog 2019-11-01 19:01:50.000000000 -0400 @@ -1,3 +1,10 @@ +ganeti-instance-debootstrap (0.16-6.1) unstable; urgency=medium + + * Non-maintainer upload + * add patch to respect linux caps (Closes: #942114) + + -- Antoine Beaupré <anar...@debian.org> Fri, 01 Nov 2019 19:01:50 -0400 + ganeti-instance-debootstrap (0.16-6) unstable; urgency=medium * Bump Standards-Version to 4.1.4; no changes needed diff -Nru ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch --- ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch 1969-12-31 19:00:00.000000000 -0500 +++ ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch 2019-11-01 19:01:50.000000000 -0400 @@ -0,0 +1,48 @@ +From cd34bcc48a2af92f484535b81fba2d46dad1dbb6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anar...@debian.org> +Date: Thu, 10 Oct 2019 11:07:51 -0400 +Subject: [PATCH] respect Linux capabilities(7) in cache + +The default GNU tar configuration does not carry fancy extended +attributes and that is where, among other things, stuff like Linux +capabilities(7) are stored. This is kind of important because that's +how ping(8) works for regular users. + +We shove --selinux and --acls in there while we're at it, because why +not. We never know what the future might bring, and it seems +silly *not* to create a complete archive. + +Note that --xattrs-include='*' is important because, by default, GNU +tar will not include capabilities /even/ if --xattrs is specified on +the commandline, see this bug report for details: + +https://bugzilla.redhat.com/show_bug.cgi?id=771927 +--- + create | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/create b/create +index 607bab2..7526e71 100755 +--- a/create ++++ b/create +@@ -83,7 +83,7 @@ if [ "$CLEAN_CACHE" -a -d "$CACHE_DIR" ]; then + fi + + if [ -f "$CACHE_FILE" ]; then +- tar xf "$CACHE_FILE" -C $TMPDIR ++ tar --acls --selinux --xattrs --xattrs-include='*' -x -f "$CACHE_FILE" -C $TMPDIR + else + if [ "$PROXY" ]; then + export http_proxy="$PROXY" +@@ -109,7 +109,7 @@ else + + if [ "$GENERATE_CACHE" = "yes" ]; then + TMP_CACHE=`mktemp "${CACHE_FILE}.XXXXXX"` +- tar cf "$TMP_CACHE" -C $TMPDIR . ++ tar --acls --selinux --xattrs --xattrs-include='*' -c -f "$TMP_CACHE" -C $TMPDIR . + mv -f "$TMP_CACHE" "$CACHE_FILE" + fi + fi +-- +2.20.1 + diff -Nru ganeti-instance-debootstrap-0.16/debian/patches/series ganeti-instance-debootstrap-0.16/debian/patches/series --- ganeti-instance-debootstrap-0.16/debian/patches/series 2018-06-20 06:57:18.000000000 -0400 +++ ganeti-instance-debootstrap-0.16/debian/patches/series 2019-11-01 19:01:50.000000000 -0400 @@ -1 +1,2 @@ +respect-Linux-capabilities-7-in-cache.patch fix-sfdisk-BLKRRPART.patch
