On Mon, Nov 11, 2019 at 10:40:58AM -0500, Antoine Beaupre wrote: > diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog > ganeti-instance-debootstrap-0.16/debian/changelog > --- ganeti-instance-debootstrap-0.16/debian/changelog 2018-06-20 > 06:57:18.000000000 -0400 > +++ ganeti-instance-debootstrap-0.16/debian/changelog 2019-11-01 > 19:01:50.000000000 -0400 > @@ -1,3 +1,10 @@ > +ganeti-instance-debootstrap (0.16-6.1) unstable; urgency=medium
Version number and distribution don't look right. > + > + * Non-maintainer upload > + * add patch to respect linux caps (Closes: #942114) > + > + -- Antoine Beaupré <anar...@debian.org> Fri, 01 Nov 2019 19:01:50 -0400 > + > ganeti-instance-debootstrap (0.16-6) unstable; urgency=medium > > * Bump Standards-Version to 4.1.4; no changes needed > diff -Nru > ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch > > ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch > --- > ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch > 1969-12-31 19:00:00.000000000 -0500 > +++ > ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch > 2019-11-01 19:01:50.000000000 -0400 > @@ -0,0 +1,48 @@ > +From cd34bcc48a2af92f484535b81fba2d46dad1dbb6 Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anar...@debian.org> > +Date: Thu, 10 Oct 2019 11:07:51 -0400 > +Subject: [PATCH] respect Linux capabilities(7) in cache > + > +The default GNU tar configuration does not carry fancy extended > +attributes and that is where, among other things, stuff like Linux > +capabilities(7) are stored. This is kind of important because that's > +how ping(8) works for regular users. > + > +We shove --selinux and --acls in there while we're at it, because why > +not. We never know what the future might bring, and it seems > +silly *not* to create a complete archive. > + > +Note that --xattrs-include='*' is important because, by default, GNU > +tar will not include capabilities /even/ if --xattrs is specified on > +the commandline, see this bug report for details: > + I'm a bit uneasy about a blanket "include all", to be honest. It's probably harmless since it's all coming straight out of debootstrap, but I'd have been happier with something like "include security.*" if that's what we expect to see. Cheers, Julien
