Your message dated Sat, 10 Sep 2022 19:08:18 +0100
with message-id
<89f2a62efffa2430319ba16ef6709547feb0fe6c.ca...@adam-barratt.org.uk>
and subject line Re: Bug#944538: buster-pu: package
ganeti-instance-debootstrap/0.16-6.1
has caused the Debian Bug report #944538,
regarding buster-pu: package ganeti-instance-debootstrap/0.16-6.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
944538: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944538
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian....@packages.debian.org
Usertags: pu
ganeti-instance-debootstrap (GID) has a RC bug (grave) affecting
buster (#942114). I uploaded a minimal package to unstable to fix this
problem which has now trickled down into testing and that I think
would be important to include in the next point release.
The attached patch describes the current diff between stable and
testing. All it does is include a patch that changes the `tar` call to
store more information in the cache file so that "special" properties
(like capabilities) are properly stored across installs.
We've been running this patch in production for a few weeks at tor
without any problems.
A.
-- System Information:
Debian Release: 10.1
APT prefers stable-debug
APT policy: (500, 'stable-debug'), (500, 'stable'), (1, 'experimental'), (1,
'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog
ganeti-instance-debootstrap-0.16/debian/changelog
--- ganeti-instance-debootstrap-0.16/debian/changelog 2018-06-20
06:57:18.000000000 -0400
+++ ganeti-instance-debootstrap-0.16/debian/changelog 2019-11-01
19:01:50.000000000 -0400
@@ -1,3 +1,10 @@
+ganeti-instance-debootstrap (0.16-6.1) unstable; urgency=medium
+
+ * Non-maintainer upload
+ * add patch to respect linux caps (Closes: #942114)
+
+ -- Antoine Beaupré <anar...@debian.org> Fri, 01 Nov 2019 19:01:50 -0400
+
ganeti-instance-debootstrap (0.16-6) unstable; urgency=medium
* Bump Standards-Version to 4.1.4; no changes needed
diff -Nru
ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
---
ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
1969-12-31 19:00:00.000000000 -0500
+++
ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
2019-11-01 19:01:50.000000000 -0400
@@ -0,0 +1,48 @@
+From cd34bcc48a2af92f484535b81fba2d46dad1dbb6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anar...@debian.org>
+Date: Thu, 10 Oct 2019 11:07:51 -0400
+Subject: [PATCH] respect Linux capabilities(7) in cache
+
+The default GNU tar configuration does not carry fancy extended
+attributes and that is where, among other things, stuff like Linux
+capabilities(7) are stored. This is kind of important because that's
+how ping(8) works for regular users.
+
+We shove --selinux and --acls in there while we're at it, because why
+not. We never know what the future might bring, and it seems
+silly *not* to create a complete archive.
+
+Note that --xattrs-include='*' is important because, by default, GNU
+tar will not include capabilities /even/ if --xattrs is specified on
+the commandline, see this bug report for details:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=771927
+---
+ create | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/create b/create
+index 607bab2..7526e71 100755
+--- a/create
++++ b/create
+@@ -83,7 +83,7 @@ if [ "$CLEAN_CACHE" -a -d "$CACHE_DIR" ]; then
+ fi
+
+ if [ -f "$CACHE_FILE" ]; then
+- tar xf "$CACHE_FILE" -C $TMPDIR
++ tar --acls --selinux --xattrs --xattrs-include='*' -x -f "$CACHE_FILE" -C
$TMPDIR
+ else
+ if [ "$PROXY" ]; then
+ export http_proxy="$PROXY"
+@@ -109,7 +109,7 @@ else
+
+ if [ "$GENERATE_CACHE" = "yes" ]; then
+ TMP_CACHE=`mktemp "${CACHE_FILE}.XXXXXX"`
+- tar cf "$TMP_CACHE" -C $TMPDIR .
++ tar --acls --selinux --xattrs --xattrs-include='*' -c -f "$TMP_CACHE" -C
$TMPDIR .
+ mv -f "$TMP_CACHE" "$CACHE_FILE"
+ fi
+ fi
+--
+2.20.1
+
diff -Nru ganeti-instance-debootstrap-0.16/debian/patches/series
ganeti-instance-debootstrap-0.16/debian/patches/series
--- ganeti-instance-debootstrap-0.16/debian/patches/series 2018-06-20
06:57:18.000000000 -0400
+++ ganeti-instance-debootstrap-0.16/debian/patches/series 2019-11-01
19:01:50.000000000 -0400
@@ -1 +1,2 @@
+respect-Linux-capabilities-7-in-cache.patch
fix-sfdisk-BLKRRPART.patch
--- End Message ---
--- Begin Message ---
On Mon, 2019-11-11 at 10:40 -0500, Antoine Beaupre wrote:
> ganeti-instance-debootstrap (GID) has a RC bug (grave) affecting
> buster (#942114). I uploaded a minimal package to unstable to fix
> this
> problem which has now trickled down into testing and that I think
> would be important to include in the next point release.
>
> The attached patch describes the current diff between stable and
> testing. All it does is include a patch that changes the `tar` call
> to
> store more information in the cache file so that "special" properties
> (like capabilities) are properly stored across installs.
>
Sorry we never got back to this.
The final point release for buster has now happened, so any further
updates to packages in buster will need to be handled via the LTS team.
I'm therefore going to close this request now.
Regards,
Adam
--- End Message ---
