Your message dated Sat, 28 Mar 2015 22:59:17 +0100
with message-id <55172435.9070...@thykier.net>
and subject line Re: Bug#781108: unblock: krb5/1.12.1+dfsg-19
has caused the Debian Bug report #781108,
regarding unblock: krb5/1.12.1+dfsg-19
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
781108: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781108
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package krb5
The previous package failed to mark some directories as optional in the systemd
unit files, so for example if you don't have /etc/ssl/private, then krb5-kdc
and krb5-admin-server fail to start.
(include/attach the debdiff against the package in testing)
diff --git a/debian/changelog b/debian/changelog
index 566e140..093c3bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+krb5 (1.12.1+dfsg-19) unstable; urgency=medium
+
+ * mark systemd unit directories as optional, Closes: #780831
+
+ -- Sam Hartman <hartm...@debian.org> Fri, 20 Mar 2015 16:22:33 -0400
+
krb5 (1.12.1+dfsg-18) unstable; urgency=high
* Import upstream patch for CVE-2014-5355, Closes: #778647
diff --git a/debian/krb5-admin-server.service b/debian/krb5-admin-server.service
index 8b544e2..ae742f4 100644
--- a/debian/krb5-admin-server.service
+++ b/debian/krb5-admin-server.service
@@ -6,9 +6,9 @@ Description=Kerberos 5 Admin Server
Type=simple
ExecStart=/usr/sbin/kadmind -nofork $DAEMON_ARGS
EnvironmentFile=-/etc/default/krb5-admin-server
-InaccessibleDirectories=/etc/ssh /etc/ssl/private /root
+InaccessibleDirectories=-/etc/ssh -/etc/ssl/private /root
ReadOnlyDirectories=/
-ReadWriteDirectories=/var/tmp /tmp /var/lib/krb5kdc /var/run /run
+ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
[Install]
diff --git a/debian/krb5-kdc.service b/debian/krb5-kdc.service
index 88aad48..5af09a5 100644
--- a/debian/krb5-kdc.service
+++ b/debian/krb5-kdc.service
@@ -8,9 +8,9 @@ PIDFile=/var/run/krb5-kdc.pid
ExecReload=/bin/kill -HUP $MAINPID
EnvironmentFile=-/etc/default/krb5-kdc
ExecStart=/usr/sbin/krb5kdc -P /var/run/krb5-kdc.pid $DAEMON_ARGS
-InaccessibleDirectories=/etc/ssh /etc/ssl/private /root
+InaccessibleDirectories=-/etc/ssh -/etc/ssl/private /root
ReadOnlyDirectories=/
-ReadWriteDirectories=/var/tmp /tmp /var/lib/krb5kdc /var/run /run
+ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
[Install]
unblock krb5/1.12.1+dfsg-19
-- System Information:
Debian Release: jessie/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (250, 'testing'), (200,
'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
On 2015-03-28 22:49, Sam Hartman wrote:
> Of this already seems to have migrated into testing
>
> [...]
>
I guess someone unblocked it without realising there was a bug for it.
Anyway, all the same. :)
~Niels
--- End Message ---
