Your message dated Sat, 20 Feb 2016 22:13:06 +0000 with message-id <20160220221306.gp6...@betterave.cristau.org> and subject line Re: Bug#791837: jessie-pu: package monkeysphere/0.37-2 has caused the Debian Bug report #791837, regarding jessie-pu: package monkeysphere/0.37-2 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 791837: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791837 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: release.debian.org Severity: normal Tags: jessie User: release.debian....@packages.debian.org Usertags: pu On some systems, #778833 appears to be repeatable and reliable, though i do not control any systems like that. I tried to fix it in 0.37-2, and called for testing before the release of jessie, but heard no feedback. After the release of jessie, I found out that i had failed to actually apply the patch in question, which means that it didn't fix things for people who have machines that exhibit #778833. 0.37-3 does apparently fix things for those people. Furthermore, the sshd_config settings suggested by monkeysphere-authentication diagnostics can be improved for the version of sshd in jesse, as noted upstream and in 0.37-3 (in testing/unstable). The debdiff between 0.37-2 and 0.37-3 (attached here) should improve the situation for users of monkeysphere on jessie. Is it OK to upload 0.37-3 as 0.37-2+deb8u1? or should i more narrowly-target just #778833 (a clear bug that prevents package installation on some platforms) and leave jessie monkeysphere-authentication diagnostics with subpotimal sshd_config suggestions? Sorry for this hassle. Regards, --dkg -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)diff -Nru monkeysphere-0.37/debian/changelog monkeysphere-0.37/debian/changelog --- monkeysphere-0.37/debian/changelog 2014-11-27 15:01:49.000000000 -0500 +++ monkeysphere-0.37/debian/changelog 2015-05-06 23:30:56.000000000 -0400 @@ -1,3 +1,14 @@ +monkeysphere (0.37-3) unstable; urgency=medium + + * actually patch log() to consume all stdin when not given a message + argument (apparently the fix in 0.37-2 did not get properly applied) + (Closes: #778833) + * also from usptream: improve monkeysphere-authentication diagnostic + checks. + * wrap-and-sort for a cleaner debian/ + + -- Daniel Kahn Gillmor <d...@fifthhorseman.net> Wed, 06 May 2015 23:14:57 -0400 + monkeysphere (0.37-2) unstable; urgency=medium * patch from upstream: log() should consume all stdin when not given a diff -Nru monkeysphere-0.37/debian/control monkeysphere-0.37/debian/control --- monkeysphere-0.37/debian/control 2014-11-27 15:01:33.000000000 -0500 +++ monkeysphere-0.37/debian/control 2015-05-06 23:30:02.000000000 -0400 @@ -3,33 +3,29 @@ Priority: extra Maintainer: Jameson Rollins <jroll...@finestructure.net> Uploaders: Daniel Kahn Gillmor <d...@fifthhorseman.net> -Build-Depends: debhelper (>= 9~), - cpio, - socat, - openssh-server, - gnupg (>= 1.4.10), - libcrypt-openssl-rsa-perl, - libdigest-sha-perl, - lockfile-progs | procmail, - openssl, - bash (>= 3.2) +Build-Depends: bash (>= 3.2), + cpio, + debhelper (>= 9~), + gnupg (>= 1.4.10), + libcrypt-openssl-rsa-perl, + libdigest-sha-perl, + lockfile-progs | procmail, + openssh-server, + openssl, + socat Standards-Version: 3.9.6 Homepage: http://web.monkeysphere.info/ Vcs-Git: git://git.monkeysphere.info/monkeysphere Package: monkeysphere Architecture: all -Depends: - gnupg (>= 1.4.10), - libcrypt-openssl-rsa-perl, - libdigest-sha-perl, - lockfile-progs | procmail, - adduser, - ${misc:Depends} -Recommends: netcat | socat, - ssh-askpass, - cron, - openssh-client +Depends: adduser, + gnupg (>= 1.4.10), + libcrypt-openssl-rsa-perl, + libdigest-sha-perl, + lockfile-progs | procmail, + ${misc:Depends} +Recommends: cron, netcat | socat, openssh-client, ssh-askpass Suggests: monkeysphere-validation-agent Enhances: openssh-client, openssh-server Description: leverage the OpenPGP web of trust for SSH and TLS authentication @@ -40,6 +36,6 @@ for users to get validated host keys, and for hosts to authenticate users. Current monkeysphere SSH tools are designed to integrate with the OpenSSH implementation of the Secure Shell protocol. - . + . Monkeysphere can also be used by a validation agent to validate TLS connections (e.g. https). diff -Nru monkeysphere-0.37/debian/monkeysphere.dirs monkeysphere-0.37/debian/monkeysphere.dirs --- monkeysphere-0.37/debian/monkeysphere.dirs 2014-11-27 14:51:28.000000000 -0500 +++ monkeysphere-0.37/debian/monkeysphere.dirs 2015-05-06 23:30:02.000000000 -0400 @@ -1,12 +1,12 @@ -var/lib/monkeysphere +etc/X11 +etc/X11/Xsession.d +etc/monkeysphere usr/bin usr/sbin usr/share -usr/share/monkeysphere usr/share/man usr/share/man/man1 usr/share/man/man7 usr/share/man/man8 -etc/monkeysphere -etc/X11 -etc/X11/Xsession.d +usr/share/monkeysphere +var/lib/monkeysphere diff -Nru monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch --- monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch 1969-12-31 19:00:00.000000000 -0500 +++ monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch 2015-05-06 23:11:50.000000000 -0400 @@ -0,0 +1,56 @@ +From e7b1fd672161872c874cb2b28a7277ead47e4f0a Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <d...@fifthhorseman.net> +Date: Wed, 26 Nov 2014 19:35:24 -0500 +Subject: [PATCH 1/2] Always consume stdin when log is called without a message + argument + +See the discussion about this in https://bugs.debian.org/635711 + +I'm hoping this will resolve the intermittent SIGPIPEs plaguing +monkeysphere's postinst. + +I'm still unable to reproduce the problem. If people who can +reproduce the problem could try this patch and report back if it fixes +things for them, that would be great. +--- + src/share/common | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/share/common b/src/share/common +index e377ff3..2ea097e 100755 +--- a/src/share/common ++++ b/src/share/common +@@ -38,6 +38,7 @@ log() { + local output + local alllevels + local found= ++ local written= + + # don't include SILENT in alllevels: it's handled separately + # list in decreasing verbosity (all caps). +@@ -50,6 +51,9 @@ log() { + + # just go ahead and return if the log level is silent + if [ "$LOG_LEVEL" = 'SILENT' ] ; then ++ if [ ! "$2" ] ; then ++ cat >/dev/null ++ fi + return + fi + +@@ -81,8 +85,12 @@ log() { + else + cat + fi | sed 's/^/'"${LOG_PREFIX}"'/' >&2 ++ written=true + fi + done ++ if [ "$written" != 'true' -a ! "$1" ]; then ++ cat >/dev/null ++ fi + } + + # run command as monkeysphere user +-- +2.1.4 + diff -Nru monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch --- monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch 2014-11-27 14:52:29.000000000 -0500 +++ monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch 1969-12-31 19:00:00.000000000 -0500 @@ -1,50 +0,0 @@ -commit e7b1fd672161872c874cb2b28a7277ead47e4f0a -Author: Daniel Kahn Gillmor <d...@fifthhorseman.net> -Date: Wed Nov 26 19:35:24 2014 -0500 - - Always consume stdin when log is called without a message argument - - See the discussion about this in https://bugs.debian.org/635711 - - I'm hoping this will resolve the intermittent SIGPIPEs plaguing - monkeysphere's postinst. - - I'm still unable to reproduce the problem. If people who can - reproduce the problem could try this patch and report back if it fixes - things for them, that would be great. - -diff --git a/src/share/common b/src/share/common -index e377ff3..2ea097e 100755 ---- a/src/share/common -+++ b/src/share/common -@@ -38,6 +38,7 @@ log() { - local output - local alllevels - local found= -+ local written= - - # don't include SILENT in alllevels: it's handled separately - # list in decreasing verbosity (all caps). -@@ -50,6 +51,9 @@ log() { - - # just go ahead and return if the log level is silent - if [ "$LOG_LEVEL" = 'SILENT' ] ; then -+ if [ ! "$2" ] ; then -+ cat >/dev/null -+ fi - return - fi - -@@ -81,8 +85,12 @@ log() { - else - cat - fi | sed 's/^/'"${LOG_PREFIX}"'/' >&2 -+ written=true - fi - done -+ if [ "$written" != 'true' -a ! "$1" ]; then -+ cat >/dev/null -+ fi - } - - # run command as monkeysphere user diff -Nru monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch --- monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch 1969-12-31 19:00:00.000000000 -0500 +++ monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch 2015-05-06 23:11:50.000000000 -0400 @@ -0,0 +1,29 @@ +From 321b5dca3604699a1abd8e60cfcf196b005f60c7 Mon Sep 17 00:00:00 2001 +From: Daniel Kahn Gillmor <d...@fifthhorseman.net> +Date: Tue, 5 May 2015 12:11:00 -0400 +Subject: [PATCH 2/2] fix diagnostic check and recommendation for good + authorizedkeysfile in sshd_config + +--- + src/share/ma/diagnostics | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics +index abf207e..a59244a 100644 +--- a/src/share/ma/diagnostics ++++ b/src/share/ma/diagnostics +@@ -122,9 +122,9 @@ echo "Checking for Monkeysphere-enabled public-key authentication for users ..." + # Ensure that User ID authentication is enabled: + if echo "AuthorizedKeysFile foo bar" | /usr/sbin/sshd -t -f /dev/stdin; then + # OpenSSH >= 6.0, multiple authorized_keys file supported +- if ! grep -q "^AuthorizedKeysFile[[:space:]]\+.*[[:space:]]\*${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then ++ if ! grep -q "^AuthorizedKeysFile[[:space:]]\+.*[[:space:]]*${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then + echo "! $sshd_config does not point to monkeysphere authorized keys." +- echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 ${SYSDATADIR}/authorized_keys/%u'" ++ echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys2 ${SYSDATADIR}/authorized_keys/%u'" + problemsfound=$(($problemsfound+1)) + fi + if [ "$RAW_AUTHORIZED_KEYS" != none ]; then +-- +2.1.4 + diff -Nru monkeysphere-0.37/debian/patches/series monkeysphere-0.37/debian/patches/series --- monkeysphere-0.37/debian/patches/series 1969-12-31 19:00:00.000000000 -0500 +++ monkeysphere-0.37/debian/patches/series 2015-05-06 23:13:51.000000000 -0400 @@ -0,0 +1,2 @@ +0001-Always-consume-stdin-when-log-is-called-without-a-me.patch +0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch
--- End Message ---
--- Begin Message ---On Tue, Jul 14, 2015 at 20:13:37 +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Wed, 2015-07-08 at 15:31 -0400, Daniel Kahn Gillmor wrote: > > On some systems, #778833 appears to be repeatable and reliable, though > > i do not control any systems like that. I tried to fix it in 0.37-2, > > and called for testing before the release of jessie, but heard no > > feedback. After the release of jessie, I found out that i had failed > > to actually apply the patch in question, which means that it didn't > > fix things for people who have machines that exhibit #778833. 0.37-3 > > does apparently fix things for those people. > > > > Furthermore, the sshd_config settings suggested by > > monkeysphere-authentication diagnostics can be improved for the > > version of sshd in jesse, as noted upstream and in 0.37-3 (in > > testing/unstable). > > I'm not really very keen on wrap-and-sort applications in stable > updates, as they introduce quite a bit of noise, but the patches > themselves look okay; please feel free to go ahead with those. > Looks like that upload's not happening. Closing the bug. Cheers, Julien
--- End Message ---
