Bug#570486: Configuration /var with noexec option breaks base system installation
Benoit GUERIN writes:
> During partitions configuration, I choosed to create a dedicated
> partition for /var and to configure it with options noatime and
> noexec.
>
> Afterward, the installation process failed on the step "base system
> installation" saying the it could not install base system.
>
> This was because /target/var was mounted noexec, so scripts cannot be executed
>
> I bypassed the problem by opening a console and executing the command
> "mount -o remount,exec /target/var" then exiting the console, and
> relaunching the base system installation
>
> My advice is to force, during install, mount of /var as exec, just
> like every partition is forced as rw, even if we select "ro" from the
> options of a partition
I've added a patch for review on this bug report.
Colin, could you take a look on it and ack it for me to push it?
Cheers,
>From 5f66f8464880f9af0921a017eac0116d1ea832be Mon Sep 17 00:00:00 2001
From: Otavio Salvador
Date: Thu, 15 Apr 2010 13:36:56 -0300
Subject: [PATCH] Do not mount partitions with 'noexec' during installation otherwise base installation fails (closes: #570486).
---
packages/partman/partman-target/debian/changelog |5 +
.../partman-target/finish.d/mount_partitions |6 ++
2 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/packages/partman/partman-target/debian/changelog b/packages/partman/partman-target/debian/changelog
index 2392661..27dfaa9 100644
--- a/packages/partman/partman-target/debian/changelog
+++ b/packages/partman/partman-target/debian/changelog
@@ -1,8 +1,13 @@
partman-target (67) UNRELEASED; urgency=low
+ [ Colin Watson ]
* Ensure that /dev isn't assigned a separate mount point (closes:
#445211).
+ [ Otavio Salvador ]
+ * Do not mount partitions with 'noexec' during installation otherwise
+base installation fails (closes: #570486).
+
-- Colin Watson Fri, 19 Mar 2010 15:22:31 +
partman-target (66) unstable; urgency=low
diff --git a/packages/partman/partman-target/finish.d/mount_partitions b/packages/partman/partman-target/finish.d/mount_partitions
index 9c8499e..64384c8 100755
--- a/packages/partman/partman-target/finish.d/mount_partitions
+++ b/packages/partman/partman-target/finish.d/mount_partitions
@@ -15,6 +15,12 @@ fstab=$(
newoptions=
while [ "$options" ]; do
case $options in
+ (noexec,*)
+options="${options#noexec,}"
+;;
+ (noexec)
+options=
+;;
(ro,*)
options="${options#ro,}"
;;
--
1.7.0.3.291.g5e4f6
--
O T A V I OS A L V A D O R
-
E-mail: ota...@debian.org UIN: 5906116
GNU/Linux User: 239058 GPG ID: CDFC6E4F
Home Page: http://otavio.ossystems.com.br
-
"Microsoft sells you Windows ... Linux gives
you the whole house."
Bug#571074: wlan0: link is not ready
Boris Popov writes: > Feb 24 17:01:03 kernel: [ 134.218025] ADDRCONF(NETDEV_UP): wlan0: > link is not ready > Feb 24 17:01:04 dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 > port 67 interval 6 > Feb 24 17:01:10 dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 > port 67 interval 13 > Feb 24 17:01:23 dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 > port 67 interval 21 > > WEP key is the same in the first and second case. > What should I do? This looks to be a kernel issue and it would be good if you could give it a test: http://cdimage.debian.org/cdimage/daily-builds/unstable/current/i386/iso-cd/debian-testing-i386-netinst.iso Cheers, -- O T A V I OS A L V A D O R - E-mail: ota...@debian.org UIN: 5906116 GNU/Linux User: 239058 GPG ID: CDFC6E4F Home Page: http://otavio.ossystems.com.br - "Microsoft sells you Windows ... Linux gives you the whole house." -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87d3y0y7so@neumann.lab.ossystems.com.br
Bug#570486: Configuration /var with noexec option breaks base system installation
Allowing users to install a system with a noexec /var strikes me as a bad idea, because such a system will require a knowledgeable admin to intervene to allow it to upgrade, or install new packages. I think that partman should prevent the user from foot-shooting of this magnitude. It should ensure that at least / /usr /tmp /var are not noexec. (/tmp due to #223683) (FWIW, I have always considered /var/lib/dpkg to be a FHS violation, being that the data in it is no more "variable" than is /bin/sh. And here we have a nice example of why that should have been moved a decade plus ago. Unfortunatly, I never had much luck convincing anyone to care about that. But even if that were fixed, /var can potentially contiain FHS compliant executables. For example, ucf's cache files are executable if the conffile is executable.) -- see shy jo signature.asc Description: Digital signature
Bug#570486: Configuration /var with noexec option breaks base system installation
2010/4/15 Joey Hess > Allowing users to install a system with a noexec /var strikes me as a > bad idea, because such a system will require a knowledgeable admin to > intervene to allow it to upgrade, or install new packages. > > I think that partman should prevent the user from foot-shooting of this > magnitude. It should ensure that at least / /usr /tmp /var are not > noexec. (/tmp due to #223683) > > I totally agree with that, but as a similary thing, one can configure /usr read-only (for security reasons) The installation process does not break with /usr configured read only, and once you have rebooted, you HAVE to do some extra configuration (/etc/apt/apt.conf.d/... ok this works with apt, aptitude, synaptic but not with dpkg itself) to install / upgrade packages My 2 cents ...
Bug#570486: Configuration /var with noexec option breaks base system installation
* Joey Hess [100415 19:21]: > I think that partman should prevent the user from foot-shooting of this > magnitude. It should ensure that at least / /usr /tmp /var are not > noexec. (/tmp due to #223683) I don't think /tmp should be forced to be non-noexec. People getting some nasty warnings when forgetting to disabling preconfigure when using a noexec /tmp is not really a problem when everything just works otherwise. Hochachtungsvoll, Bernhard R. Link -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100415175156.ga3...@pcpool00.mathematik.uni-freiburg.de
Processing of discover_2.1.2-4_i386.changes
discover_2.1.2-4_i386.changes uploaded successfully to localhost along with the files: discover_2.1.2-4.dsc discover_2.1.2-4.diff.gz discover_2.1.2-4_i386.deb libdiscover2_2.1.2-4_i386.deb libdiscover-dev_2.1.2-4_i386.deb Greetings, Your Debian queue daemon (running on host ries.debian.org) -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1o2xuv-0003l3...@ries.debian.org
Bug#577451: hw-detect: Should automatically install hardware related packages (RAID tools, printer drivers, fingerprint scanner tools, etc)
[Joey Hess] > debconf passthrough should work with in-target used like that. Good. Then I guess the patch will work. :) > But, discover-pkginstall needs to use the debconf-apt-progress > command when it runs aptitude to install packages. Tested fix for discover was just uploaded. :) Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100415222701.gb10...@login1.uio.no
discover_2.1.2-4_i386.changes ACCEPTED
Accepted: discover_2.1.2-4.diff.gz to main/d/discover/discover_2.1.2-4.diff.gz discover_2.1.2-4.dsc to main/d/discover/discover_2.1.2-4.dsc discover_2.1.2-4_i386.deb to main/d/discover/discover_2.1.2-4_i386.deb libdiscover-dev_2.1.2-4_i386.deb to main/d/discover/libdiscover-dev_2.1.2-4_i386.deb libdiscover2_2.1.2-4_i386.deb to main/d/discover/libdiscover2_2.1.2-4_i386.deb Override entries for your package: discover_2.1.2-4.dsc - source admin discover_2.1.2-4_i386.deb - optional admin libdiscover-dev_2.1.2-4_i386.deb - optional libdevel libdiscover2_2.1.2-4_i386.deb - optional libs Announcing to debian-devel-chan...@lists.debian.org Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1o2xqs-0006k0...@ries.debian.org
Re: Mismatch between d-i's kernel and kernel in local mirror
Hi > I am trying to build a Debian(Squeeze) install CD with custom d-i. I checked > out d-i source from > svn://svn.debian.org/svn/d-i/trunk > I placed the installer/build/dest/cdrom into the local mirror's > /dists/squeeze/main/installer-i386/current/images/cdrom directory. > > I've used easy-build.sh to build the CD images. > > On running the installer i get the following error: > No kernel modules found. This probably is due to a mismatch between the > kernel used by this version of the installer and the kernel available in the > archive. > > I used Squeeze's DVD image to make the mirror. The d-i uses kernel version > 2.6.32-3-486 from kernel-image-2.6.32-3-486-di.udeb, whereas the Squeeze > installation(installed from the same DVD used to make the mirror) on which > iam running Debian-cd has the kernel version 2.6.32-3-686. > > How can this be fixed? Well, did you push kernel 2.6.32-3-486 udeb's to your repository (in main/debian-installer section) ? regards Lucas Brasilino -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/k2j9ad205141004151842nb66b308bt3943d4e4550f4...@mail.gmail.com
Bug#447755: Support for CMS formatted disks in parted
Well, it took me a *long* time. And I had to have help from a real C programmer. Someone who knew what they were doing (i.e. someone proficient in C) could have easily done it in an afternoon, I'm sure. But I have managed to add support for CMS formatted disks to parted. This will go a long way, maybe all the way, to adding support for CMS formatted disks to the Debian installer. It only works on CKD DASD, and then only when using the ECKD driver (not the DIAG driver). But switching to the DIAG driver after installation for CMS formatted disks on CKD DASD is no problem. I don't have any FBA DASD to test with; so I didn't bother even trying to add support for CMS minidisks on FBA DASD. After some more testing and code cleanup, I will open a bug report against parted with severity wishlist for adding support for CMS minidisks. Patch files will be included. As an added bonus, it will include a bug fix for correctly calculating the starting "sector" for an ldl formatted disk if the block size is other than 4096. -- .''`. Stephen Powell : :' : `. `'` `- -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/589265991.57405.1271381734077.javamail.r...@md01.wow.synacor.com
Re: Mismatch between d-i's kernel and kernel in local mirror
Hi, Thanks a lot for your reply. > Well, did you push kernel 2.6.32-3-486 udeb's to your repository (in > main/debian-installer section) ? I did, i have placed kernel-image-2.6.32-3-486-di_1.87_i386.udeb inĀ /dists/squeeze/main/debian-installer/binary-i386/ alond with all the other udebs from installer/build/apt.udeb/cache/archives. Regards, Vikram
Re: Mismatch between d-i's kernel and kernel in local mirror
hi, fixed it :) I has initially checked code from svn based on installer/build/README "If you are using testing or unstable, check out a copy of the installer using the command "svn co svn://svn.d-i.alioth.debian.org/svn/d-i/trunk/installer" " as I am building d-i on Squeeze, but then i ended up with the "No kernel modules found." error Then I tried building from d-i source i pulled off the Squeeze repository via apt-get and that worked. Wonder what i missed here... Thanks again for your reply Regards, Vikram
