Hello community, here is the log from the commit of package icecream for openSUSE:Factory checked in at 2013-07-05 15:04:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/icecream (Old) and /work/SRC/openSUSE:Factory/.icecream.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "icecream" Changes: -------- --- /work/SRC/openSUSE:Factory/icecream/icecream.changes 2013-06-18 21:53:05.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.icecream.new/icecream.changes 2013-07-05 15:04:14.000000000 +0200 @@ -1,0 +2,6 @@ +Thu Jun 27 16:27:43 UTC 2013 - [email protected] + +- avoid crash on first launch after reboot (bnc#827118): + fix-startup.patch + +------------------------------------------------------------------- New: ---- fix-startup.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ icecream.spec ++++++ --- /var/tmp/diff_new_pack.0vjhMI/_old 2013-07-05 15:04:16.000000000 +0200 +++ /var/tmp/diff_new_pack.0vjhMI/_new 2013-07-05 15:04:16.000000000 +0200 @@ -41,6 +41,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build # PATCH-FIX-UPSTREAM 5aa24f5ea8aa855717d66cdab930bc787fbf355c Patch1: cap-ng-link.patch +# PATCH-FIX-UPSTREAM 714e64160f2002693d760b1144f7ece8b74fd203 +Patch2: fix-startup.patch %description icecream is the next generation distcc. @@ -70,6 +72,7 @@ %setup -q -n icecc-%{version} # DO NOT ADD PATCHES without github reference %patch1 -p1 +%patch2 -p1 %build export CFLAGS="$RPM_OPT_FLAGS" ++++++ fix-startup.patch ++++++ commit 714e64160f2002693d760b1144f7ece8b74fd203 Author: Luboš Luňák <[email protected]> Date: Thu Jun 27 17:33:48 2013 +0200 fix /var/run/icecc handling Was severely broken by 203b51b588fa2e550feeeef73d91e6d72afeafa9. It first created /var/run/icecc, which was successful and didn't have the follow-up chown/chmod, so they ended up as root-owned, because this happened before dropping privileges using libcap-ng. This caused the later access() check for it to fail, and ended up using the user path, which however crashed because of there being no $HOME set. So after every boot, if /var/run was empty, the first launch failed. All following launches were successful, because the mkdir() failed, leaving to proper chown/chmod. Fix by always doing chown/chmod unconditionally. Also do not use the access() check for detecting if it's the system or user way of launching. diff --git a/daemon/main.cpp b/daemon/main.cpp index 6682e26..28ec158 100644 --- a/daemon/main.cpp +++ b/daemon/main.cpp @@ -543,11 +543,16 @@ bool Daemon::setup_listen_fds() memset(&myaddr, 0, sizeof(myaddr)); myaddr.sun_family = AF_UNIX; mode_t old_umask = -1U; - if (access("/var/run/icecc", R_OK|W_OK|X_OK) == 0) { +#ifdef HAVE_LIBCAP_NG + // We run as system daemon. + if (capng_have_capability( CAPNG_PERMITTED, CAP_SYS_CHROOT )) { +#else + if (getuid()==0) { +#endif strncpy(myaddr.sun_path, "/var/run/icecc/iceccd.socket", sizeof(myaddr.sun_path)-1); unlink(myaddr.sun_path); old_umask = umask(0); - } else { + } else { // Started by user. strncpy(myaddr.sun_path, getenv("HOME"), sizeof(myaddr.sun_path)-1); strncat(myaddr.sun_path, "/.iceccd.socket", sizeof(myaddr.sun_path)-1-strlen(myaddr.sun_path)); unlink(myaddr.sun_path); @@ -1785,22 +1790,16 @@ int main( int argc, char ** argv ) if (getuid() == 0) { if (!logfile.length() && detach) { - if (mkdir("/var/log/icecc", S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH)) { - if (errno == EEXIST) { - chmod("/var/log/icecc", S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - chown("/var/log/icecc", d.user_uid, d.user_gid); - } - } - + mkdir("/var/log/icecc", S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + chmod("/var/log/icecc", S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + chown("/var/log/icecc", d.user_uid, d.user_gid); logfile = "/var/log/icecc/iceccd.log"; } - if (mkdir("/var/run/icecc", S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH) == -1) { - if (errno == EEXIST) { - chmod("/var/run/icecc", S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - chown("/var/run/icecc", d.user_uid, d.user_gid); - } - } + mkdir("/var/run/icecc", S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + chmod("/var/run/icecc", S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); + chown("/var/run/icecc", d.user_uid, d.user_gid); + #ifdef HAVE_LIBCAP_NG capng_clear(CAPNG_SELECT_BOTH); capng_update(CAPNG_ADD, (capng_type_t)(CAPNG_EFFECTIVE|CAPNG_PERMITTED), CAP_SYS_CHROOT); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
