subject:"Bug#944538\: buster\-pu\: package ganeti\-instance\-debootstrap\/0.16\-6.1"

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

2020-06-03 Thread Antoine Beaupré

On 2020-04-26 10:46:41, Antoine Beaupré wrote:

[...]

> I will also mention that this has landed in buster ages ago, and no ill
> effects were found there.

I meant bullseye here, sorry.

Any news? :)

a.

-- 
Striving for social justice is the most valuable thing to do in life
   - Albert Einstein

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

2020-04-26 Thread Antoine Beaupré

On 2020-04-26 15:45:02, Julien Cristau wrote:
> On Fri, Feb 07, 2020 at 05:21:21PM -0500, Antoine Beaupré wrote:
>> [sorry for the dupe, hit send by mistake :(]
>> 
>> On 2019-11-24 12:13:20, Antoine Beaupré wrote:
>> > On 2019-11-23 18:34:25, Julien Cristau wrote:
>> >> I'm a bit uneasy about a blanket "include all", to be honest.  It's
>> >> probably harmless since it's all coming straight out of debootstrap, but
>> >> I'd have been happier with something like "include security.*" if that's
>> >> what we expect to see.
>> >
>> > What kind of problems would you expect with including too many ACLs?
>> 
>> I'm still curious to hear what kind of problems you expect here. I've
>> been running this patch in production for months now and would really
>> like to see this land in buster (and hopefully stretch next).
>> 
> I don't know, that's kind of the point.  For changes in stable I tend to
> err on the side of "if there's no demonstrated need for a change then it
> shouldn't be done".  Things like "because why not" tend to be red flags.

I don't know what to say here. I'm not familiar with the security.* flag
you are refering to, and I do not know whether it will fix my bug. I
also do not know if there are other similar bugs lurking that we just
haven't found yet, exactly about this.

It seems to me we should have the most faithful archive and recovery
when we do a snapshot. This is what this patch does.

You bring up the concern of "include all" yet you also explicitely say
that it's "probably harmless". So I'm truly confused as to why we're
still blocking on this. I understand we want to be conservative in
stable, but this is not like I'm introducing a 1000-line long patch
here.

I would argue that restricting the number of extended attributes is
*more* likely to create bugs than the opposite.

I will also mention that this has landed in buster ages ago, and no ill
effects were found there.

A.

-- 
Use for yourself little but give to others much.
   - Albert Einstein

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

2020-04-26 Thread Julien Cristau

On Fri, Feb 07, 2020 at 05:21:21PM -0500, Antoine Beaupré wrote:
> [sorry for the dupe, hit send by mistake :(]
> 
> On 2019-11-24 12:13:20, Antoine Beaupré wrote:
> > On 2019-11-23 18:34:25, Julien Cristau wrote:
> >> I'm a bit uneasy about a blanket "include all", to be honest.  It's
> >> probably harmless since it's all coming straight out of debootstrap, but
> >> I'd have been happier with something like "include security.*" if that's
> >> what we expect to see.
> >
> > What kind of problems would you expect with including too many ACLs?
> 
> I'm still curious to hear what kind of problems you expect here. I've
> been running this patch in production for months now and would really
> like to see this land in buster (and hopefully stretch next).
> 
I don't know, that's kind of the point.  For changes in stable I tend to
err on the side of "if there's no demonstrated need for a change then it
shouldn't be done".  Things like "because why not" tend to be red flags.

Cheers,
Julien

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

2020-02-07 Thread Antoine Beaupré

On 2019-11-24 12:13:20, Antoine Beaupré wrote:
> On 2019-11-23 18:34:25, Julien Cristau wrote:
>> On Mon, Nov 11, 2019 at 10:40:58AM -0500, Antoine Beaupre wrote:
>>> diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog 
>>> ganeti-instance-debootstrap-0.16/debian/changelog
>>> --- ganeti-instance-debootstrap-0.16/debian/changelog   2018-06-20 
>>> 06:57:18.0 -0400
>>> +++ ganeti-instance-debootstrap-0.16/debian/changelog   2019-11-01 
>>> 19:01:50.0 -0400
>>> @@ -1,3 +1,10 @@
>>> +ganeti-instance-debootstrap (0.16-6.1) unstable; urgency=medium
>>
>> Version number and distribution don't look right.
>
> Ah yes, that would be 0.16-6+deb10u1, right?
>

[...]

Attached a new debdiff with a better version number.

>> I'm a bit uneasy about a blanket "include all", to be honest.  It's
>> probably harmless since it's all coming straight out of debootstrap, but
>> I'd have been happier with something like "include security.*" if that's
>> what we expect to see.
>
> What kind of problems would you expect with including too many ACLs?
>
> A.
>
> -- 
> Qui vit sans folie n'est pas si sage qu'il croit.
> - François de La Rochefoucauld

-- 
Information is not knowledge. Knowledge is not wisdom.
Wisdom is not truth. Truth is not beauty.
Beauty is not love. Love is not music.
Music is the best.  - Frank Zappa

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

2020-02-07 Thread Antoine Beaupré

[sorry for the dupe, hit send by mistake :(]

On 2019-11-24 12:13:20, Antoine Beaupré wrote:
> On 2019-11-23 18:34:25, Julien Cristau wrote:
>> On Mon, Nov 11, 2019 at 10:40:58AM -0500, Antoine Beaupre wrote:
>>> diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog 
>>> ganeti-instance-debootstrap-0.16/debian/changelog
>>> --- ganeti-instance-debootstrap-0.16/debian/changelog   2018-06-20 
>>> 06:57:18.0 -0400
>>> +++ ganeti-instance-debootstrap-0.16/debian/changelog   2019-11-01 
>>> 19:01:50.0 -0400
>>> @@ -1,3 +1,10 @@
>>> +ganeti-instance-debootstrap (0.16-6.1) unstable; urgency=medium
>>
>> Version number and distribution don't look right.
>
> Ah yes, that would be 0.16-6+deb10u1, right?

Attached a better debdiff with the right version number. I'm now part of
the ganeti team so this is actually a team upload now, and the patch has
been merged in the salsa repo.

[...]

>>
>> I'm a bit uneasy about a blanket "include all", to be honest.  It's
>> probably harmless since it's all coming straight out of debootstrap, but
>> I'd have been happier with something like "include security.*" if that's
>> what we expect to see.
>
> What kind of problems would you expect with including too many ACLs?

I'm still curious to hear what kind of problems you expect here. I've
been running this patch in production for months now and would really
like to see this land in buster (and hopefully stretch next).

Can I upload the package now?

Thanks!
-- 
Men are taught to apologize for their weaknesses, women for their
strengths.
- Lois Wyse
diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog ganeti-instance-debootstrap-0.16/debian/changelog
--- ganeti-instance-debootstrap-0.16/debian/changelog	2018-06-20 06:57:18.0 -0400
+++ ganeti-instance-debootstrap-0.16/debian/changelog	2020-02-07 17:11:06.0 -0500
@@ -1,3 +1,10 @@
+ganeti-instance-debootstrap (0.16-6+deb10u1) buster; urgency=medium
+
+  * Team upload.
+  * add patch to respect linux caps (Closes: #942114)
+
+ -- Antoine Beaupré   Fri, 07 Feb 2020 17:11:06 -0500
+
 ganeti-instance-debootstrap (0.16-6) unstable; urgency=medium
 
   * Bump Standards-Version to 4.1.4; no changes needed
diff -Nru ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
--- ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch	1969-12-31 19:00:00.0 -0500
+++ ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch	2020-02-07 17:11:06.0 -0500
@@ -0,0 +1,48 @@
+From cd34bcc48a2af92f484535b81fba2d46dad1dbb6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= 
+Date: Thu, 10 Oct 2019 11:07:51 -0400
+Subject: [PATCH] respect Linux capabilities(7) in cache
+
+The default GNU tar configuration does not carry fancy extended
+attributes and that is where, among other things, stuff like Linux
+capabilities(7) are stored. This is kind of important because that's
+how ping(8) works for regular users.
+
+We shove --selinux and --acls in there while we're at it, because why
+not. We never know what the future might bring, and it seems
+silly *not* to create a complete archive.
+
+Note that --xattrs-include='*' is important because, by default, GNU
+tar will not include capabilities /even/ if --xattrs is specified on
+the commandline, see this bug report for details:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=771927
+---
+ create | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/create b/create
+index 607bab2..7526e71 100755
+--- a/create
 b/create
+@@ -83,7 +83,7 @@ if [ "$CLEAN_CACHE" -a -d "$CACHE_DIR" ]; then
+ fi
+ 
+ if [ -f "$CACHE_FILE" ]; then
+-  tar xf "$CACHE_FILE" -C $TMPDIR
++  tar --acls --selinux --xattrs --xattrs-include='*' -x -f "$CACHE_FILE" -C $TMPDIR
+ else
+   if [ "$PROXY" ]; then
+ export http_proxy="$PROXY"
+@@ -109,7 +109,7 @@ else
+ 
+   if [ "$GENERATE_CACHE" = "yes" ]; then
+ TMP_CACHE=`mktemp "${CACHE_FILE}.XX"`
+-tar cf "$TMP_CACHE" -C $TMPDIR .
++tar --acls --selinux --xattrs --xattrs-include='*' -c -f "$TMP_CACHE" -C $TMPDIR .
+ mv -f "$TMP_CACHE" "$CACHE_FILE"
+   fi
+ fi
+-- 
+2.20.1
+
diff -Nru ganeti-instance-debootstrap-0.16/debian/patches/series ganeti-instance-debootstrap-0.16/debian/patches/series
--- ganeti-instance-debootstrap-0.16/debian/patches/series	2018-06-20 06:57:18.0 -0400
+++ ganeti-instance-debootstrap-0.16/debian/patches/series	2020-02-07 17:11:06.0 -0500
@@ -1 +1,2 @@
+respect-Linux-capabilities-7-in-cache.patch
 fix-sfdisk-BLKRRPART.patch

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

2019-11-24 Thread Antoine Beaupré

On 2019-11-23 18:34:25, Julien Cristau wrote:
> On Mon, Nov 11, 2019 at 10:40:58AM -0500, Antoine Beaupre wrote:
>> diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog 
>> ganeti-instance-debootstrap-0.16/debian/changelog
>> --- ganeti-instance-debootstrap-0.16/debian/changelog2018-06-20 
>> 06:57:18.0 -0400
>> +++ ganeti-instance-debootstrap-0.16/debian/changelog2019-11-01 
>> 19:01:50.0 -0400
>> @@ -1,3 +1,10 @@
>> +ganeti-instance-debootstrap (0.16-6.1) unstable; urgency=medium
>
> Version number and distribution don't look right.

Ah yes, that would be 0.16-6+deb10u1, right?

>> +
>> +  * Non-maintainer upload
>> +  * add patch to respect linux caps (Closes: #942114)
>> +
>> + -- Antoine Beaupré   Fri, 01 Nov 2019 19:01:50 -0400
>> +
>>  ganeti-instance-debootstrap (0.16-6) unstable; urgency=medium
>>  
>>* Bump Standards-Version to 4.1.4; no changes needed
>> diff -Nru 
>> ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
>>  
>> ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
>> --- 
>> ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
>>   1969-12-31 19:00:00.0 -0500
>> +++ 
>> ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
>>   2019-11-01 19:01:50.0 -0400
>> @@ -0,0 +1,48 @@
>> +From cd34bcc48a2af92f484535b81fba2d46dad1dbb6 Mon Sep 17 00:00:00 2001
>> +From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= 
>> +Date: Thu, 10 Oct 2019 11:07:51 -0400
>> +Subject: [PATCH] respect Linux capabilities(7) in cache
>> +
>> +The default GNU tar configuration does not carry fancy extended
>> +attributes and that is where, among other things, stuff like Linux
>> +capabilities(7) are stored. This is kind of important because that's
>> +how ping(8) works for regular users.
>> +
>> +We shove --selinux and --acls in there while we're at it, because why
>> +not. We never know what the future might bring, and it seems
>> +silly *not* to create a complete archive.
>> +
>> +Note that --xattrs-include='*' is important because, by default, GNU
>> +tar will not include capabilities /even/ if --xattrs is specified on
>> +the commandline, see this bug report for details:
>> +
>
> I'm a bit uneasy about a blanket "include all", to be honest.  It's
> probably harmless since it's all coming straight out of debootstrap, but
> I'd have been happier with something like "include security.*" if that's
> what we expect to see.

What kind of problems would you expect with including too many ACLs?

A.

-- 
Qui vit sans folie n'est pas si sage qu'il croit.
- François de La Rochefoucauld

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

2019-11-23 Thread Julien Cristau

On Mon, Nov 11, 2019 at 10:40:58AM -0500, Antoine Beaupre wrote:
> diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog 
> ganeti-instance-debootstrap-0.16/debian/changelog
> --- ganeti-instance-debootstrap-0.16/debian/changelog 2018-06-20 
> 06:57:18.0 -0400
> +++ ganeti-instance-debootstrap-0.16/debian/changelog 2019-11-01 
> 19:01:50.0 -0400
> @@ -1,3 +1,10 @@
> +ganeti-instance-debootstrap (0.16-6.1) unstable; urgency=medium

Version number and distribution don't look right.

> +
> +  * Non-maintainer upload
> +  * add patch to respect linux caps (Closes: #942114)
> +
> + -- Antoine Beaupré   Fri, 01 Nov 2019 19:01:50 -0400
> +
>  ganeti-instance-debootstrap (0.16-6) unstable; urgency=medium
>  
>* Bump Standards-Version to 4.1.4; no changes needed
> diff -Nru 
> ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
>  
> ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
> --- 
> ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
>1969-12-31 19:00:00.0 -0500
> +++ 
> ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
>2019-11-01 19:01:50.0 -0400
> @@ -0,0 +1,48 @@
> +From cd34bcc48a2af92f484535b81fba2d46dad1dbb6 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= 
> +Date: Thu, 10 Oct 2019 11:07:51 -0400
> +Subject: [PATCH] respect Linux capabilities(7) in cache
> +
> +The default GNU tar configuration does not carry fancy extended
> +attributes and that is where, among other things, stuff like Linux
> +capabilities(7) are stored. This is kind of important because that's
> +how ping(8) works for regular users.
> +
> +We shove --selinux and --acls in there while we're at it, because why
> +not. We never know what the future might bring, and it seems
> +silly *not* to create a complete archive.
> +
> +Note that --xattrs-include='*' is important because, by default, GNU
> +tar will not include capabilities /even/ if --xattrs is specified on
> +the commandline, see this bug report for details:
> +

I'm a bit uneasy about a blanket "include all", to be honest.  It's
probably harmless since it's all coming straight out of debootstrap, but
I'd have been happier with something like "include security.*" if that's
what we expect to see.

Cheers,
Julien

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

2019-11-11 Thread Antoine Beaupre

Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian@packages.debian.org
Usertags: pu

ganeti-instance-debootstrap (GID) has a RC bug (grave) affecting
buster (#942114). I uploaded a minimal package to unstable to fix this
problem which has now trickled down into testing and that I think
would be important to include in the next point release.

The attached patch describes the current diff between stable and
testing. All it does is include a patch that changes the `tar` call to
store more information in the cache file so that "special" properties
(like capabilities) are properly stored across installs.

We've been running this patch in production for a few weeks at tor
without any problems.

A.

-- System Information:
Debian Release: 10.1
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable'), (1, 'experimental'), (1, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog 
ganeti-instance-debootstrap-0.16/debian/changelog
--- ganeti-instance-debootstrap-0.16/debian/changelog   2018-06-20 
06:57:18.0 -0400
+++ ganeti-instance-debootstrap-0.16/debian/changelog   2019-11-01 
19:01:50.0 -0400
@@ -1,3 +1,10 @@
+ganeti-instance-debootstrap (0.16-6.1) unstable; urgency=medium
+
+  * Non-maintainer upload
+  * add patch to respect linux caps (Closes: #942114)
+
+ -- Antoine Beaupré   Fri, 01 Nov 2019 19:01:50 -0400
+
 ganeti-instance-debootstrap (0.16-6) unstable; urgency=medium
 
   * Bump Standards-Version to 4.1.4; no changes needed
diff -Nru 
ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
 
ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
--- 
ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
 1969-12-31 19:00:00.0 -0500
+++ 
ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
 2019-11-01 19:01:50.0 -0400
@@ -0,0 +1,48 @@
+From cd34bcc48a2af92f484535b81fba2d46dad1dbb6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= 
+Date: Thu, 10 Oct 2019 11:07:51 -0400
+Subject: [PATCH] respect Linux capabilities(7) in cache
+
+The default GNU tar configuration does not carry fancy extended
+attributes and that is where, among other things, stuff like Linux
+capabilities(7) are stored. This is kind of important because that's
+how ping(8) works for regular users.
+
+We shove --selinux and --acls in there while we're at it, because why
+not. We never know what the future might bring, and it seems
+silly *not* to create a complete archive.
+
+Note that --xattrs-include='*' is important because, by default, GNU
+tar will not include capabilities /even/ if --xattrs is specified on
+the commandline, see this bug report for details:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=771927
+---
+ create | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/create b/create
+index 607bab2..7526e71 100755
+--- a/create
 b/create
+@@ -83,7 +83,7 @@ if [ "$CLEAN_CACHE" -a -d "$CACHE_DIR" ]; then
+ fi
+ 
+ if [ -f "$CACHE_FILE" ]; then
+-  tar xf "$CACHE_FILE" -C $TMPDIR
++  tar --acls --selinux --xattrs --xattrs-include='*' -x -f "$CACHE_FILE" -C 
$TMPDIR
+ else
+   if [ "$PROXY" ]; then
+ export http_proxy="$PROXY"
+@@ -109,7 +109,7 @@ else
+ 
+   if [ "$GENERATE_CACHE" = "yes" ]; then
+ TMP_CACHE=`mktemp "${CACHE_FILE}.XX"`
+-tar cf "$TMP_CACHE" -C $TMPDIR .
++tar --acls --selinux --xattrs --xattrs-include='*' -c -f "$TMP_CACHE" -C 
$TMPDIR .
+ mv -f "$TMP_CACHE" "$CACHE_FILE"
+   fi
+ fi
+-- 
+2.20.1
+
diff -Nru ganeti-instance-debootstrap-0.16/debian/patches/series 
ganeti-instance-debootstrap-0.16/debian/patches/series
--- ganeti-instance-debootstrap-0.16/debian/patches/series  2018-06-20 
06:57:18.0 -0400
+++ ganeti-instance-debootstrap-0.16/debian/patches/series  2019-11-01 
19:01:50.0 -0400
@@ -1 +1,2 @@
+respect-Linux-capabilities-7-in-cache.patch
 fix-sfdisk-BLKRRPART.patch

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

8 matches

Site Navigation

Mail list logo

Footer information