Your message dated Fri, 14 Mar 2025 15:04:34 +0000
with message-id <[email protected]>
and subject line Bug#1062204: fixed in patroni 4.0.4-8
has caused the Debian Bug report #1062204,
regarding Newly-created clusters have restrictive postgresql.conf permissions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1062204: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062204
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: patroni
Version: 3.2.2-1
When Patroni creates a new PostgreSQL cluster, the postgresql.conf file in
/etc/patroni/<version>/<cluster> ends up without world read permission.
This means that tools that use pg_wrapper (such as /usr/bin/psql) can't
find the cluster's port number and don't work by default.
I think this problem was introduced by this upstream commit:
https://github.com/zalando/patroni/commit/01d07f86cd525c0f324074ee026faf6d7f179839
But I'm not sure if it's an upstream bug, or a latent flaw in the Debian
packaging.
To reproduce:
On a fresh Debian system, install patroni, postgresql, and etcd-server.
Configure /etc/patroni/dcs.yml as shown below.
# systemctl stop postgresql@16-main
# pg_dropcluster 16 main
# pg_createconfig_patroni 16 test
# systemctl start patroni@16-test
# pg_isready
/var/run/postgresql/:5432 - accepting connections
# adduser user
(press Return lots)
# su - user
$ pg_isready
Error: Invalid data directory for cluster 16 test
If I change the permissions on /etc/postgresql/16/test/postgresql.conf
from 600 to 644 then pg_isready works as the unprivileged user.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.13-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages patroni depends on:
ii python3 3.11.6-1
ii python3-cdiff 1.0-1.1
ii python3-click 8.1.6-1
ii python3-dateutil 2.8.2-3
ii python3-etcd 0.4.5-4
ii python3-pkg-resources 68.1.2-2
ii python3-prettytable 3.6.0-1
ii python3-psutil 5.9.8-1
ii python3-psycopg2 2.9.9-1+b1
ii python3-urllib3 1.26.18-2
ii python3-yaml 6.0.1-2
Versions of packages patroni recommends:
ii iproute2 6.7.0-2
Versions of packages patroni suggests:
ii etcd-server 3.4.23-4+b8
pn haproxy <none>
pn patroni-doc <none>
ii postgresql 16+256
pn vip-manager <none>
-- Configuration Files:
/etc/patroni/dcs.yml changed:
etcd3:
host: 127.0.0.1:2379
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: patroni
Source-Version: 4.0.4-8
Done: Michael Banck <[email protected]>
We believe that the bug you reported is fixed in the latest version of
patroni, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Banck <[email protected]> (supplier of updated patroni package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 14 Mar 2025 14:47:32 +0100
Source: patroni
Architecture: source
Version: 4.0.4-8
Distribution: unstable
Urgency: medium
Maintainer: Debian PostgreSQL Maintainers <[email protected]>
Changed-By: Michael Banck <[email protected]>
Closes: 1062204 1095776
Changes:
patroni (4.0.4-8) unstable; urgency=medium
.
* debian/tests/acceptance: Make sure subsequent runs of the acceptance tests
do not fail due to left-over directories or files with different owners.
* debian/tests/control: Remove needs-root from etcd acceptance tests.
* debian/tests/control: Switch basic_replication acceptance test from etcd to
etcd3.
* debian/tests/control: Remove flaky from all acceptance tests except
zookeeper.
* debian/control (Build-Depends): Added python3-setuptools (Closes:
#1095776).
* debian/patches/fix_conffile_perms.patch: New patch, fixes the
postgresql.conf permissions, taken from upstream commit a3c772d (Closes:
#1062204).
* debian/patches/cleanup_after_unittests.patch: New patch, cleans up leftover
data directories after running the unit tests, taken from upstream commit
626e81d.
Checksums-Sha1:
b9a2ef62bb557151adbc77e12acfca7f34c1a76b 2870 patroni_4.0.4-8.dsc
7d3a7d9df64495c905da82341a31a58dde783499 28188 patroni_4.0.4-8.debian.tar.xz
7e9ac1d84374ca5bf876be4d43202c8bfb0ff4bb 10483 patroni_4.0.4-8_source.buildinfo
Checksums-Sha256:
63e590e7550ab725cd166fdd42534b3e483609c4160d35a56d9bfe9692fcd707 2870
patroni_4.0.4-8.dsc
4fe1d3dd4359827e836c26b97d80a1499582c2ab319967197ba8bec74860de42 28188
patroni_4.0.4-8.debian.tar.xz
01397c4227df4e5b42eb1e46323e811b593d71bb779e8656b5bf08aac7df9a0e 10483
patroni_4.0.4-8_source.buildinfo
Files:
a0342812702bb8cf1b5cae45f7ec19ca 2870 database optional patroni_4.0.4-8.dsc
777874aa7b6ecdbc0ab1602cb6b2d879 28188 database optional
patroni_4.0.4-8.debian.tar.xz
3d7e3ff1e8cbe512b38c388cea72132a 10483 database optional
patroni_4.0.4-8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEnKh3dJ+rLk+paGLs3GhqJ7Q0gbAFAmfUM4UACgkQ3GhqJ7Q0
gbCbeRAAipoT6YPeNpfZZFxGDL4wBnx6nVO0l+pj2gWNpUyU+3lo8Gv3pdd8FNrc
ob2E7aAMb+B2zJ9RPJiaqRuFnaff/euI7VtsYdyHuiuKaF8203+1hp9D9ATGYcsf
eImBZT1aw2o9L83vmEdR7zuMw3ym3a89mCJBxVPBfwFwudskB5y4PJGgp3S8xQSy
ecqgZ1l+UkbLdeeac0/GQyptV3U2C8L/JN0lN6Wz3Aal3Oss/dW1HkCFAsRDwzZ6
wkmhxVvpwVIiT0/TO0uicVa4nb+qXN7ovePPDhp6T9JWofRqmyyoMiKoJuOafXHU
f8cM8Ln97AZ+EbCupBPc2JlDX80jcJJ7532XtUysU/Jsb1NXFu5ilF1WrrH0SYHt
74srgtuy8yAI5r5jrZWsXJUfJPuU/IwAYTO61sBMynq/7lsIOd35Nd60OXZ2m9w9
fGUDWR1IJj+hAcmpjudOqXKy6V4DbgwbGQUwOiDM0dsTTIOGs51oYiQSjiJyeP+z
IzMIaciLzmKHKPzaKiIzImr0vpbUhmWZUdMa7FjroQa1rI51Q+u5eCcqE8kUIlKS
OssXQX2MJT0M48ty2i+i7bfuq2FgzVyBZKgcLnAEV0Tz+EgW92Yamftx/zcQziRt
ut9AY0UxSGU4Vx1VRBZ4vyqXRWU6MhP74Xt8aXvmJbxjqAjJwHg=
=JmCL
-----END PGP SIGNATURE-----
pgpWerL8aZoJj.pgp
Description: PGP signature
--- End Message ---
