Source: libreswan
Version: 5.2-2.4
Usertags: pidof-without-procps
Dear maintainer(s) of libreswan,
it appears that libreswan uses `pidof` in its testsuite, or that
at least one of its binary packages uses `pidof` at runtime.
Historically, `pidof` was provided by the Essential package
`sysvinit-tools`, making an explicit dependency unnecessary. However
`pidof` will soon be moved to `procps` and will no longer be part of
the Essential set.
Please add an explicit dependency on `procps`:
* via the `Depends:` field of all binary packages of libreswan
that use `pidof` at runtime;
* via the `Build-Depends:` field of libreswan, if `pidof` is
used in tests run at build-time;
* via the `Depends:` field of `debian/control/tests`, if `pidof` is
used in autopkgtests.
To prevent any disruption for users of libreswan, please add
this dependency now, before `pidof` is moved from `sysvinit-utils` to
`procps`. Alternatively, you could remove all uses of `pidof`.
It is believed that libreswan uses `pidof` due to the following
code snippets:
```
path:
libreswan_5.2-2.4/testing/pluto/ikev2-labeled-ipsec-03-multi-acquires-rekey/west.console.txt
:
ipsec whack --shutdown
pidof pluto
PASS: shutting down pluto
:
path: libreswan_5.2-2.4/testing/guestbin/swan-install
fi
pidof pluto >/dev/null && ipsec setup stop 2> /dev/null
targets="install-base module_install"
path: libreswan_5.2-2.4/testing/utils/nsrun
if killrest:
me = os.getpid()
zombie_pids = subprocess.getoutput("pidof %s" % name)
for pid in (zombie_pids.split()):
if int(pid) != int(me):
path: libreswan_5.2-2.4/testing/utils/nsrun
def kill_zombie_tcpdump(signal=1):
pids = subprocess.getoutput("pidof tcpdump")
for pid in (pids.split()):
gentle_kill(pid, "tcpdump", signal)
path: libreswan_5.2-2.4/testing/pluto/seccomp-01-enabled/westrun.sh
ipsec whack --seccomp-crashtest & disown ; sleep 2
# pluto should not be running anymore
pidof pluto
# one entry of SECCOMP activating should show up in the log
ausearch -r -m seccomp -ts boot | sed "s/ip=.*/ip=XXX/"
path: libreswan_5.2-2.4/testing/pluto/seccomp-01-enabled/westrun.sh
ipsec auto --down nss-cert
# pluto should still be running
pidof pluto > /dev/null || echo not running?
# whack socket will hang because pluto is expected to die
ipsec whack --seccomp-crashtest & disown ; sleep 2
path: libreswan_5.2-2.4/testing/pluto/seccomp-01-enabled/west.console.txt
# pluto should not be running anymore
west #
pidof pluto
west #
# one entry of SECCOMP activating should show up in the log
path: libreswan_5.2-2.4/testing/pluto/seccomp-01-enabled/west.console.txt
# pluto should still be running
west #
pidof pluto > /dev/null || echo not running?
west #
# whack socket will hang because pluto is expected to die
path: libreswan_5.2-2.4/testing/guestbin/post-mortem.sh
FAIL
pluto=false
elif RUN pidof pluto ; then
FAIL
pluto=false
path: libreswan_5.2-2.4/testing/utils/swantest
# kill any lingering tcpdumps for the entire KVM runs.
def kill_zombie_tcpdump(signal=1):
pids = subprocess.getoutput("pidof tcpdump")
for pid in (pids.split()):
gentle_kill(pid, "tcpdump", signal)
path: libreswan_5.2-2.4/testing/utils/swantest
#setproctitle.setproctitle(proctitle)
me = os.getpid()
zombie_pids = subprocess.getoutput("pidof %s" % proctitle)
for pid in (zombie_pids.split()):
if int(pid) != int(me):
path:
libreswan_5.2-2.4/testing/pluto/ikev2-labeled-ipsec-03-multi-acquires-permissive/west.console.txt
:
ipsec whack --shutdown
pidof pluto
PASS: shutting down pluto
:
path:
libreswan_5.2-2.4/testing/pluto/ikev2-labeled-ipsec-03-multi-acquires-permissive/east.console.txt
:
ipsec whack --shutdown
pidof pluto
PASS: shutting down pluto
:
path: libreswan_5.2-2.4/programs/_stackmanager/_stackmanager.in
start_xfrm() {
# in case pluto crashed
if pidof pluto > /dev/null; then
: pluto is running, skip cleanup
else
path: libreswan_5.2-2.4/testing/guestbin/ipsecstop.sh
: ==== cut ====
pidof pluto && ipsec stop
(../bin/check-for-core.sh | tee OUTPUT/`hostname`.core.txt | grep "CORE FOUND")
|| rm OUTPUT/`hostname`.core.txt
grep "leak:" tmp/pluto.log > OUTPUT/leakdetect.txt
path: libreswan_5.2-2.4/testing/pluto/ikev2-fuzzer-01/ikev2-fuzzing-scanner.sh
echo "# len $RESULT" >> ${dfile}
pidof pluto | grep $plutopid >> ${dfile}
ipsec status >> ${dfile}
echo "#dmesg " >> ${dfile}
path: libreswan_5.2-2.4/testing/pluto/ikev2-fuzzer-01/ikev2-fuzzing-scanner.sh
pl="${prefix}${size}${string}"
echo "${pl}" | xxd -r -p | nc -u $IP 500 || echo "expect error"
(pidof pluto | grep ${plutopid} > /dev/null) || echo "pluto crashed?"
ipsec status 2>/dev/null > /dev/null
ipsec stop
path: libreswan_5.2-2.4/testing/docker/bash_profile
alias rebuild='D=$PWD; cd /home/build/libreswan; ipsec stop; rm -fr
/home/build/libreswan/OBJ*; make install-base; cd $D'
alias remake='D=$PWD; cd /home/build/libreswan; ipsec stop; make install-base;
cd $D'
alias gdbp='gdb -p `pidof pluto`'
path: libreswan_5.2-2.4/testing/guestbin/swan-prep
# for some reason this fails to stop strongswan?
subprocess.call(["systemctl", "stop", "strongswan"])
# python has no pidof - just outsource to the shell, thanks python!
for dname in ( "pluto", "charon", "starter", "iked" ):
try:
path:
libreswan_5.2-2.4/testing/pluto/ikev2-labeled-ipsec-03-multi-acquires-rekey/east.console.txt
:
ipsec whack --shutdown
pidof pluto
PASS: shutting down pluto
:
path: libreswan_5.2-2.4/programs/_updown.xfrm/_updown.xfrm.in
return ${rc}
fi
if [ -n "$(pidof unbound)" -a \
-n "${PLUTO_PEER_DNS_INFO}" -a \
-n "${PLUTO_PEER_DOMAIN_INFO}" ]
path: libreswan_5.2-2.4/testing/docker/Dockerfile
RUN printf 'export TERM=xterm\nexport EDITOR=vim\n' >
/etc/profile.d/docker_exec_hack.sh
RUN printf "alias rebuild='D=`pwd`; cd /home/build/libreswan; ipsec stop; make
install-base; cd $D'\n" >> /root/.bash_profile
RUN printf "alias gdbp='gdp -p `pidof pluto`'\n" >> /root/.bash_profile
RUN dnf -y update; dnf clean all
```
Feel free to close this issue if this is a false positive (for example
if this code is in an unreachable code path).
Regards,
--
Gioele Barabucci
