[Pkg-utopia-maintainers] Bug#989137: marked as done (cockpit-ws: No sysvinit script)

[Debian Bug Tracking System]

Your message dated Wed, 26 May 2021 16:10:14 +0200
with message-id <yk5wxi2+qmyyy...@piware.de>
and subject line Re: Bug#989137: cockpit-ws: No sysvinit script
has caused the Debian Bug report #989137,
regarding cockpit-ws: No sysvinit script
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
989137: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989137
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: cockpit-ws
Version: 188-1
Severity: normal
Tags: patch

Dear Maintainer,

Here is a patch for a sysvinit script.

-- System Information:
Debian Release: 10.9
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit
LSM: AppArmor: enabled

Versions of packages cockpit-ws depends on:
ii  adduser             3.118
ii  glib-networking     2.58.0-2+deb10u2
ii  libc6               2.28-10
ii  libglib2.0-0        2.58.3-2+deb10u2
ii  libgssapi-krb5-2    1.17-3+deb10u1
ii  libjson-glib-1.0-0  1.4.4-2
ii  libkrb5-3           1.17-3+deb10u1
ii  libpam0g            1.3.1-5
ii  libsystemd0         241-7~deb10u7
ii  openssl             1.1.1d-0+deb10u6

cockpit-ws recommends no packages.

cockpit-ws suggests no packages.

-- no debconf information


#!/bin/sh
### BEGIN INIT INFO
# Provides:          cockpit
# Required-Start:    $local_fs $network $named $time $syslog
# Required-Stop:     $local_fs $network $named $time $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: cockpit management webserver
# Description:       cockpit management webserver
### END INIT INFO

cmd="/usr/sbin/remotectl certificate --ensure --user=root --group=cockpit-ws 
--selinux-type="
cmd1="/usr/lib/cockpit/cockpit-ws"
name=$(basename "$0")
pid_file="/var/run/$name.pid"
stdout_log="/var/log/$name.log"
stderr_log="/var/log/$name.err"

test -x "$cmd1" || exit 0

get_pid() {
    cat "$pid_file"
}

is_running() {
    [ -f "$pid_file" ] && ps -p "$(get_pid)" > /dev/null 2>&1
}

case "$1" in
    start) if is_running; then
               echo "Already started"
           else
               echo "Starting $name"
               $cmd >> "$stdout_log" 2>> "$stderr_log"
               $cmd1 >> "$stdout_log" 2>> "$stderr_log" &
               echo $! > "$pid_file"
               if ! is_running; then
                   echo "Unable to start, see $stdout_log and $stderr_log"
                   exit 1
               fi
           fi
           ;;
     stop) if is_running; then
               echo "Stopping $name.."
               kill "$(get_pid)"
               i=0
               while [ "$i" -lt 10 ]
               do
                   if ! is_running; then
                       break
                   fi
                   echo "."
                   sleep 1
                   i=$((i+1))
               done
               echo
               if is_running; then
                   echo "Not stopped; may still be shutting down or shutdown 
may have failed"
                   exit 1
               else
                   echo "Stopped"
                   if [ -f "$pid_file" ]; then
                       rm "$pid_file"
                   fi
               fi
           else
               echo "Not running"
           fi
           ;;
  restart) $0 stop
           if is_running; then
               echo "Unable to stop, will not attempt to start"
               exit 1
           fi
           $0 start
           ;;
   status) if is_running; then
               echo "Running"
           else
               echo "Stopped"
               exit 1
           fi
           ;;
        *) echo "Usage: $0 {start|stop|restart|status}"
           exit 1
           ;;
esac

exit 0

--- End Message ---

--- Begin Message ---

Hello Simon,

Simon Walter [2021-05-26 22:52 +0900]:
> Here is a patch for a sysvinit script.

Thanks for your efforts! However, I can't accept this:

It (probably) sort of works on Debian 10 with that rather old cockpit version,
but it's running the web server as root instead of cockpit-ws, and the web
server is by far the biggest attack vector in cockpit. Also, this would run the
cockpit web server all the time, instead of just on demand -- in such a case
I'd rather suggest using xinetd or something similar, to replace systemd's
socket activation.

More importantly, cockpit's pages make plenty of other assumptions about/calls
to systemd, so a lot of functionality will be broken.

More recent cockpit versions have a much more complex unit with
cockpit.{socket,service} controlling the cockpit-tls component, and that in
turn launches per-client-certificate cockpit-ws instances (as a separate user)
through systemd socket activation.  So this init script does not apply at all
to current versions, and there is no reasonable way how to write one.

So in summary, there is no way of running cockpit in a non-systemd/Linux
environment that I'd be willing to support. For these I'd rather recommend
looking at webmin, ebox, or similar project.

Thanks!

Martin

--- End Message ---

_______________________________________________
Pkg-utopia-maintainers mailing list
Pkg-utopia-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers