Bug#952448: closed by Manoj Srivastava (ucf has /bin/bash shebangs but does not depend on bash)
Hi Manoj, In this context, I am extending minimal third-party Docker images with an internal tool for building images reproducibly. Images based on Debian don't always include bash because even though it is officially "essential", it isn't always strictly needed by the one thing that the image will run. My tool installs packages from a single flat list. I don't mind adding bash to this list if it is really needed but without an explicit dependency, there is no guarantee that it will be installed before ucf. This matters because the ucf package tries to invoke bash at configure time, not just at runtime. As a distribution maintainer myself, I can appreciate that policy and convention are important so I'm not asking you to go against that. The scripts don't even appear to need bash in the first place so this whole problem could be avoided by simply changing the shebangs. Regards, James pgpOe2LLqNoG1.pgp Description: OpenPGP digital signature
Bug#952451: Info received (Bug#952451: exim4-config: Installing exim4-config before util-linux prevents configuration from ever working)
I thought I'd have a shot at this myself. Patching this one line fixes the
problem. Please adjust as you see fit.
Regards,
James
--- exim4-config.config 2020-02-14 15:02:05.0 +
+++ exim4-config.config.new 2020-02-25 09:41:17.655030803 +
@@ -123,7 +123,7 @@
db_set exim4/dc_localdelivery \
"$(convert_transport_to_long ${dc_localdelivery})"
fi
- db_fset "exim4/dc_other_hostnames" mailname "${dc_mailname_in_oh}"
+ db_fset "exim4/dc_other_hostnames" mailname
"${dc_mailname_in_oh:-false}"
}
# ipv6: replace double colons in colon-separated host lists with umlaut-o
Bug#952451: exim4-config: Installing exim4-config before util-linux prevents configuration from ever working
On Mon, Feb 24, 2020 at 05:57:30PM +0100, Marc Haber wrote: > On Mon, Feb 24, 2020 at 04:50:20PM +0000, James Le Cuirot wrote: > > It only successfully configures after deleting > > /etc/exim4/update-exim4.conf.conf. Presumably the blank entries as seen > > below are throwing the script off. I suggest making the script more > > resilient and possibly adding a dependency on util-linux. > > util-linux is Essential: yes, and packages SHOULD not declare > dependencies on Essential packages unless they need a certain version > (Policy 3.5). That is reasonable and apologies for not being familiar with Debian packaging policies. I come from Gentoo and we have a similar concept. Nevertheless, I feel that the script should be able to recover from this situation. There may be other reasons why these fields end up blank. Regards, James
Bug#952451: exim4-config: Installing exim4-config before util-linux prevents configuration from ever working
Package: exim4-config Version: 4.93-11 Severity: normal Dear Maintainer, util-linux is generally expected to be installed but it may be missing from some minimal container images. Attempting to install exim4-config before util-linux results in the following because getopt is missing. Setting up exim4-config (4.93-11) ... Adding system-user for exim (v4) /usr/sbin/update-exim4defaults: 82: getopt: not found Terminating... dpkg: error processing package exim4-config (--configure): installed exim4-config package post-installation script subprocess returned error exit status 1 Errors were encountered while processing: exim4-config After installing util-linux, the error changes to this. Setting up exim4-config (4.93-11) ... dpkg: error processing package exim4-config (--configure): installed exim4-config package post-installation script subprocess returned error exit status 20 Errors were encountered while processing: exim4-config Setting EX4DEBUG=1 reveals where it fails. + IFS= + printf %s\n FSET exim4/dc_other_hostnames mailname + IFS= + read -r _db_internal_line + IFS= + RET=20 Incorrect number of arguments + return 20 It only successfully configures after deleting /etc/exim4/update-exim4.conf.conf. Presumably the blank entries as seen below are throwing the script off. I suggest making the script more resilient and possibly adding a dependency on util-linux. Regards, James -- Package-specific info: # /etc/exim4/update-exim4.conf.conf # # Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config' # # Please note that this is _not_ a dpkg-conffile and that automatic changes # to this file might happen. The code handling this will honor your local # changes, so this is usually fine, but will break local schemes that mess # around with multiple versions of the file. # # update-exim4.conf uses this file to determine variable values to generate # exim configuration macros for the configuration file. # # Most settings found in here do have corresponding questions in the # Debconf configuration, but not all of them. # # This is a Debian specific file dc_eximconfig_configtype= dc_other_hostnames= dc_local_interfaces= dc_readhost= dc_relay_domains= dc_minimaldns= dc_relay_nets= dc_smarthost= CFILEMODE= dc_use_split_config= dc_hide_mailname= dc_mailname_in_oh= dc_localdelivery= -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.10.0-1062.12.1.el7.x86_64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages exim4-config depends on: ii adduser3.118 ii debconf [debconf-2.0] 1.5.73 exim4-config recommends no packages. exim4-config suggests no packages. -- debconf information: exim4/dc_readhost: exim4/dc_eximconfig_configtype: local delivery only; not on a network exim4/dc_local_interfaces: 127.0.0.1 ; ::1 exim4/use_split_config: false exim4/dc_relay_nets: exim4/dc_localdelivery: mbox format in /var/mail/ exim4/dc_minimaldns: false exim4/mailname: ae83f2afb63b exim4/exim4-config-title: exim4/dc_relay_domains: exim4/dc_postmaster: exim4/hide_mailname: exim4/no_config: true exim4/dc_smarthost: exim4/dc_other_hostnames: ae83f2afb63b
Bug#952448: ucf has /bin/bash shebangs but does not depend on bash
Package: ucf Version: 3.0038+nmu1 Severity: normal Dear Maintainer, All the scripts installed by ucf have a /bin/bash shebang but the package does not depend on bash. This can be an issue on minimal Debian-based container images, where bash may not be present. In my case, the unattended-upgrades package failed to configure. Glancing at the scripts, there don't appear to be any Bashisms so perhaps these could be replaced with /bin/sh instead but I don't mind either way. I have not included any system information as I am only using throw-away container images and I have verified that this issue is still present in the latest sources. Regards, James
Bug#778664: pam_tty_audit: Cannot make/remove an entry for the specified session
This issue is apparently fixed in Linux-PAM 1.2.0. We're still stuck on 1.1.8 while 1.3.0 was released over a year ago. It sucks that Stretch is going to ship with this old and broken release.
Bug#807033: modsecurity-crs: libapache2-mod-security2 dependency unhelpful for nginx
Package: modsecurity-crs Version: 2.2.9-1 Severity: normal Dear Maintainer, Although Debian's nginx packages do not support ModSecurity, it would be helpful to users who have built their own (which is not uncommon for nginx) if this rule set package could be installed without unnecessarily dragging in Apache. What few references to Apache there are point to /usr/local/apache so they are invalid anyway. You may have read that a ModSecurity configuration for nginx needs to be concatenated into a single file but this is no longer the case. It now supports an Include directive. Regards, James Le Cuirot -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#708000: Include this in Jessie?
Hello, I'm not familiar with Debian's stabilisation process but it would be good if this fix could be pushed to Jessie. It is the key to using F2FS as a root filesystem because fsck.f2fs currently does not like the filesystem being mounted at all. Some manual steps are still required, of course, but this was the biggest barrier. If anyone wishes to try this, you need to disable the check for root in /etc/fstab and add f2fs to /etc/initramfs-tools/modules before regenerating the initramfs. Regards, James -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#389591: ITP: freeswitch -- Modular Media Switching Software Library and Soft-Switch Application
Since Ken posted above, I have done a lot more work to make this happen. Please note that I am not (usually) a Debian user but we do have a mutual interest in seeing these libraries unbundled. Patches to optionally unbundle PCRE and Speex will almost certainly be merged soon. libedit also looks likely but I am waiting on a non-critical bug fix from upstream. Unbundling SQLite is very controversial but heavy duty tests are being run as I type to determine whether the upstream version really causes memory corruption. Once this first round of patches is out of the way, I may look at unbundling other libraries, time permitting, but some are simply not feasible. You can follow progress at: http://jira.freeswitch.org/browse/FS-353 Regards, James -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#431048: suexec permissions are DANGEROUS
Package: apache2.2-common Version: 2.2.3-4 Excuse me for being a little irate here but unless I'm being rather stupid this morning, and I have asked for a second opinion, the default permissions for suexec are not only wrong but very DANGEROUS. Andreas Fuchs warned about this in the last message of #395828 but this message was seemingly ignored. The permissions that were given on my new amd64 Etch installation were... -rwsr-xr-x 1 root root 12472 2007-03-27 14:03 /usr/lib/apache2/suexec This allows ANYONE to run suexec as root. I can't believe this has slipped through. As the Apache docs very clearly state over at http://httpd.apache.org/docs/2.2/suexec.html, they should be set with... chgrp www-data /usr/lib/apache2/suexec chmod 4750 /usr/lib/apache2/suexec Which would result in... -rwsr-x--- 1 root www-data 12472 2007-03-27 14:03 /usr/lib/apache2/suexec Now only www-data can run suexec as root. PLEASE fix this immediately. Regards, James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
