Bug#745082: fakechroot: chfn in a fakechroot environment
control: reassign -1 src:fakechroot This was thought to be a debootstrap bug for a while, but it originates in fakechroot. I applied upstream's recent fix, patch attached, and tested that debootstrap now works with the modified fakechroot: $ sudo dpkg -i sudo dpkg -i fakechroot_2.17.2-1.1_all.deb libfakechroot_2.17.2-1.1_amd64.deb $ fakechroot fakeroot debootstrap --variant=fakechroot unstable [...] I: Base system installed successfully. Best wishes, Mike diff -Nru fakechroot-2.17.2/debian/changelog fakechroot-2.17.2/debian/changelog --- fakechroot-2.17.2/debian/changelog 2013-12-24 20:04:16.0 + +++ fakechroot-2.17.2/debian/changelog 2015-10-18 03:51:18.0 + @@ -1,3 +1,10 @@ +fakechroot (2.17.2-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add empty audit_log_acct_message (closes: #745082). + + -- Michael GilbertSun, 18 Oct 2015 03:46:22 + + fakechroot (2.17.2-1) unstable; urgency=low * New upstream release. diff -Nru fakechroot-2.17.2/debian/patches/audit.patch fakechroot-2.17.2/debian/patches/audit.patch --- fakechroot-2.17.2/debian/patches/audit.patch 1970-01-01 00:00:00.0 + +++ fakechroot-2.17.2/debian/patches/audit.patch 2015-10-18 03:50:40.0 + @@ -0,0 +1,32 @@ +description: add empty audit_log_acct_message +bug-debian: http://bugs.debian.org/745082 + +--- /dev/null b/src/audit_log_acct_message.c +@@ -0,0 +1,16 @@ ++/* ++ * Copyright (C) 2015 JH Chatenet ++ * ++ * Licensed under the LGPL v2.1. ++*/ ++ ++ ++#include ++ ++#include "libfakechroot.h" ++ ++ ++wrapper(audit_log_acct_message, int, (int audit_fd, int type, const char *pgname, const char *op, const char *name, unsigned int id, const char *host, const char *addr, const char *tty, int result)) ++{ ++return 0; ++} +--- a/src/Makefile.am b/src/Makefile.am +@@ -28,6 +28,7 @@ libfakechroot_la_SOURCES = \ + _xftw64.c \ + access.c \ + acct.c \ ++audit_log_acct_message.c \ + bind.c \ + bindtextdomain.c \ + canonicalize_file_name.c \ diff -Nru fakechroot-2.17.2/debian/patches/series fakechroot-2.17.2/debian/patches/series --- fakechroot-2.17.2/debian/patches/series 2013-12-24 17:56:39.0 + +++ fakechroot-2.17.2/debian/patches/series 2015-10-18 03:36:33.0 + @@ -1,2 +1,3 @@ # series file Export-V-variable-so-it-can-be-changed-with-config.patch +audit.patch
Bug#745082: fakechroot: chfn in a fakechroot environment
Package: fakechroot Version: 2.17.2-1 Severity: normal Tags: patch Dear Maintainer, The command chfn fails in a fakechroot environment : it is setuid root, and the variable LD_LIBRARY_PATH is ignored. As a result, it tries to alter /etc/passwd outside of the (fake)chroot and fails because of insufficient permissions. This prevents the installation of avahi-daemon, colord, usbmuxd and logcheck : # aptitude install avahi-daemon ... Setting up avahi-daemon (0.6.31-4) ... chfn: PAM: System error adduser: `/usr/bin/chfn -f Avahi mDNS daemon avahi' returned error code 1. Exiting. dpkg: error processing package avahi-daemon (--configure): subprocess installed post-installation script returned error exit status 1 ... (in the (fake)chroot : # cat /usr/sbin/policy-rc.d #!/bin/sh exit 101 # cat /sbin/start-stop-daemon #!/bin/sh echo echo Warning: Fake start-stop-daemon called, doing nothing) Is it possible to add a replacement for chfn ? Here is a (unoptimized !) example : it just changes /etc/passwd inside of the (fake)chroot (no need of setuid/setgid). Regards, JH Chatenet *** rustine14.patch diff -Naur a/scripts/chfn.fakechroot.sh b/scripts/chfn.fakechroot.sh --- a/scripts/chfn.fakechroot.sh1970-01-01 01:00:00.0 +0100 +++ b/scripts/chfn.fakechroot.sh2014-04-14 21:51:42.0 +0200 @@ -0,0 +1,181 @@ +#!@SHELL@ + +# chfn +# +# Replacement for chfn command which changes a gecos field in +# etc/passwd under the (fake)chroot. There is no locking and no permission check. + +which_option() { + option_name=$1 + option_value=$2 + case $option_name in + -f|--full-name) + has_new_name=1 + new_name=$(echo $option_value|tr -d ':,=') + ;; + -h|--home-phone) + has_new_home_phone=1 + new_home_phone=$(echo $option_value|tr -d ':,=') + ;; + -o|--other) + has_new_other=1 + new_other=$(echo $option_value|tr -d ':') + ;; + -r|--room) + has_new_room=1 + new_room=$(echo $option_value|tr -d ':,=') + ;; + -R|--root) + has_root=1 + root=$option_value + ;; + -w|--work-phone) + has_new_work_phone=1 + new_work_phone=$(echo $option_value|tr -d ':,=') + ;; + esac +} + +parse_gecos_field() { + gecos_field=$1 + + old_name=${gecos_field%%,*} + gecos_field=${gecos_field#$old_name} + + if [ -z $gecos_field ]; then + return + else + gecos_field=${gecos_field#,} + fi + + old_room=${gecos_field%%,*} + gecos_field=${gecos_field#$old_room} + gecos_field=${gecos_field#,} + + old_work_phone=${gecos_field%%,*} + gecos_field=${gecos_field#$old_work_phone} + gecos_field=${gecos_field#,} + + old_home_phone=${gecos_field%%,*} + gecos_field=${gecos_field#$old_home_phone} + gecos_field=${gecos_field#,} + + if [ -n $gecos_field ]; then + has_old_other=1 + old_other=$gecos_field + fi +} + +while [ $# -gt 0 ]; do + case $1 in + -u|--help) + echo fakechroot : replacement of chfn + chfn -u + exit 0 + ;; + -f|--full-name|-h|--home-phone|-o|--other|-r|--room|-R|--root|-w|--work-phone) + option_name=$1 + option_value=$2 + which_option $option_name $option_value + shift 2 + ;; + --full-name=*|--home-phone=*|--other=*|--room=*|--root=*|--work-phone=*) + option_name=${1%%=*} + option_value=${1#*=} + which_option $option_name $option_value + shift + ;; + -f*|-h*|-o*|-r*|-R*|-w*) + option_value=${1#-?} + option_name=${1%$option_value} + which_option $option_name $option_value + shift + ;; + --) + shift + break + ;; + *) + break + ;; + esac +done + +if [ $# -gt 0 ]; then + user=$1 +else + user=$(id -u -n) +fi + + +# Where is the root ? +if [ -n $root ]; then + if [ ${root#/} != $root ]; then + root=${FAKECHROOT_BASE_ORIG}${root} + fi +else + root=$FAKECHROOT_BASE_ORIG +fi + +if [ ! -e $root/etc/passwd ]; then + echo