Bug#696424: Possible patch
Hi Salvatore Hi David On Thu, Jan 10, 2013 at 10:16:35AM +, David Weber wrote: Hi David On Mon, Jan 07, 2013 at 09:06:53AM +, David Weber wrote: Attached is the debdiff contianing these three refreshed for the version in unstable and testing. But I'm not yet ready to propose a NMU. Testing of the resulting package is welcome! Thanks for the debdiff! It works as expected: It creates the files with the right permissions without breaking functionality. A problem could be that the files aren't freshly created by a simple restart of the daemon. Should something be done about that? Some options could be: - Notify the user to stop libvirtd and sanlock and run rm /var/run/sanlock/sanlock.sock; rm /var/log/sanlock.log - Change the file permissions through the package update - Do nothing because most likely nobody uses sanlock on Debain atm. I have not a final answer here, but it might be easy to implement like libvirt-bin does in postint, mabye only conditionally checking (so doing it during package update from a 'broken' version): [...] if ! dpkg-statoverride --list /var/log/sanlock.log /dev/null 21; then # fix permissions fi [...] and the same for /var/run/sanlock/sanlock.sock. Great hint. I modified the patch in that way and also added the fix for #689696 Btw, after thinking about further on it: As both /var/log/sanlock.log and /var/run/sanlock/sanlock.sock are not files installed by the package, I think the check with dpkg-statoverride is in this case wrong! Sorry about the wrong suggestion. So I think it's best to remove this again. Ops, thats right. I now check the permissions and change them in case they are wrong Regarding the second: I suggest to include in this upload only fixes compliant with the freeze policy: [1]: http://release.debian.org/wheezy/freeze_policy.html (but I have not looked if #689696 can be considered RC). Since it is a build fix, I guess it classifys +sanlock (2.2-1.1) unstable; urgency=low + + * Fix CVE-2012-5638 sanlock world writable /var/log/sanlock.log. Thanks to Salvatore Bonaccorso (Closes: #696424) would wrap this line + Add patches cherry-picked from git repository: + - 0001-sanlock-remove-umask-0.patch + - 0001-sanlock-use-lockfile-mode-644.patch + - 0001-wdmd-use-lockfile-mode-644.patch + * Replace restrict field name (Closes: #689696) + Add patche cherry.picked from git repository: ^ s{patche}{patch} and s{cherry.picked}{cherry picked} Ops, fixed Again thanks for your work! Thank you too! Regards, Salvatore Cheers, David To: car...@debian.org 696...@bugs.debian.org Cc: martin.quin...@loria.fr j...@inutil.org a...@sigxcpu.org sanlock_cve2.debdiff Description: Binary data
Bug#696424: Possible patch
Hi David On Mon, Jan 07, 2013 at 09:06:53AM +, David Weber wrote: Attached is the debdiff contianing these three refreshed for the version in unstable and testing. But I'm not yet ready to propose a NMU. Testing of the resulting package is welcome! Thanks for the debdiff! It works as expected: It creates the files with the right permissions without breaking functionality. A problem could be that the files aren't freshly created by a simple restart of the daemon. Should something be done about that? Some options could be: - Notify the user to stop libvirtd and sanlock and run rm /var/run/sanlock/sanlock.sock; rm /var/log/sanlock.log - Change the file permissions through the package update - Do nothing because most likely nobody uses sanlock on Debain atm. I have not a final answer here, but it might be easy to implement like libvirt-bin does in postint, mabye only conditionally checking (so doing it during package update from a 'broken' version): [...] if ! dpkg-statoverride --list /var/log/sanlock.log /dev/null 21; then # fix permissions fi [...] and the same for /var/run/sanlock/sanlock.sock. Great hint. I modified the patch in that way and also added the fix for #689696 Guido, can you pull that debdiff directly or should I send you an updated debian.tar.gz? Regards, Salvatore To: car...@debian.org Cc: martin.quin...@loria.fr 696...@bugs.debian.org j...@inutil.org a...@sigxcpu.org sanlock_cve.debdiff Description: Binary data
Bug#696424: Possible patch
Attached is the debdiff contianing these three refreshed for the version in unstable and testing. But I'm not yet ready to propose a NMU. Testing of the resulting package is welcome! Thanks for the debdiff! It works as expected: It creates the files with the right permissions without breaking functionality. A problem could be that the files aren't freshly created by a simple restart of the daemon. Should something be done about that? Some options could be: - Notify the user to stop libvirtd and sanlock and run rm /var/run/sanlock/sanlock.sock; rm /var/log/sanlock.log - Change the file permissions through the package update - Do nothing because most likely nobody uses sanlock on Debain atm. Cheers, David sanlock_2.2-1.1.debdiff Description: Binary data
Bug#695859: Now available on mentors
Sorry for the long wait! Version 2.6 is now available on mentors: https://mentors.debian.net/package/sanlock Tested with libvirt 1.0.1-3 It already includes the fixes for #696424 and #689696 Can you pull it from there or should I send it to you a different way? Cheers, David -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689696: restrict is a keyword in C99
Package: sanlock Version: 2.2-1 src/sanlock_internal.h, line 495, uses restrict as a field name in a struct. This collides with the fact that in C99 restrict is a keyword. Compilers that default to C99-mode, or gcc -std=c99, fail to compile this code. Best, Michael I sent a patch upstream. https://fedorahosted.org/pipermail/sanlock-devel/ (is down ATM) This should be backported to wheezy, right? I will do that after it got applied. I will also try to package the latest release soon. Thanks for reporting! Cheers, David To: m...@debian.org b...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676345: Re-2: Bug#676345: libvirt: [Patch] Enable sanlock
Hi David, On Wed, Jun 06, 2012 at 12:17:15PM +0200, David Weber wrote: Package: libvirt0 Version: 0.9.12-1.1 Severity: wishlist File: libvirt Hi, please apply the attached patch to enable sanlock in libvirt Thanks for the patch some quick questions: + libsanlock-dev, + libsanlock-client1, Shouldn't libsanlock-dev pull in libsanlock-client1? You're right, the line can be dropped. # For make check dwarves, libxml2-utils, -95,6 +97,18 Description: library for interfacing with different virtualization systems . This package contains the debugging symbols. +Package: libvirt-sanlock +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libvirt0 (= ${binary:Version}) , augeas-tools What is augeas-tools needed for? It is needed for the cleanup cronjob, it uses augeas-tools to read the config files. See /usr/sbin/virt-sanlock-cleanup [..snip..] usr/share/man/man8/* diff --git a/debian/libvirt-sanlock.cron.weekly b/debian/libvirt-sanlock. cron.weekly new file mode 100644 index 000..170d91b --- /dev/null +++ b/debian/libvirt-sanlock.cron.weekly -0,0 +1,10 +#!/bin/sh + +#Disabled by default, uncomment to enable +exit 0 Why would we disable this by default? I experienced some problems like crashing the sanlock deamon when running the script. It was with a bit older version so it maybe works better now but I wouldn't recommend it. I hope I can re-test it soon. Fedora btw. also doesn't enable it as far as I can see. + + +/usr/sbin/virt-sanlock-cleanup -q 2/dev/null Why would we discard stderr here? Fixed. Updated patch attached. Cheers, -- Guido To: a...@sigxcpu.org 676...@bugs.debian.org libvirt_enable_sanlock.diff Description: Binary data
Bug#676345: libvirt: [Patch] Enable sanlock
Package: libvirt0 Version: 0.9.12-1.1 Severity: wishlist File: libvirt Hi, please apply the attached patch to enable sanlock in libvirt Thanks! Cheers, David commit 778f9c0232b916f99174ce4a2a6139090a1495e1 Author: David Weber w...@munzinger.de Date: Mon Jun 4 17:18:39 2012 +0200 Enable sanlock diff --git a/debian/changelog b/debian/changelog index 7d3c5bb..9bbea9e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +libvirt (0.9.12-1.1) UNRELEASED; urgency=low + + * Non-maintainer upload. + * Enable Sanlock + + -- David Weber w...@munzinger.de Mon, 04 Jun 2012 16:12:04 +0200 + libvirt (0.9.12-1) experimental; urgency=low * [75e280b] New upstream version 0.9.12 diff --git a/debian/control b/debian/control index 6092f86..5d5997a 100644 --- a/debian/control +++ b/debian/control @@ -33,6 +33,8 @@ Build-Depends: cdbs (= 0.4.90~), libnuma-dev [amd64 i386 ia64 mips mipsel powerpc], radvd [linux-any], libnetcf-dev [linux-any], + libsanlock-dev, + libsanlock-client1, # For make check dwarves, libxml2-utils, @@ -95,6 +97,18 @@ Description: library for interfacing with different virtualization systems . This package contains the debugging symbols. +Package: libvirt-sanlock +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libvirt0 (= ${binary:Version}), augeas-tools +Priority: extra +Description: library for interfacing with different virtualization systems + Libvirt is a C toolkit to interact with the virtualization capabilities + of recent versions of Linux (and other OSes). The library aims at providing + a long term stable C API for different virtualization mechanisms. It currently + supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. + . + This package contains the sanlock plugin. + Package: libvirt-doc Architecture: all Section: doc diff --git a/debian/libvirt-bin.install b/debian/libvirt-bin.install index dd9b344..72f23a4 100644 --- a/debian/libvirt-bin.install +++ b/debian/libvirt-bin.install @@ -3,7 +3,8 @@ usr/sbin/* etc/libvirt/* etc/sasl2/* usr/share/polkit-1 -usr/lib/libvirt/* +usr/lib/libvirt/libvirt* +usr/lib/libvirt/connection-driver usr/share/augeas/* usr/share/libvirt/* usr/share/man/man8/* diff --git a/debian/libvirt-sanlock.cron.weekly b/debian/libvirt-sanlock.cron.weekly new file mode 100644 index 000..170d91b --- /dev/null +++ b/debian/libvirt-sanlock.cron.weekly @@ -0,0 +1,10 @@ +#!/bin/sh + +#Disabled by default, uncomment to enable +exit 0 + + +/usr/sbin/virt-sanlock-cleanup -q 2/dev/null +exit 0 + + diff --git a/debian/libvirt-sanlock.install b/debian/libvirt-sanlock.install new file mode 100644 index 000..d8a7348 --- /dev/null +++ b/debian/libvirt-sanlock.install @@ -0,0 +1 @@ +usr/lib/libvirt/lock-driver/sanlock.so diff --git a/debian/patches/add_ignore_param_to_sanlock.patch b/debian/patches/add_ignore_param_to_sanlock.patch new file mode 100644 index 000..159129e --- /dev/null +++ b/debian/patches/add_ignore_param_to_sanlock.patch @@ -0,0 +1,106 @@ +From b8012ce9312f00947c5ca7250a7a96534c85835f Mon Sep 17 00:00:00 2001 +From: David Weber w...@munzinger.de +Date: Mon, 14 May 2012 09:53:02 + +Subject: [PATCH 1/1] sanlock: fix locking for readonly devices + +Add ignore param for readonly and shared disk in sanlock +--- + AUTHORS |1 + + src/locking/libvirt_sanlock.aug |1 + + src/locking/lock_driver_sanlock.c| 13 - + src/locking/sanlock.conf |7 +++ + src/locking/test_libvirt_sanlock.aug |2 ++ + 5 files changed, 23 insertions(+), 1 deletions(-) + +diff --git a/src/locking/libvirt_sanlock.aug b/src/locking/libvirt_sanlock.aug +index 5f5f8a1..d65b002 100644 +--- a/src/locking/libvirt_sanlock.aug b/src/locking/libvirt_sanlock.aug +@@ -21,6 +21,7 @@ module Libvirt_sanlock = + | bool_entry auto_disk_leases + | int_entry host_id + | bool_entry require_lease_for_disks ++ | bool_entry ignore_readonly_and_shared_disks +let comment = [ label #comment . del /#[ \t]*/ # . store /([^ \t\n][^\n]*)?/ . del /\n/ \n ] +let empty = [ label #empty . eol ] + +diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sanlock.c +index d344d6a..146aefd 100644 +--- a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sanlock.c +@@ -1,7 +1,7 @@ + /* + * lock_driver_sanlock.c: A lock driver for Sanlock + * +- * Copyright (C) 2010-2011 Red Hat, Inc. ++ * Copyright (C) 2010-2012 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public +@@ -65,6 +65,7 @@ struct _virLockManagerSanlockDriver { + bool requireLeaseForDisks; + int hostID; + bool autoDiskLease; ++bool ignoreReadonlyShared; + char *autoDiskLeasePath; + }; + +@@ -114,6 +115,10 @@ static int virLockManagerSanlockLoadConfig(const char *configFile) + CHECK_TYPE
Bug#674997: Sanlock - Sponsor
Still looking for a sponsor. Anyone interested? Cheers, David -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669366: New ocfs2-tools version
Hi, I pushed ocfs2-tools 1.8.2 into mentors. The merge was quite a mess because of the missing upstream tarballs and I couldn't really test it so far. But perhaps this helps someone. Is there a chance to see this version in wheezy? http://mentors.debian.net/package/ocfs2-tools Cheers, David -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#674997: RFS: sanlock/2.2-4 [ITP]
Package: sponsorship-requests Severity: wishlist Dear mentors, I am looking for a sponsor for my package sanlock * Package name: sanlock Version : 2.2-4 Upstream Author : David Teigland teigl...@redhat.com * URL : https://fedorahosted.org/sanlock/ * License : (LGPLv2+, GPLv2, GPLv2+) Section : libs It builds those binary packages: libsanlock-client1 - client library for sanlock sanlock- shared storage lock manager sanlock-dev - development files for sanlock To access further information about this package, please visit the following URL: http://mentors.debian.net/package/sanlock Alternatively, one can download the package with dget using this command: dget -x http://mentors.debian.net/debian/pool/main/s/sanlock/sanlock_2.2-4.dsc More information about sanlock can be obtained from https://fedorahosted.org/sanlock/ Changes since the last upload: * Add debian/README.Source Regards, David Weber -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#674997: Re-2: Bug#674997: RFS: sanlock/2.2-4 [ITP]
Thanks a lot for your reply! libsanlock-client1 - client library for sanlock sanlock- shared storage lock manager sanlock-dev - development files for sanlock The descriptions for the development and library packages are not very informative. They give no more information then the package names themselves, something like libsanlock-client1 - shared storage lock manager (client library) sanlock-dev - shared storage lock manager (development files) would be better. Done. Also is there a reason why it's sanlock-dev and not libsanlock-dev? I don't know any so I changed it. It might also be a good idea to merge all changelog entries so you only have the Initial release. entry. Right, done. The new version is again uploaded to http://mentors.debian.net/package/sanlock David Ansgar To: ans...@debian.org Cc: 674...@bugs.debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669102: Sanlock - How to proceed
Hi, thanks for your work on the package. Some more comments below: On Mon, May 14, 2012 at 12:14:12PM +, David Weber wrote: On Mon, May 14, 2012 at 11:31:44AM +, David Weber wrote: I merged the upstream release 2.2 into mentors. The freeze for Wheezy gets closer, so I ask if anybody has further comments or issues. If not, can any developer do the merge by himself or should I ask for a sponsorship on mentors? You upstream tarball isn't clean. It contains a debian dir and shared objects. Could you fix that? I've no idea how this could happen but it's now fixed (2.2-2) This looks wired in debian/copyright: The current Debian maintainer is YOUR NAME your@email.address Are you going to maintain the package? I'm not an official Debian Maintainer so far, so I guess I would first have to apply to become one, right? Or can I maintain a package with an sponsor? I would prefer the second way when possible. The usual practice is to indent debian/control with spaces not tab but both should work. I'll fix that I'd recommend to also post your next versions to debian-ment...@lists.debian.org since there are more reviewers there. (pleae keep me in cc: since I'll try to find the time to have another look too). I'll do that. BTW where did you fetch the orig tarball from? There aren't any official tarballs, so I downloaded it via gitweb, extracted it, renamed the folder and packaged it again. I guess that's rather problematic because the md5 sum most likely changes sometimes for no reason. David To: a...@sigxcpu.org Cc: 669...@bugs.debian.org gdahl...@hotmail.com bren...@zionetrix.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669102: Sanlock - How to proceed
I merged the upstream release 2.2 into mentors. The freeze for Wheezy gets closer, so I ask if anybody has further comments or issues. If not, can any developer do the merge by himself or should I ask for a sponsorship on mentors? David -- http://mentors.debian.net/package/sanlock -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669366: Freeze for Whezzy
The freeze for Wheezy gets closer. Is anybody working on this? If not, I can try to do a merge by myself and get a sponsor on mentors for it. David -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669102: Sanlock - How to proceed
On Mon, May 14, 2012 at 11:31:44AM +, David Weber wrote: I merged the upstream release 2.2 into mentors. The freeze for Wheezy gets closer, so I ask if anybody has further comments or issues. If not, can any developer do the merge by himself or should I ask for a sponsorship on mentors? You upstream tarball isn't clean. It contains a debian dir and shared objects. Could you fix that? I've no idea how this could happen but it's now fixed (2.2-2) David To: a...@sigxcpu.org Cc: 669...@bugs.debian.org gdahl...@hotmail.com bren...@zionetrix.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669102: Package updated
I've fixed all remaining non-upstream problems, see http://mentors.debian.net/package/sanlock Can somebody please review the package? I will meanwhile do some more testing. David -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669102: ITP: sanlock -- a shared storage lock manager - useful for accessing vm, images
Hi, Hello, Debian support for Libvirt sanlock very insteresting me. I build a sanlock and libvirt-sanlock Debian package from your proposal and I note some problems : * I had a bug about undefined constant SCHED_RESET_ON_FORK building sanlock package. I had to apply this patch : https://build.opensuse.org/package/view_file?file=sanlock-SCHED_RESET_ON_ FORK-undefined.patchpackage=sanlockproject=Virtualizationrev= 4bf0126638bb7c9e02f055b4aa92e543 I've no idea why I havn't hit that but I've added the patch. * In sanlock and wdmd init scripts, I put value of variable DESC in quote to avoid this error during package installation : Setting up sanlock (2.1-1) ... /etc/init.d/sanlock: 17: lock-manager: not found Done * I had augeas-tools dependency to libvirt-bin package because augtool command is required by virt-sanlock-cleanup script. Done Notes : * The Libvirt documentation recommends to weekly run virt-sanlock-cleanup script (see http://libvirt.org/locking.html#sanlockstorage). The corresponding cron could be provide by the Debian package. I've added a weekly cron to libvirt-sanlock which is disabled by default. I personally don't use virt-sanlock-cleanup on my production machines because it crashed sanlock one time. I will investigate that later * I think virt-sanlock-cleanup script should logically provide by libvirt-sanlock debian package. I agree, that would logically be better, but it would increases .install complexity. So I've left it in libvirt-bin for now I've uploaded the updated packages to mentors http://mentors.debian.net/package/sanlock http://mentors.debian.net/package/libvirt There are still a few problems left but I'll try to fix them when I'm back at the office next week. Can somebody give me a hint how to fix the package-name-doesnt-match-sonames error? I can install the libraries to /usr/lib/sanlock but then the sanlock daemon doesn't find it anymore (I don't know much about linking on Linux :) ) Thank's for your work. Thank's for your help! David Benjamin Renard To: bren...@zionetrix.net, 669...@bugs.debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669102: Libvirt Patch
Patch to enable Sanlock in Libvirt with a libvirt-sanlock package. We could also package the plugin into libvirt-bin. libvirt-sanlock.patch Description: Binary data
Bug#669366: ocfs2-tools: New upstream version 1.8.2
Package: ocfs2-tools Severity: wishlist Hi, new versions of ocfs2-tools are only available via git[1]. They contain a lot of important improvements for fsck.ocfs2. It would be great if somebody could package that Thanks! David [1] http://oss.oracle.com/git/?p=ocfs2-tools.git;a=summary -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669102: ITP: sanlock -- a shared storage lock manager - useful for accessing vm images on a NAS or SAN
Package: wnpp Severity: wishlist Owner: David Weber w...@munzinger.de * Package name: sanlock Version : 2.1 Upstream Author : David Teigland teigl...@redhat.com * URL : https://fedorahosted.org/sanlock/ * License : (LGPLv2+, GPLv2, GPLv2+) Programming Lang: (C, Python) Description : a shared storage lock manager - useful for accessing vm images on a NAS or SAN Sanlock ensures that single disk cannot be used by more than one running VM at a time, across any host in a network. See http://git.fedorahosted.org/git/?p=sanlock.git;a=blob;f=README.license;h=9bf5cae09fc44d7050c89535f0a8b49f23fcae3d;hb=HEAD for license -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org