Bug#1017780: 1.5.517 in salsa repository [was: Version bump: 1.4.230]
Hello Sven, thank you for your quick response. On 12/18/23 03:57, Sven Hartge wrote: On 18.12.23 07:37, Chris Knadle wrote: Thank you very much for your efforts on this bug. Most the changes the patches make and offhand look reasonable, and for the moment I've pulled them from the 'improvement' branch your mumble Git repo. However I'm wondering about the permissions change to /etc/mumble as to why that's desired: chown root:mumble-server /etc/mumble/ What is the benefit of updating the /etc/mumble/ directory to have group ownership by mumble-server? Is the intent for allowing a number of users that are added to the mumble-server group to be allowed to update the mumble-server.ini file? Let me know so I can explain it. ;-) The problem is access to the configuration. If /etc/mumble is root:root and 750, then the daemon, running as mumble-server:mumble-server can't read its configuration file and fails to start. Okay, right, because there are no "other" read or execute permissions to allow traversing the directory. So /etc/mumble needs to be readable by the group, either 755 (which is worse security-wise) or owned by the group, which is the change I implemented. The configuration file itself is 640 and root:mumble-server, so the group can't change it. Accepted. Grüße, Sven. Grüße. Thanks -- Chris Knadle chris.kna...@coredump.us
Bug#1017780: 1.5.517 in salsa repository [was: Version bump: 1.4.230]
On 18.12.23 07:37, Chris Knadle wrote: Thank you very much for your efforts on this bug. Most the changes the patches make and offhand look reasonable, and for the moment I've pulled them from the 'improvement' branch your mumble Git repo. However I'm wondering about the permissions change to /etc/mumble as to why that's desired: chown root:mumble-server /etc/mumble/ What is the benefit of updating the /etc/mumble/ directory to have group ownership by mumble-server? Is the intent for allowing a number of users that are added to the mumble-server group to be allowed to update the mumble-server.ini file? Let me know so I can explain it. ;-) The problem is access to the configuration. If /etc/mumble is root:root and 750, then the daemon, running as mumble-server:mumble-server can't read its configuration file and fails to start. So /etc/mumble needs to be readable by the group, either 755 (which is worse security-wise) or owned by the group, which is the change I implemented. The configuration file itself is 640 and root:mumble-server, so the group can't change it. Grüße, Sven.
Bug#1017780: 1.5.517 in salsa repository [was: Version bump: 1.4.230]
Hello Sven. Thank you very much for your efforts on this bug. Most the changes the patches make and offhand look reasonable, and for the moment I've pulled them from the 'improvement' branch your mumble Git repo. However I'm wondering about the permissions change to /etc/mumble as to why that's desired: chown root:mumble-server /etc/mumble/ What is the benefit of updating the /etc/mumble/ directory to have group ownership by mumble-server? Is the intent for allowing a number of users that are added to the mumble-server group to be allowed to update the mumble-server.ini file? Let me know so I can explain it. ;-) Thanks On 12/8/23 11:36, Sven Hartge wrote: On Fri, 3 Mar 2023 06:16:00 + Chris Knadle wrote: If someone knows how to fix the mumble-server.service file so that mumble-server can start, that would be helpful; once that's fixed I can make an upload to Debian Experimental. The file in the tree is at: Hello Chris, I looked at the problem and I fixed all the problems (and some more) preventing the daemon to start under systemd. You can either pull from https://salsa.debian.org/hartge/mumble.git or apply the attached diff. I tested my changes for fresh installations and upgrades, both work correctly. These changes fix #1039271 as well. Grüße, Sven. -- Chris Knadle chris.kna...@coredump.us
Bug#1017780: 1.5.517 in salsa repository [was: Version bump: 1.4.230]
On Fri, 8 Dec 2023 17:36:21 +0100 Sven Hartge wrote: You can either pull from https://salsa.debian.org/hartge/mumble.git or apply the attached diff. From the "improvements" branch I meant to say. Grüße, Sven.
Bug#1017780: 1.5.517 in salsa repository [was: Version bump: 1.4.230]
On Fri, 3 Mar 2023 06:16:00 + Chris Knadle wrote: If someone knows how to fix the mumble-server.service file so that mumble-server can start, that would be helpful; once that's fixed I can make an upload to Debian Experimental. The file in the tree is at: Hello Chris, I looked at the problem and I fixed all the problems (and some more) preventing the daemon to start under systemd. You can either pull from https://salsa.debian.org/hartge/mumble.git or apply the attached diff. I tested my changes for fresh installations and upgrades, both work correctly. These changes fix #1039271 as well. Grüße, Sven. diff --git a/debian/mumble-server.README.Debian b/debian/mumble-server.README.Debian index 6c5a80c4a2073243daefc4992d34336cde41d7fa..a90d8a5c554fe16f95b0f75dc6a80531ad36fc17 100644 --- a/debian/mumble-server.README.Debian +++ b/debian/mumble-server.README.Debian @@ -1,9 +1,9 @@ The Mumble documentation refers to the server for Mumble with several naming conventions: mumble-server, murmur, and murmurd all refer to the same server -binary /usr/sbin/murmurd. +binary /usr/bin/mumble-server. -This package includes a system-wide installation of murmurd. If you want a -personal server running on your own user account, use the murmur-user-wrapper +This package includes a system-wide installation of murd. If you want a +personal server running on your own user account, use the mumble-server-user-wrapper script. Murmur's root user is called SuperUser. To set the password for superuser, diff --git a/debian/mumble-server.postinst b/debian/mumble-server.postinst index c5b65294f43e6ea50831d0fdcb5de9afeaa2c307..e95a22b5bd6a4896bac34131976f39b817f744d5 100644 --- a/debian/mumble-server.postinst +++ b/debian/mumble-server.postinst @@ -32,6 +32,7 @@ case "$1" in chmod 0640 /etc/mumble/mumble-server.ini chown root:mumble-server /etc/mumble/mumble-server.ini fi + chown root:mumble-server /etc/mumble/ # Workaround for when this was in .dirs [ -d /run/mumble-server ] && chown mumble-server:adm /run/mumble-server @@ -61,7 +62,7 @@ case "$1" in # likely to update it outside of debconf. db_get mumble-server/password if [ "$RET" != "" ] ; then - echo $RET | su mumble-server -s /bin/sh -c "/usr/sbin/murmurd -ini /etc/mumble-server.ini -readsupw" + echo $RET | su mumble-server -s /bin/sh -c "/usr/bin/mumble-server -ini /etc/mumble/mumble-server.ini -readsupw" if [ $? = 0 ] ; then db_set mumble-server/password "" else diff --git a/debian/mumble-server.preinst b/debian/mumble-server.preinst index 4a0080314f07e3965c621606ad32d25980cbfe0c..4f41afea849f821b6d2016243a930f45e0629573 100644 --- a/debian/mumble-server.preinst +++ b/debian/mumble-server.preinst @@ -8,6 +8,7 @@ if [ -f /etc/mumble-server/mumble-server.ini ] ; then if [ ! -f /etc/mumble/mumble-server.ini ] ; then echo "Moving /etc/mumble-server/mumble-server.ini to /etc/mumble/mumble-server.ini.." mkdir -m 750 /etc/mumble + chown root:mumble-server /etc/mumble mv /etc/mumble-server/mumble-server.ini /etc/mumble/mumble-server.ini rmdir --ignore-fail-on-non-empty /etc/mumble-server/ echo "Done." @@ -18,6 +19,7 @@ if [ -f /etc/mumble-server.ini ] ; then if [ ! -f /etc/mumble/mumble-server.ini ] ; then echo "Moving /etc/mumble-server.ini to /etc/mumble/mumble-server.ini.." mkdir -m 750 /etc/mumble + chown root:mumble-server /etc/mumble mv /etc/mumble-server.ini /etc/mumble/mumble-server.ini echo "Done." fi diff --git a/debian/mumble-server.templates b/debian/mumble-server.templates index cd5c1f8ae6cac3104cda4d52d0ccdf432dc7a356..f03373486ecefa703d898a1abe8c24d674ee39c5 100644 --- a/debian/mumble-server.templates +++ b/debian/mumble-server.templates @@ -13,11 +13,11 @@ Template: mumble-server/start_daemon Type: boolean Default: true _Description: Autostart mumble-server on server boot? - Mumble-server (murmurd) can start automatically when the server is booted. + Mumble-server (mumble-server) can start automatically when the server is booted. Template: mumble-server/use_capabilities Type: boolean Default: false _Description: Allow mumble-server to use higher priority? - Mumble-server (murmurd) can use higher process and network priority to + Mumble-server (mumble-server) can use higher process and network priority to ensure low latency audio forwarding even on highly loaded servers. diff --git a/debian/patches/90-debianize-systemd-unit.diff b/debian/patches/90-debianize-systemd-unit.diff new file mode 100644 index ..0bc3d1366c49ca890b9c1db8d9318c821f82fee0 --- /dev/null +++ b/debian/patches/90-debianize-systemd-unit.diff @@ -0,0 +1,28 @@ +--- a/auxiliary_files/config_files/mumble-server.service.in b/auxiliary_files/config_files/mumble-server.service.in +@@ -7,7 +7,7 @@ + AmbientCapabilities=CAP_NET_BIND_SERVICE + CapabilityBoundingSet=CAP_NET_BIND_SERVICE +
Bug#1017780: 1.5.517 in salsa repository [was: Version bump: 1.4.230]
Greetings all. The current 1.5.517 packaging work has been uploaded to Debian Salsa. I intend to upload 1.5.517-1 to Debian Experimental after figuring out how to fix upstream's mumble-server.service file, which is currently broken. Right now mumble-server will not start, and the sysv init script was also removed upstream for 1.5.x. I'd also like to re-introduce the init script as an "extra" so that users/admins can use mumble-server with init systems other than systemd. The package builds, the binary packages are installable, and both mumble-server (started manually) and mumble both work. Right now The "DBUILD_NUMBER" to indicate the minor version [517] is hardcoded in debian/rules, and that will need to be scripted to fill in as a variable from the Debian package version number instead. I had been asked to abandon work on packaging 1.4.x in favor of 1.5.x because 1.5.x was designed to work on OpenSSL 3.0. Mumble 1.4.230 also contained unreleasable files requiring DFSG modifications to the tarball, so I reverted to a backup of my local repository, and thus 1.4.x was not introduced to the mumble repository on Salsa. If someone knows how to fix the mumble-server.service file so that mumble-server can start, that would be helpful; once that's fixed I can make an upload to Debian Experimental. The file in the tree is at: auxiliary_files/config_files/mumble-server.service.in -- Chris -- Chris Knadle chris.kna...@coredump.us