Bug#833525: debootstrap: Deleted my entire /home partition using "mostly harmless" debootstrap --print-debs option

2018-03-16 Thread Hideki Yamane 
On Wed, 14 Mar 2018 07:21:38 +0100
Ansgar Burchardt  wrote:
> That doesn't work:
> 
> +---
> | $ dash -c '[ -e /bin/* ]'
> | dash: 1: [: /bin/2to3-2.7: unexpected operator
> +---

 Thanks for the catch, fixed version here.


diff --git a/debootstrap b/debootstrap
index a257e09..083473d 100755
--- a/debootstrap
+++ b/debootstrap
@@ -434,7 +434,7 @@ fi
 ###
 
 TARGET_EMPTY=true
-if [  -e "$TARGET"/* ]; then
+if [ "$(ls -A "$TARGET")" ]; then
TARGET_EMPTY=false
 fi

Bug#833525: debootstrap: Deleted my entire /home partition using "mostly harmless" debootstrap --print-debs option

2018-03-14 Thread Ansgar Burchardt 
Hideki Yamane  writes:
>  Unfortunately, this patch would break behavior of --make-tarball option,
>  after creating tarball it cleans $TARGET but this patch prevent it even if
>  $TARGET doesn't exist before command runs.
>
>  Here's revised patch attached.

> +if [  -e "$TARGET"/* ]; then

That doesn't work:

+---
| $ dash -c '[ -e /bin/* ]'
| dash: 1: [: /bin/2to3-2.7: unexpected operator
+---

Ansgar

Bug#833525: debootstrap: Deleted my entire /home partition using "mostly harmless" debootstrap --print-debs option

2018-03-13 Thread Hideki Yamane 
Hi,

On Fri, 05 Aug 2016 17:15:29 +0200
Johannes Schauer  wrote:
> if I understand correctly, the problem is two-fold:
> 
>  - debootstrap removes everything in a directory even if there was stuff in it
>beforehand (this should not happen)
> 
>  - debootstrap removes recursively across filesystem boundaries (how was this
>not noticed earlier?)
> 
> The following patch should fix this:

 Unfortunately, this patch would break behavior of --make-tarball option,
 after creating tarball it cleans $TARGET but this patch prevent it even if
 $TARGET doesn't exist before command runs.

 Here's revised patch attached.


-- 
Regards,

 Hideki Yamane henrich @ debian.org/iijmio-mail.jp
>From bcca7322c029a2d51c2adf738bf02cb54415685d Mon Sep 17 00:00:00 2001
From: Hideki Yamane 
Date: Tue, 13 Mar 2018 20:39:05 +0900
Subject: [PATCH] prevent removal when print-deb option was specified and its
 directory doesn't empty

Based on patch by Johannes Schauer 
Closes: #833525
---
 debootstrap | 18 +++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/debootstrap b/debootstrap
index 0160afa..6300517 100755
--- a/debootstrap
+++ b/debootstrap
@@ -422,6 +422,13 @@ fi
 
 ###
 
+TARGET_EMPTY=true
+if [  -e "$TARGET"/* ]; then
+	TARGET_EMPTY=false
+fi
+
+###
+
 if in_path dpkg && \
  dpkg --print-architecture >/dev/null 2>&1; then
 	HOST_ARCH=`/usr/bin/dpkg --print-architecture`
@@ -701,8 +708,13 @@ if am_doing_phase second_stage; then
 fi
 
 if am_doing_phase kill_target; then
-	if [ "$KEEP_DEBOOTSTRAP_DIR" != true ]; then
-		info KILLTARGET "Deleting target directory"
-		rm -rf "$TARGET"
+	if [ "$KEEP_DEBOOTSTRAP_DIR" = true ]; then
+		true
+	# prevent removal when print-deb option was specified and its directory doesn't empty
+	elif [ "$PRINT_DEBS" = true ] && [ "$TARGET_EMPTY" != true ]; then
+		true
+	else
+info KILLTARGET "Deleting target directory"
+		rm -rf --one-file-system "$TARGET"
 	fi
 fi
-- 
2.16.2

Bug#833525: debootstrap: Deleted my entire /home partition using "mostly harmless" debootstrap --print-debs option

2016-08-05 Thread Brian Drummond 
On Fri, 2016-08-05 at 17:15 +0200, Johannes Schauer wrote:
> Control: tag -1 + patch
> 
> On Fri, 05 Aug 2016 13:55:14 +0100 Brian Drummond  n.co.uk> wrote:
> > 
> > *** Reporter, please consider answering these questions, where
> > appropriate ***
> > 
> > 8) I said this was embarassing...
> > 
> >    * What exactly did you do (or not do) that was effective (or
> >  ineffective)?
> > debootstrap --print-debs /chroot/i386
> > 
> if I understand correctly, the problem is two-fold:
> 
>  - debootstrap removes everything in a directory even if there was
> stuff in it
>    beforehand (this should not happen)
> 
>  - debootstrap removes recursively across filesystem boundaries (how
> was this
>    not noticed earlier?)
> 
> The following patch should fix this:

Thank you! 

If I understand the patch, it should have the desired effect.

I find myself strangely reluctant to test it ... may I
be forgiven?

(I know ... why don't I just chroot into a safe place and test it
there? :-)

Hopefully it will be accepted into Debian and stop somebody else making
such a fool of themselves...

Thanks again!

-- Brian

Bug#833525: debootstrap: Deleted my entire /home partition using "mostly harmless" debootstrap --print-debs option

2016-08-05 Thread Johannes Schauer 
Control: tag -1 + patch

On Fri, 05 Aug 2016 13:55:14 +0100 Brian Drummond  
wrote:
> *** Reporter, please consider answering these questions, where appropriate ***
> 
>* What led up to the situation?
> 0) Okay, this will be embarrassing...
> 1) Occasional need to work on i386 software on an x86-64 machine.
> 2) Previous experiment led to a marginally usable "minimal"  /chroot/i386 
> partition (without internet connection)
> 3) Desire to add internet connection to same, start by listing packages which 
> would be installed by "debootstrap --print-debs"
> 4) Failure to understand that "debootstrap --print-debs" operated by 
> performing the entire debootstrap operation, 
> listing packages, then deleting the created directory, despite a note in the 
> manfile to that effect.
> 5) Further failure to note that such deletion would apply recursively to any 
> automounted partitions in said created directory. 
> 6) Previous experiment involved automounting /proc, /sys, /var/tp, and /home 
> into said /chroot/i386 partition.
> 7) Re-using the /chroot/i386 directory name in the "debootstrap 
> --print-files" command. Without the --keep-bootstrop-dir option, since I was 
> about to replace it.
> 8) I said this was embarassing...
> 
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
> Sadly, I no longer have my exact notes, as will become clear. But 
> approximately, the command was (possibly with sudo, or after su):
> debootstrap --print-debs /chroot/i386
> 
>* What was the outcome of this action?
> Well I briefly saw the list of packages flash past, before debootstrap got to 
> the "The TARGET directory will be deleted" part.
> At which point various strange things started happening, until it gradually 
> dawned on me that /home and /var/tmp were slowly disappearing before my 
> eyes...
> 
>* What outcome did you expect instead?
> 
> Somehow I expected to be left with a list of .deb packages and a functioning 
> computer. I now understand my expectations were unrealistic.
> 
> Perhaps I have been punished enough ... and perhaps it would be a good idea 
> to modify the bit of debootstrap that implements 
> "The TARGET directory will be deleted" and convince it to stop at 
> automounted partitions in /etc/fstab (and/or mtab)?
> 
> It is too late for me, but it might be very pleasing to some future unwary 
> operators to be left with their /home partition intact... 
> 
> (NB the packages/versions listed below apply to a reinstall, not the exact 
> formerly-running system, for reasons that are hopefully clear)

if I understand correctly, the problem is two-fold:

 - debootstrap removes everything in a directory even if there was stuff in it
   beforehand (this should not happen)

 - debootstrap removes recursively across filesystem boundaries (how was this
   not noticed earlier?)

The following patch should fix this:


@@ -409,6 +409,11 @@
fi
 fi
 
+TARGET_EMPTY=true
+if [ "$(ls -A "$TARGET")" ]; then
+   TARGET_EMPTY=false
+fi
+
 ###
 
 if in_path dpkg && \
@@ -698,8 +703,8 @@
 fi
 
 if am_doing_phase kill_target; then
-   if [ "$KEEP_DEBOOTSTRAP_DIR" != true ]; then
+   if [ "$KEEP_DEBOOTSTRAP_DIR" != true && "$TARGET_EMPTY" == true ]; then
info KILLTARGET "Deleting target directory"
-   rm -rf "$TARGET"
+   rm -rf --one-file-system "$TARGET"
fi
 fi


Thanks!

cheers, josch


signature.asc
Description: signature

Bug#833525: debootstrap: Deleted my entire /home partition using "mostly harmless" debootstrap --print-debs option

2016-08-05 Thread Brian Drummond 
Package: debootstrap
Version: 1.0.81
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
0) Okay, this will be embarrassing...
1) Occasional need to work on i386 software on an x86-64 machine.
2) Previous experiment led to a marginally usable "minimal"  /chroot/i386 
partition (without internet connection)
3) Desire to add internet connection to same, start by listing packages which 
would be installed by "debootstrap --print-debs"
4) Failure to understand that "debootstrap --print-debs" operated by performing 
the entire debootstrap operation, 
listing packages, then deleting the created directory, despite a note in the 
manfile to that effect.
5) Further failure to note that such deletion would apply recursively to any 
automounted partitions in said created directory. 
6) Previous experiment involved automounting /proc, /sys, /var/tp, and /home 
into said /chroot/i386 partition.
7) Re-using the /chroot/i386 directory name in the "debootstrap --print-files" 
command. Without the --keep-bootstrop-dir option, since I was about to replace 
it.
8) I said this was embarassing...

   * What exactly did you do (or not do) that was effective (or
 ineffective)?
Sadly, I no longer have my exact notes, as will become clear. But 
approximately, the command was (possibly with sudo, or after su):
debootstrap --print-debs /chroot/i386

   * What was the outcome of this action?
Well I briefly saw the list of packages flash past, before debootstrap got to 
the "The TARGET directory will be deleted" part.
At which point various strange things started happening, until it gradually 
dawned on me that /home and /var/tmp were slowly disappearing before my eyes...

   * What outcome did you expect instead?

Somehow I expected to be left with a list of .deb packages and a functioning 
computer. I now understand my expectations were unrealistic.

Perhaps I have been punished enough ... and perhaps it would be a good idea to 
modify the bit of debootstrap that implements 
"The TARGET directory will be deleted" and convince it to stop at 
automounted partitions in /etc/fstab (and/or mtab)?

It is too late for me, but it might be very pleasing to some future unwary 
operators to be left with their /home partition intact... 

(NB the packages/versions listed below apply to a reinstall, not the exact 
formerly-running system, for reasons that are hopefully clear)

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: stretch/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages debootstrap depends on:
ii  wget  1.18-1

Versions of packages debootstrap recommends:
ii  debian-archive-keyring  2014.3
ii  gnupg   1.4.20-6

debootstrap suggests no packages.

-- no debconf information