Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
On 13/11/2018 16:33, Jerome BENOIT wrote: > > > On 13/11/2018 16:23, Russel Winder wrote: >> >>> It does not look as a solution anyway. >>> And the issue does not seem to be a FireHOL issue. >>> I guess that we have to stick to package 3.1.6+ds-4 for a while. >> >> I've held all but one machine on 3.1.6+ds-4 but now need to revert the one >> test machine. Aptitude is telling me there is only 3.1.6+ds-5. Can this >> version be removed from the repository and 3.1.6+ds-4 reinstated, or do I >> just >> have to manually grab the packages and install them? > > It is a building environment issue: I would build the debian package from > source, > and them install it. > > I have just submitted the issue to the debian-devel debian list (I CCed to > you). > As temporary solution, I can submit a package built from a local chroot > environment. I have just ask for suggestions to the upstream maintainer. Jerome > > Jerome > > >> > -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B signature.asc Description: OpenPGP digital signature
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
On Tue, 13 Nov 2018, Russel Winder wrote: > > > Try this: > > > > https://snapshot.debian.org/binary/firehol/ > > Thanks for the pointer. I run Approx, so I have the history of > packages here anyway. The issue is whether I have to delve into it > for manual installation, or whether the Debian Sid package can be > rescinded. I suspect not, I think Debian is "the only direction is > forward" which is fair enough. That's my experience. > It sounds like usrmerge is becoming a Debian standard, so I might > try it on that one machine. Heads up. A move like that might break other packages too. The other thing you might want to careful with is what I wrote in bug #912624: > Repeating the upgrade process I found out that /etc/firehol/firehol.conf > is _forcebly_ overwritten. So, that's one bug: > > Installing new version of config file /etc/firehol/firehol.conf ... > > I'm asked if I want to keep /etc/default/firehol, though. -- Cristian
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
On 13/11/2018 16:23, Russel Winder wrote: > >> It does not look as a solution anyway. >> And the issue does not seem to be a FireHOL issue. >> I guess that we have to stick to package 3.1.6+ds-4 for a while. > > I've held all but one machine on 3.1.6+ds-4 but now need to revert the one > test machine. Aptitude is telling me there is only 3.1.6+ds-5. Can this > version be removed from the repository and 3.1.6+ds-4 reinstated, or do I just > have to manually grab the packages and install them? It is a building environment issue: I would build the debian package from source, and them install it. I have just submitted the issue to the debian-devel debian list (I CCed to you). As temporary solution, I can submit a package built from a local chroot environment. Jerome > -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B signature.asc Description: OpenPGP digital signature
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
Hi, > Try this: > > https://snapshot.debian.org/binary/firehol/ Thanks for the pointer. I run Approx, so I have the history of packages here anyway. The issue is whether I have to delve into it for manual installation, or whether the Debian Sid package can be rescinded. I suspect not, I think Debian is "the only direction is forward" which is fair enough. It sounds like usrmerge is becoming a Debian standard, so I might try it on that one machine. signature.asc Description: This is a digitally signed message part
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
On Tue, 13 Nov 2018, Russel Winder wrote: > > > It does not look as a solution anyway. > > And the issue does not seem to be a FireHOL issue. > > I guess that we have to stick to package 3.1.6+ds-4 for a while. > > I've held all but one machine on 3.1.6+ds-4 but now need to revert > the one test machine. Aptitude is telling me there is only > 3.1.6+ds-5. Can this version be removed from the repository and > 3.1.6+ds-4 reinstated, or do I just have to manually grab the > packages and install them? Try this: https://snapshot.debian.org/binary/firehol/ -- Cristian
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
> It does not look as a solution anyway. > And the issue does not seem to be a FireHOL issue. > I guess that we have to stick to package 3.1.6+ds-4 for a while. I've held all but one machine on 3.1.6+ds-4 but now need to revert the one test machine. Aptitude is telling me there is only 3.1.6+ds-5. Can this version be removed from the repository and 3.1.6+ds-4 reinstated, or do I just have to manually grab the packages and install them? signature.asc Description: This is a digitally signed message part
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
On 13/11/2018 12:24, Russel Winder wrote: > >> Package: usrmerge >> Description-en: Convert the system to the merged /usr directories scheme > > That seems like the beastie, and it is a once and for all time thing it seems. > I have not installed this. At least not as yet. I am hesitant to do this as it > is clearly not Debian Sid standard and it is not reversible. > > It does not look as a solution anyway. And the issue does not seem to be a FireHOL issue. I guess that we have to stick to package 3.1.6+ds-4 for a while. Jerome -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B signature.asc Description: OpenPGP digital signature
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
> Package: usrmerge > Description-en: Convert the system to the merged /usr directories scheme That seems like the beastie, and it is a once and for all time thing it seems. I have not installed this. At least not as yet. I am hesitant to do this as it is clearly not Debian Sid standard and it is not reversible. signature.asc Description: This is a digitally signed message part
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
On Tue, 13 Nov 2018, Jerome BENOIT wrote: > On 12/11/2018 22:42, Cristian Ionescu-Idbohrn wrote: > > You don't happen to have that "move everything from /bin, /sbin, /lib > > to /usr/..." package installed? > > Do know have the short name (or regular name) of this package ? I guess it's this I was referring to: Package: usrmerge Description-en: Convert the system to the merged /usr directories scheme -- Cristian
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
Hi, I found this: https://www.theregister.co.uk/2016/11/24/debian_testing_merged_codeusrcode/ but if it is standard in Debian Sid, I clearly do not have it switched on. signature.asc Description: This is a digitally signed message part
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
On 12/11/2018 22:42, Cristian Ionescu-Idbohrn wrote: > You don't happen to have that "move everything from /bin, /sbin, /lib > to /usr/..." package installed? Do know have the short name (or regular name) of this package ? Thanks in advance, Jerome -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B signature.asc Description: OpenPGP digital signature
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
On Mon, 12 Nov 2018, Russel Winder wrote: > > > Can you get te version og the ffirehol package ? > > |> dpkg -l *firehol* > Desired=Unknown/Install/Remove/Purge/Hold > | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend > |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) > ||/ Name Version Architecture Description > +++-=---= > iF firehol 3.1.6+ds-5 all easy to use but powerful > iptables stateful firewall (program) > ii firehol-common3.1.6+ds-5 all easy to use but powerful > traffic suite (common library) > ii firehol-doc 3.1.6+ds-5 all easy to use but powerful > iptables stateful firewall (docs) > un firehol-tools (no description available) > ii firehol-tools-doc 3.1.6+ds-5 all easy to use but powerful > traffic suite (extra tools docs) You don't happen to have that "move everything from /bin, /sbin, /lib to /usr/..." package installed? My test on the sysV system I use shows the only non-existing/not used variable in /usr/lib/firehol/install.config is: FIREHOL_SHARE_DIR="$DATAROOTDIR/firehol" that is: FIREHOL_SHARE_DIR=/usr/share/firehol -- Cristian
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
> Can you get te version og the ffirehol package ? |> dpkg -l *firehol* Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=---= iF firehol 3.1.6+ds-5 all easy to use but powerful iptables stateful firewall (program) ii firehol-common3.1.6+ds-5 all easy to use but powerful traffic suite (common library) ii firehol-doc 3.1.6+ds-5 all easy to use but powerful iptables stateful firewall (docs) un firehol-tools (no description available) ii firehol-tools-doc 3.1.6+ds-5 all easy to use but powerful traffic suite (extra tools docs) signature.asc Description: This is a digitally signed message part
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
On 12/11/2018 15:30, Russel Winder wrote: > Hi, > >> No assumption, everything is configured with configure.ac > > I was hoping it was generated rather than manual! :-) > >> I rebuilt the package in schroot environment , and the path for mktemp is >> correct. >> >> Can you determine from which package version the faulty install.config come >> from ? >> > > |> dpkg -S /usr/lib/firehol/install.config > firehol-common: /usr/lib/firehol/install.config > > |> dpkg -S /bin/mktemp > coreutils: /bin/mktemp > Can you get te version og the ffirehol package ? Jerome -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B signature.asc Description: OpenPGP digital signature
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
Hi, > No assumption, everything is configured with configure.ac I was hoping it was generated rather than manual! :-) > I rebuilt the package in schroot environment , and the path for mktemp is > correct. > > Can you determine from which package version the faulty install.config come > from ? > |> dpkg -S /usr/lib/firehol/install.config firehol-common: /usr/lib/firehol/install.config |> dpkg -S /bin/mktemp coreutils: /bin/mktemp signature.asc Description: This is a digitally signed message part
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
On 12/11/2018 13:32, Russel Winder wrote: > Hi, > >> It looks weird. >> >> Is MKTEMP_CMD defined as expected in /usr/lib/firehol/install.config ? >> > > |> grep -i mktemp /usr/lib/firehol/install.config > MKTEMP_CMD="/usr/bin/mktemp" > > I think the file assumes everything that isn't in /usr/sbin is in /usr/bin, > but Debian has mktemp in /bin not /usr/bin. No assumption, everything is configured with configure.ac I rebuilt the package in schroot environment , and the path for mktemp is correct. Can you determine from which package version the faulty install.config come from ? Thanks in advance, Jerome > -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B signature.asc Description: OpenPGP digital signature
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
Hi, > It looks weird. > > Is MKTEMP_CMD defined as expected in /usr/lib/firehol/install.config ? > |> grep -i mktemp /usr/lib/firehol/install.config MKTEMP_CMD="/usr/bin/mktemp" I think the file assumes everything that isn't in /usr/sbin is in /usr/bin, but Debian has mktemp in /bin not /usr/bin. signature.asc Description: This is a digitally signed message part
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
Hi Again, sorry for that. It looks weird. Is MKTEMP_CMD defined as expected in /usr/lib/firehol/install.config ? Jerome On 12/11/2018 12:36, Russel Winder wrote: > Package: firehol > Version: 3.1.6+ds-5 > Severity: important > > Dear Maintainer, > > The upgrade of firehol from 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol in a > broken state. > > > Setting up firehol (3.1.6+ds-5) ... > Job for firehol.service failed because the control process exited with error > code. > See "systemctl status firehol.service" and "journalctl -xe" for details. > invoke-rc.d: initscript firehol, action "restart" failed. > ● firehol.service - Firehol stateful packet filtering firewall for humans >Loaded: loaded (/lib/systemd/system/firehol.service; enabled; vendor > preset: enabled) >Active: failed (Result: exit-code) since Mon 2018-11-12 08:29:33 GMT; 4ms > ago > Docs: man:firehol(1) >man:firehol.conf(5) > Process: 7766 ExecStop=/usr/sbin/firehol stop (code=exited, > status=1/FAILURE) > Process: 7799 ExecStart=/usr/sbin/firehol start (code=exited, > status=1/FAILURE) > Main PID: 7799 (code=exited, status=1/FAILURE) > > Nov 12 08:29:33 lavaine systemd[1]: Starting Firehol stateful packet > filtering firewall for humans... > Nov 12 08:29:33 lavaine firehol[7799]: /usr/sbin/firehol: line 1043: > /usr/bin/mktemp: No such file or directory > Nov 12 08:29:33 lavaine firehol[7799]: ERROR: Cannot create temporary > directory in /var/run/firehol. Make sure you have a working mktemp. > Nov 12 08:29:33 lavaine systemd[1]: firehol.service: Main process exited, > code=exited, status=1/FAILURE > Nov 12 08:29:33 lavaine systemd[1]: firehol.service: Failed with result > 'exit-code'. > Nov 12 08:29:33 lavaine systemd[1]: Failed to start Firehol stateful packet > filtering firewall for humans. > dpkg: error processing package firehol (--configure): > installed firehol package post-installation script subprocess returned error > exit status 1 > > > I am assuming this is a script problem: > > > root@lavaine:~# ll /var/run/firehol > total 0 > drwx-- 2 root root 60 Nov 11 18:44 ./ > drwxr-xr-x 28 root root 780 Nov 12 08:30 ../ > -rw--- 1 root root 0 Nov 11 18:44 firehol.lck > > > root@lavaine:~# ll /usr/bin/mktemp > ls: cannot access '/usr/bin/mktemp': No such file or directory > > > root@lavaine:~# which mktemp > /bin/mktemp > > > -- System Information: > Debian Release: buster/sid > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: > LC_ALL set to en_GB.UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) (ignored: > LC_ALL set to en_GB.UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages firehol depends on: > ii firehol-common 3.1.6+ds-5 > ii lsb-base9.20170808 > > Versions of packages firehol recommends: > pn fireqos > > Versions of packages firehol suggests: > ii firehol-doc3.1.6+ds-5 > pn firehol-tools > pn ulogd2 > > -- Configuration Files: > /etc/firehol/firehol.conf changed [not included] > > -- no debconf information > -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B signature.asc Description: OpenPGP digital signature
Bug#913552: firehol: Firehol upgrade 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol broken
Package: firehol Version: 3.1.6+ds-5 Severity: important Dear Maintainer, The upgrade of firehol from 3.1.6+ds-4 to 3.1.6+ds-5 leaves firehol in a broken state. Setting up firehol (3.1.6+ds-5) ... Job for firehol.service failed because the control process exited with error code. See "systemctl status firehol.service" and "journalctl -xe" for details. invoke-rc.d: initscript firehol, action "restart" failed. ● firehol.service - Firehol stateful packet filtering firewall for humans Loaded: loaded (/lib/systemd/system/firehol.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Mon 2018-11-12 08:29:33 GMT; 4ms ago Docs: man:firehol(1) man:firehol.conf(5) Process: 7766 ExecStop=/usr/sbin/firehol stop (code=exited, status=1/FAILURE) Process: 7799 ExecStart=/usr/sbin/firehol start (code=exited, status=1/FAILURE) Main PID: 7799 (code=exited, status=1/FAILURE) Nov 12 08:29:33 lavaine systemd[1]: Starting Firehol stateful packet filtering firewall for humans... Nov 12 08:29:33 lavaine firehol[7799]: /usr/sbin/firehol: line 1043: /usr/bin/mktemp: No such file or directory Nov 12 08:29:33 lavaine firehol[7799]: ERROR: Cannot create temporary directory in /var/run/firehol. Make sure you have a working mktemp. Nov 12 08:29:33 lavaine systemd[1]: firehol.service: Main process exited, code=exited, status=1/FAILURE Nov 12 08:29:33 lavaine systemd[1]: firehol.service: Failed with result 'exit-code'. Nov 12 08:29:33 lavaine systemd[1]: Failed to start Firehol stateful packet filtering firewall for humans. dpkg: error processing package firehol (--configure): installed firehol package post-installation script subprocess returned error exit status 1 I am assuming this is a script problem: root@lavaine:~# ll /var/run/firehol total 0 drwx-- 2 root root 60 Nov 11 18:44 ./ drwxr-xr-x 28 root root 780 Nov 12 08:30 ../ -rw--- 1 root root 0 Nov 11 18:44 firehol.lck root@lavaine:~# ll /usr/bin/mktemp ls: cannot access '/usr/bin/mktemp': No such file or directory root@lavaine:~# which mktemp /bin/mktemp -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages firehol depends on: ii firehol-common 3.1.6+ds-5 ii lsb-base9.20170808 Versions of packages firehol recommends: pn fireqos Versions of packages firehol suggests: ii firehol-doc3.1.6+ds-5 pn firehol-tools pn ulogd2 -- Configuration Files: /etc/firehol/firehol.conf changed [not included] -- no debconf information