Your message dated Wed, 5 May 2010 00:16:04 +0200 with message-id <20100504221604.GD19526@resivo.wgnet.de> and subject line Re: Bug#580078: lintian: false positive for "init.d-script-missing-dependency-on-remote_fs /etc/init.d/cryptdisks: required start/stop" has caused the Debian Bug report #580078, regarding lintian: false positive for "init.d-script-missing-dependency-on-remote_fs /etc/init.d/cryptdisks: required start/stop" to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 580078: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580078 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: lintian: false positive for "init.d-script-missing-dependency-on-remote_fs /etc/init.d/cryptdisks: required start/stop"
- From: Jonas Meurer <jonas@freesources.org>
- Date: Mon, 3 May 2010 16:11:13 +0200
- Message-id: <[🔎] 20100503141107.GA3786@resivo.wgnet.de>
Package: lintian Version: 2.4.1 Severity: normal hey, cryptdisks and cryptdisks-early initscripts both need to be started before any (non-root) filesystem is mounted. still, i added a check for /usr/bin/id in the initscripts in order to warn normal users that they need root privileges when they execute the initscript. this causes four false positives for the cryptsetup package. the relevant code in the initscripts is: if [ -x "/usr/bin/id" ] && [ "$(/usr/bin/id -u)" != "0" ]; then log_warning_msg "$0 needs root privileges" exit 1 fi greetings, jonas -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-2-amd64-resivo (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages lintian depends on: ii binutils 2.20.1-8 The GNU assembler, linker and bina ii diffstat 1.47-1 produces graph of changes introduc ii dpkg-dev 1.15.7.1 Debian package development tools ii file 5.04-2 Determines file type using "magic" ii gettext 0.17-11 GNU Internationalization utilities ii intltool-debian 0.35.0+20060710.1 Help i18n of RFC822 compliant conf ii libapt-pkg-perl 0.1.24 Perl interface to libapt-pkg ii libclass-accessor-perl 0.34-1 Perl module that automatically gen ii libipc-run-perl 0.89-1 Perl module for running processes ii libparse-debianchangel 1.1.1-2 parse Debian changelogs and output ii libtimedate-perl 1.2000-1 collection of modules to manipulat ii liburi-perl 1.54-1 module to manipulate and access UR ii locales 2.10.2-7 Embedded GNU C Library: National L ii man-db 2.5.7-3 on-line manual pager ii perl [libdigest-sha-pe 5.10.1-12 Larry Wall's Practical Extraction lintian recommends no packages. Versions of packages lintian suggests: pn binutils-multiarch <none> (no description available) ii libtext-template-perl 1.45-1 Text::Template perl module ii man-db 2.5.7-3 on-line manual pager -- no debconf informationAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Raphael Geissert <geissert@debian.org>, 580078-done@bugs.debian.org
- Subject: Re: Bug#580078: lintian: false positive for "init.d-script-missing-dependency-on-remote_fs /etc/init.d/cryptdisks: required start/stop"
- From: Jonas Meurer <jonas@freesources.org>
- Date: Wed, 5 May 2010 00:16:04 +0200
- Message-id: <20100504221604.GD19526@resivo.wgnet.de>
- In-reply-to: <[🔎] 4be06a57.1408c00a.5b63.ffffc2cb@mx.google.com>
- References: <20100503141107.GA3786__37608.8738361888$1272898419$gmane$org@resivo.wgnet.de> <[🔎] 4be06a57.1408c00a.5b63.ffffc2cb@mx.google.com>
Hey, On 04/05/2010 Raphael Geissert wrote: > Jonas Meurer wrote: > > cryptdisks and cryptdisks-early initscripts both need to be started > > before any (non-root) filesystem is mounted. still, i added a check for > > /usr/bin/id in the initscripts in order to warn normal users that they > > need root privileges when they execute the initscript. > > First of all I'm curious as to why you are adding that check. Only a few, > rare, init scripts do that. > > I'm actually surprised that policy doesn't say a word about this. I don't > think there's any reason to introduce such a technical blockage (that can be > bypassed until the point where the special privileges are actually needed.) > > Russ, what do you think? (with your policy hat on :) > > > this causes four > > false positives for the cryptsetup package. > > > > the relevant code in the initscripts is: > > > > if [ -x "/usr/bin/id" ] && [ "$(/usr/bin/id -u)" != "0" ]; then > > log_warning_msg "$0 needs root privileges" > > exit 1 > > fi > > > > I would personally just drop that piece of code. I agree with you that the check for UID = 0 isn't useful in initscripts, they aren't meant to be invoked by normal system users (!= root) after all. i removed the checks, and this mail will close the bugreport. > The reason behind the check and the fact that it doesn't ignore such > conditional cases, is exactly that: there might be conditional, but desired, > cases that are not executed because the file system is not available because > of a mistake. > > Consider a case where the init script does this: > > # exit if removed but not purged: > [ -x /usr/sbin/some_daemon ] || exit 0 > > > Now, if the script doesn't have the proper dependency on $remote_fs chances > are that it will never do anything because it is executed too early. sounds reasonable, sorry for the noise. the other bugreport against lintian because of a false positive in cryptsetup (bug#580082) is valid in my eyes though. greetings, jonasAttachment: signature.asc
Description: Digital signature
--- End Message ---