Chances to obtain a freeze-exception for condor?
Dear release team,
I have uploaded an updated 'condor' package to experimental. It fixes
all remaining (user-relevant) annoyances of the current version in
testing. The fixes are only a few lines per bug, and they are only
changes in the packaging itself. The full diff to the version in testing
is attached. Here are the stats (most lines are comments/docs):
debian/changelog | 18 ++++++++++++++++++
debian/condor.links | 1 -
debian/condor.postinst | 24 ++++++++++++++++++++----
debian/condor_qsub | 3 +--
Bugs fixed are: #684667, #684879, and #678425 (none of them RC).
Would you allow for a freeze exception of an upload to unstable with these
changes (or any subset you would name)?
Thanks in advance,
Michael
--
Michael Hanke
http://mih.voxindeserto.de
diff --git a/debian/changelog b/debian/changelog
index 052d595..7d82e0b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+condor (7.8.2~dfsg.1-2) experimental; urgency=low
+
+ * Make postinst script more robust against missing config variables (Closes:
+ #684667). Patch is courtesy of Tim Cartwright.
+ * Disable Condor's file transfer mechanism for jobs submitted via
+ condor_qsub, because a shared filesystem is assumed for these jobs
+ (Closes: #684879).
+ * This time really remove dangling symlink /usr/sbin/condor -> ../bin/condor.
+ This file no longer exists (Closes: #678425).
+ * Support deployment scenario where the administrative 'condor' user is not
+ a local system user, but is shared (e.g. through LDAP) by all machines in a
+ Condor pool (see installation manual section 3.2). The condor package will
+ accept to run under an existing non-system user account named 'condor',
+ but only when that account is locked, i.e. not login is possible
+ (Closes: #684463).
+
+ -- Michael Hanke <mih@debian.org> Sun, 12 Aug 2012 19:20:35 +0200
+
condor (7.8.2~dfsg.1-1) unstable; urgency=high
* Upstream security release. Prevent an attacker who is manipulating
diff --git a/debian/condor.links b/debian/condor.links
deleted file mode 100644
index 50536d1..0000000
--- a/debian/condor.links
+++ /dev/null
@@ -1 +0,0 @@
-/usr/bin/condor /usr/sbin/condor
diff --git a/debian/condor.postinst b/debian/condor.postinst
index 04e4584..0cc4487 100755
--- a/debian/condor.postinst
+++ b/debian/condor.postinst
@@ -18,8 +18,7 @@ condor_debconf_cfg=/etc/condor/config.d/00debconf
condor_make_homedir() {
for dlabel in LOCAL_UNIV_EXECUTE CRED_STORE_DIR EXECUTE LOCK LOG SPOOL; do
- dname=$(condor_config_val $dlabel)
- if [ $? -eq 0 ]; then
+ if dname=$(condor_config_val $dlabel 2>/dev/null); then
mkdir -p $dname
chown -R $condor_user: $dname
else
@@ -165,8 +164,25 @@ case "$1" in
configure)
# according to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621833#119
# this should always work
- adduser --system --group --gecos "$condor_gecos" --home $condor_home \
- --disabled-password --disabled-login $condor_user --quiet
+ if ! adduser --system --group --gecos "$condor_gecos" --home $condor_home \
+ --disabled-password --disabled-login $condor_user --quiet 2>/dev/null; then
+ # the only time where it would fail, is when there is an existing
+ # non-system 'condor' user. This could happen e.g. in a heterogenous
+ # Condor pool (various OSes) where the adminstrative Condor user
+ # comes from LDAP and the home dir is shared across machines. This
+ # is a supported deployment scenario for Condor (see installation
+ # manual section 3.2)
+ # the only problem is the possibility to conflict with an actual
+ # "human" user with the same name, so only proceed when the
+ # respective user is locked down
+ SH=$(getent passwd | egrep '^condor:'| cut -d : -f 7)
+ if [ "$SH" = "/bin/false" -o "$SH" = "/usr/sbin/nologin" ]; then
+ echo "WARNING: Condor will be running under an existing non-system user account 'condor'."
+ else
+ echo "ERROR: Condor cannot run under unlocked non-system account 'condor'" 1>&2
+ exit 1
+ fi
+ fi
# make sure the config and home dir are complete
condor_local_cfg_template
condor_put_debconf_cfg
diff --git a/debian/condor_qsub b/debian/condor_qsub
index 4673456..078bd0c 100755
--- a/debian/condor_qsub
+++ b/debian/condor_qsub
@@ -338,8 +338,7 @@ submit_file=$(mktemp --tmpdir condor_qsub.XXXXXXXXXXXXX)
cat << EOT > $submit_file
# condor_qsub call: $@
universe = vanilla
-should_transfer_files = YES
-when_to_transfer_output = ON_EXIT
+should_transfer_files = NO
#log = $log_file
EOT
Reply to: