[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#791837: marked as done (jessie-pu: package monkeysphere/0.37-2)

Your message dated Sat, 20 Feb 2016 22:13:06 +0000
with message-id <20160220221306.GP6200@betterave.cristau.org>
and subject line Re: Bug#791837: jessie-pu: package monkeysphere/0.37-2
has caused the Debian Bug report #791837,
regarding jessie-pu: package monkeysphere/0.37-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
791837: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791837
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

On some systems, #778833 appears to be repeatable and reliable, though
i do not control any systems like that.  I tried to fix it in 0.37-2,
and called for testing before the release of jessie, but heard no
feedback.  After the release of jessie, I found out that i had failed
to actually apply the patch in question, which means that it didn't
fix things for people who have machines that exhibit #778833.  0.37-3
does apparently fix things for those people.

Furthermore, the sshd_config settings suggested by
monkeysphere-authentication diagnostics can be improved for the
version of sshd in jesse, as noted upstream and in 0.37-3 (in
testing/unstable).

The debdiff between 0.37-2 and 0.37-3 (attached here) should improve
the situation for users of monkeysphere on jessie.  Is it OK to upload
0.37-3 as 0.37-2+deb8u1?  or should i more narrowly-target just
#778833 (a clear bug that prevents package installation on some
platforms) and leave jessie monkeysphere-authentication diagnostics
with subpotimal sshd_config suggestions?

Sorry for this hassle.

Regards,

        --dkg

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru monkeysphere-0.37/debian/changelog monkeysphere-0.37/debian/changelog
--- monkeysphere-0.37/debian/changelog	2014-11-27 15:01:49.000000000 -0500
+++ monkeysphere-0.37/debian/changelog	2015-05-06 23:30:56.000000000 -0400
@@ -1,3 +1,14 @@
+monkeysphere (0.37-3) unstable; urgency=medium
+
+  * actually patch log() to consume all stdin when not given a message
+    argument (apparently the fix in 0.37-2 did not get properly applied)
+    (Closes: #778833)
+  * also from usptream: improve monkeysphere-authentication diagnostic
+    checks.
+  * wrap-and-sort for a cleaner debian/
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Wed, 06 May 2015 23:14:57 -0400
+
 monkeysphere (0.37-2) unstable; urgency=medium
 
   * patch from upstream: log() should consume all stdin when not given a
diff -Nru monkeysphere-0.37/debian/control monkeysphere-0.37/debian/control
--- monkeysphere-0.37/debian/control	2014-11-27 15:01:33.000000000 -0500
+++ monkeysphere-0.37/debian/control	2015-05-06 23:30:02.000000000 -0400
@@ -3,33 +3,29 @@
 Priority: extra
 Maintainer: Jameson Rollins <jrollins@finestructure.net>
 Uploaders: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Build-Depends: debhelper (>= 9~),
- cpio,
- socat,
- openssh-server,
- gnupg (>= 1.4.10),
- libcrypt-openssl-rsa-perl,
- libdigest-sha-perl,
- lockfile-progs | procmail,
- openssl,
- bash (>= 3.2)
+Build-Depends: bash (>= 3.2),
+               cpio,
+               debhelper (>= 9~),
+               gnupg (>= 1.4.10),
+               libcrypt-openssl-rsa-perl,
+               libdigest-sha-perl,
+               lockfile-progs | procmail,
+               openssh-server,
+               openssl,
+               socat
 Standards-Version: 3.9.6
 Homepage: http://web.monkeysphere.info/
 Vcs-Git: git://git.monkeysphere.info/monkeysphere
 
 Package: monkeysphere
 Architecture: all
-Depends:
- gnupg (>= 1.4.10),
- libcrypt-openssl-rsa-perl,
- libdigest-sha-perl,
- lockfile-progs | procmail,
- adduser,
- ${misc:Depends}
-Recommends: netcat | socat,
- ssh-askpass,
- cron,
- openssh-client
+Depends: adduser,
+         gnupg (>= 1.4.10),
+         libcrypt-openssl-rsa-perl,
+         libdigest-sha-perl,
+         lockfile-progs | procmail,
+         ${misc:Depends}
+Recommends: cron, netcat | socat, openssh-client, ssh-askpass
 Suggests: monkeysphere-validation-agent
 Enhances: openssh-client, openssh-server
 Description: leverage the OpenPGP web of trust for SSH and TLS authentication
@@ -40,6 +36,6 @@
  for users to get validated host keys, and for hosts to authenticate
  users.  Current monkeysphere SSH tools are designed to integrate
  with the OpenSSH implementation of the Secure Shell protocol.
- . 
+ .
  Monkeysphere can also be used by a validation agent to validate TLS
  connections (e.g. https).
diff -Nru monkeysphere-0.37/debian/monkeysphere.dirs monkeysphere-0.37/debian/monkeysphere.dirs
--- monkeysphere-0.37/debian/monkeysphere.dirs	2014-11-27 14:51:28.000000000 -0500
+++ monkeysphere-0.37/debian/monkeysphere.dirs	2015-05-06 23:30:02.000000000 -0400
@@ -1,12 +1,12 @@
-var/lib/monkeysphere
+etc/X11
+etc/X11/Xsession.d
+etc/monkeysphere
 usr/bin
 usr/sbin
 usr/share
-usr/share/monkeysphere
 usr/share/man
 usr/share/man/man1
 usr/share/man/man7
 usr/share/man/man8
-etc/monkeysphere
-etc/X11
-etc/X11/Xsession.d
+usr/share/monkeysphere
+var/lib/monkeysphere
diff -Nru monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch
--- monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch	1969-12-31 19:00:00.000000000 -0500
+++ monkeysphere-0.37/debian/patches/0001-Always-consume-stdin-when-log-is-called-without-a-me.patch	2015-05-06 23:11:50.000000000 -0400
@@ -0,0 +1,56 @@
+From e7b1fd672161872c874cb2b28a7277ead47e4f0a Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Wed, 26 Nov 2014 19:35:24 -0500
+Subject: [PATCH 1/2] Always consume stdin when log is called without a message
+ argument
+
+See the discussion about this in https://bugs.debian.org/635711
+
+I'm hoping this will resolve the intermittent SIGPIPEs plaguing
+monkeysphere's postinst.
+
+I'm still unable to reproduce the problem.  If people who can
+reproduce the problem could try this patch and report back if it fixes
+things for them, that would be great.
+---
+ src/share/common | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/share/common b/src/share/common
+index e377ff3..2ea097e 100755
+--- a/src/share/common
++++ b/src/share/common
+@@ -38,6 +38,7 @@ log() {
+     local output
+     local alllevels
+     local found=
++    local written=
+ 
+     # don't include SILENT in alllevels: it's handled separately
+     # list in decreasing verbosity (all caps).
+@@ -50,6 +51,9 @@ log() {
+ 
+     # just go ahead and return if the log level is silent
+     if [ "$LOG_LEVEL" = 'SILENT' ] ; then
++        if [ ! "$2" ] ; then
++            cat >/dev/null
++        fi
+ 	return
+     fi
+ 
+@@ -81,8 +85,12 @@ log() {
+ 	    else
+ 		cat
+ 	    fi | sed 's/^/'"${LOG_PREFIX}"'/' >&2
++            written=true
+ 	fi
+     done
++    if [ "$written" != 'true' -a ! "$1" ]; then
++        cat >/dev/null
++    fi
+ }
+ 
+ # run command as monkeysphere user
+-- 
+2.1.4
+
diff -Nru monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch
--- monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch	2014-11-27 14:52:29.000000000 -0500
+++ monkeysphere-0.37/debian/patches/0001-consume-stdin-on-log.patch	1969-12-31 19:00:00.000000000 -0500
@@ -1,50 +0,0 @@
-commit e7b1fd672161872c874cb2b28a7277ead47e4f0a
-Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date:   Wed Nov 26 19:35:24 2014 -0500
-
-    Always consume stdin when log is called without a message argument
-    
-    See the discussion about this in https://bugs.debian.org/635711
-    
-    I'm hoping this will resolve the intermittent SIGPIPEs plaguing
-    monkeysphere's postinst.
-    
-    I'm still unable to reproduce the problem.  If people who can
-    reproduce the problem could try this patch and report back if it fixes
-    things for them, that would be great.
-
-diff --git a/src/share/common b/src/share/common
-index e377ff3..2ea097e 100755
---- a/src/share/common
-+++ b/src/share/common
-@@ -38,6 +38,7 @@ log() {
-     local output
-     local alllevels
-     local found=
-+    local written=
- 
-     # don't include SILENT in alllevels: it's handled separately
-     # list in decreasing verbosity (all caps).
-@@ -50,6 +51,9 @@ log() {
- 
-     # just go ahead and return if the log level is silent
-     if [ "$LOG_LEVEL" = 'SILENT' ] ; then
-+        if [ ! "$2" ] ; then
-+            cat >/dev/null
-+        fi
- 	return
-     fi
- 
-@@ -81,8 +85,12 @@ log() {
- 	    else
- 		cat
- 	    fi | sed 's/^/'"${LOG_PREFIX}"'/' >&2
-+            written=true
- 	fi
-     done
-+    if [ "$written" != 'true' -a ! "$1" ]; then
-+        cat >/dev/null
-+    fi
- }
- 
- # run command as monkeysphere user
diff -Nru monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch
--- monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch	1969-12-31 19:00:00.000000000 -0500
+++ monkeysphere-0.37/debian/patches/0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch	2015-05-06 23:11:50.000000000 -0400
@@ -0,0 +1,29 @@
+From 321b5dca3604699a1abd8e60cfcf196b005f60c7 Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Tue, 5 May 2015 12:11:00 -0400
+Subject: [PATCH 2/2] fix diagnostic check and recommendation for good
+ authorizedkeysfile in sshd_config
+
+---
+ src/share/ma/diagnostics | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/share/ma/diagnostics b/src/share/ma/diagnostics
+index abf207e..a59244a 100644
+--- a/src/share/ma/diagnostics
++++ b/src/share/ma/diagnostics
+@@ -122,9 +122,9 @@ echo "Checking for Monkeysphere-enabled public-key authentication for users ..."
+ # Ensure that User ID authentication is enabled:
+ if echo "AuthorizedKeysFile foo bar" | /usr/sbin/sshd -t -f /dev/stdin; then
+     # OpenSSH >= 6.0, multiple authorized_keys file supported
+-    if ! grep -q "^AuthorizedKeysFile[[:space:]]\+.*[[:space:]]\*${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then
++    if ! grep -q "^AuthorizedKeysFile[[:space:]]\+.*[[:space:]]*${SYSDATADIR}/authorized_keys/%u$" "$sshd_config"; then
+         echo "! $sshd_config does not point to monkeysphere authorized keys."
+-        echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 ${SYSDATADIR}/authorized_keys/%u'"
++        echo " - Recommendation: add a line to $sshd_config: 'AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys2 ${SYSDATADIR}/authorized_keys/%u'"
+         problemsfound=$(($problemsfound+1))
+     fi
+     if [ "$RAW_AUTHORIZED_KEYS" != none ]; then
+-- 
+2.1.4
+
diff -Nru monkeysphere-0.37/debian/patches/series monkeysphere-0.37/debian/patches/series
--- monkeysphere-0.37/debian/patches/series	1969-12-31 19:00:00.000000000 -0500
+++ monkeysphere-0.37/debian/patches/series	2015-05-06 23:13:51.000000000 -0400
@@ -0,0 +1,2 @@
+0001-Always-consume-stdin-when-log-is-called-without-a-me.patch
+0002-fix-diagnostic-check-and-recommendation-for-good-aut.patch

--- End Message ---
--- Begin Message --- 
On Tue, Jul 14, 2015 at 20:13:37 +0100, Adam D. Barratt wrote:

> Control: tags -1 + confirmed
> 
> On Wed, 2015-07-08 at 15:31 -0400, Daniel Kahn Gillmor wrote:
> > On some systems, #778833 appears to be repeatable and reliable, though
> > i do not control any systems like that.  I tried to fix it in 0.37-2,
> > and called for testing before the release of jessie, but heard no
> > feedback.  After the release of jessie, I found out that i had failed
> > to actually apply the patch in question, which means that it didn't
> > fix things for people who have machines that exhibit #778833.  0.37-3
> > does apparently fix things for those people.
> > 
> > Furthermore, the sshd_config settings suggested by
> > monkeysphere-authentication diagnostics can be improved for the
> > version of sshd in jesse, as noted upstream and in 0.37-3 (in
> > testing/unstable).
> 
> I'm not really very keen on wrap-and-sort applications in stable
> updates, as they introduce quite a bit of noise, but the patches
> themselves look okay; please feel free to go ahead with those.
> 
Looks like that upload's not happening.  Closing the bug.

Cheers,
Julien

--- End Message ---
Reply to: