Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1

To: Julien Cristau <jcristau@debian.org>, 944538@bugs.debian.org
Subject: Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1
From: Antoine Beaupré <anarcat@debian.org>
Date: Sun, 24 Nov 2019 12:13:20 -0500
Message-id: <[🔎] 87v9r9nqof.fsf@angela.anarc.at>
Reply-to: Antoine Beaupré <anarcat@debian.org>, 944538@bugs.debian.org
In-reply-to: <[🔎] 20191123173425.GA6372@tomate.cristau.org>
References: <[🔎] 157348685887.21748.11114938639502046267.reportbug@curie.anarc.at> <[🔎] 20191123173425.GA6372@tomate.cristau.org> <[🔎] 157348685887.21748.11114938639502046267.reportbug@curie.anarc.at>

On 2019-11-23 18:34:25, Julien Cristau wrote:
> On Mon, Nov 11, 2019 at 10:40:58AM -0500, Antoine Beaupre wrote:
>> diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog ganeti-instance-debootstrap-0.16/debian/changelog
>> --- ganeti-instance-debootstrap-0.16/debian/changelog	2018-06-20 06:57:18.000000000 -0400
>> +++ ganeti-instance-debootstrap-0.16/debian/changelog	2019-11-01 19:01:50.000000000 -0400
>> @@ -1,3 +1,10 @@
>> +ganeti-instance-debootstrap (0.16-6.1) unstable; urgency=medium
>
> Version number and distribution don't look right.

Ah yes, that would be 0.16-6+deb10u1, right?

>> +
>> +  * Non-maintainer upload
>> +  * add patch to respect linux caps (Closes: #942114)
>> +
>> + -- Antoine Beaupré <anarcat@debian.org>  Fri, 01 Nov 2019 19:01:50 -0400
>> +
>>  ganeti-instance-debootstrap (0.16-6) unstable; urgency=medium
>>  
>>    * Bump Standards-Version to 4.1.4; no changes needed
>> diff -Nru ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
>> --- ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch	1969-12-31 19:00:00.000000000 -0500
>> +++ ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch	2019-11-01 19:01:50.000000000 -0400
>> @@ -0,0 +1,48 @@
>> +From cd34bcc48a2af92f484535b81fba2d46dad1dbb6 Mon Sep 17 00:00:00 2001
>> +From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
>> +Date: Thu, 10 Oct 2019 11:07:51 -0400
>> +Subject: [PATCH] respect Linux capabilities(7) in cache
>> +
>> +The default GNU tar configuration does not carry fancy extended
>> +attributes and that is where, among other things, stuff like Linux
>> +capabilities(7) are stored. This is kind of important because that's
>> +how ping(8) works for regular users.
>> +
>> +We shove --selinux and --acls in there while we're at it, because why
>> +not. We never know what the future might bring, and it seems
>> +silly *not* to create a complete archive.
>> +
>> +Note that --xattrs-include='*' is important because, by default, GNU
>> +tar will not include capabilities /even/ if --xattrs is specified on
>> +the commandline, see this bug report for details:
>> +
>
> I'm a bit uneasy about a blanket "include all", to be honest.  It's
> probably harmless since it's all coming straight out of debootstrap, but
> I'd have been happier with something like "include security.*" if that's
> what we expect to see.

What kind of problems would you expect with including too many ACLs?

A.

-- 
Qui vit sans folie n'est pas si sage qu'il croit.
                        - François de La Rochefoucauld

Reply to:

References:
- Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1
  - From: Antoine Beaupre <anarcat@debian.org>
- Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Re: Processed: found 939940 in 0.5.1+git20160404-1, tagging 939940, found 939950 in 5.0.0.2456-1, tagging 939950 ...
Next by Date: Bug#941907: marked as done (transition: ocaml)
Previous by thread: Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1
Next by thread: Request: removal of package lilo from testing
Index(es):
- Date
- Thread