--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: buster-pu: package ganeti-instance-debootstrap/0.16-6.1
- From: Antoine Beaupre <anarcat@debian.org>
- Date: Mon, 11 Nov 2019 10:40:58 -0500
- Message-id: <157348685887.21748.11114938639502046267.reportbug@curie.anarc.at>
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
ganeti-instance-debootstrap (GID) has a RC bug (grave) affecting
buster (#942114). I uploaded a minimal package to unstable to fix this
problem which has now trickled down into testing and that I think
would be important to include in the next point release.
The attached patch describes the current diff between stable and
testing. All it does is include a patch that changes the `tar` call to
store more information in the cache file so that "special" properties
(like capabilities) are properly stored across installs.
We've been running this patch in production for a few weeks at tor
without any problems.
A.
-- System Information:
Debian Release: 10.1
APT prefers stable-debug
APT policy: (500, 'stable-debug'), (500, 'stable'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru ganeti-instance-debootstrap-0.16/debian/changelog ganeti-instance-debootstrap-0.16/debian/changelog
--- ganeti-instance-debootstrap-0.16/debian/changelog 2018-06-20 06:57:18.000000000 -0400
+++ ganeti-instance-debootstrap-0.16/debian/changelog 2019-11-01 19:01:50.000000000 -0400
@@ -1,3 +1,10 @@
+ganeti-instance-debootstrap (0.16-6.1) unstable; urgency=medium
+
+ * Non-maintainer upload
+ * add patch to respect linux caps (Closes: #942114)
+
+ -- Antoine Beaupré <anarcat@debian.org> Fri, 01 Nov 2019 19:01:50 -0400
+
ganeti-instance-debootstrap (0.16-6) unstable; urgency=medium
* Bump Standards-Version to 4.1.4; no changes needed
diff -Nru ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch
--- ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch 1969-12-31 19:00:00.000000000 -0500
+++ ganeti-instance-debootstrap-0.16/debian/patches/respect-Linux-capabilities-7-in-cache.patch 2019-11-01 19:01:50.000000000 -0400
@@ -0,0 +1,48 @@
+From cd34bcc48a2af92f484535b81fba2d46dad1dbb6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
+Date: Thu, 10 Oct 2019 11:07:51 -0400
+Subject: [PATCH] respect Linux capabilities(7) in cache
+
+The default GNU tar configuration does not carry fancy extended
+attributes and that is where, among other things, stuff like Linux
+capabilities(7) are stored. This is kind of important because that's
+how ping(8) works for regular users.
+
+We shove --selinux and --acls in there while we're at it, because why
+not. We never know what the future might bring, and it seems
+silly *not* to create a complete archive.
+
+Note that --xattrs-include='*' is important because, by default, GNU
+tar will not include capabilities /even/ if --xattrs is specified on
+the commandline, see this bug report for details:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=771927
+---
+ create | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/create b/create
+index 607bab2..7526e71 100755
+--- a/create
++++ b/create
+@@ -83,7 +83,7 @@ if [ "$CLEAN_CACHE" -a -d "$CACHE_DIR" ]; then
+ fi
+
+ if [ -f "$CACHE_FILE" ]; then
+- tar xf "$CACHE_FILE" -C $TMPDIR
++ tar --acls --selinux --xattrs --xattrs-include='*' -x -f "$CACHE_FILE" -C $TMPDIR
+ else
+ if [ "$PROXY" ]; then
+ export http_proxy="$PROXY"
+@@ -109,7 +109,7 @@ else
+
+ if [ "$GENERATE_CACHE" = "yes" ]; then
+ TMP_CACHE=`mktemp "${CACHE_FILE}.XXXXXX"`
+- tar cf "$TMP_CACHE" -C $TMPDIR .
++ tar --acls --selinux --xattrs --xattrs-include='*' -c -f "$TMP_CACHE" -C $TMPDIR .
+ mv -f "$TMP_CACHE" "$CACHE_FILE"
+ fi
+ fi
+--
+2.20.1
+
diff -Nru ganeti-instance-debootstrap-0.16/debian/patches/series ganeti-instance-debootstrap-0.16/debian/patches/series
--- ganeti-instance-debootstrap-0.16/debian/patches/series 2018-06-20 06:57:18.000000000 -0400
+++ ganeti-instance-debootstrap-0.16/debian/patches/series 2019-11-01 19:01:50.000000000 -0400
@@ -1 +1,2 @@
+respect-Linux-capabilities-7-in-cache.patch
fix-sfdisk-BLKRRPART.patch
--- End Message ---
--- Begin Message ---
- To: Antoine Beaupre <anarcat@debian.org>, 944538-done@bugs.debian.org
- Subject: Re: Bug#944538: buster-pu: package ganeti-instance-debootstrap/0.16-6.1
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 10 Sep 2022 19:08:18 +0100
- Message-id: <89f2a62efffa2430319ba16ef6709547feb0fe6c.camel@adam-barratt.org.uk>
- In-reply-to: <157348685887.21748.11114938639502046267.reportbug@curie.anarc.at>
- References: <157348685887.21748.11114938639502046267.reportbug@curie.anarc.at>
On Mon, 2019-11-11 at 10:40 -0500, Antoine Beaupre wrote:
> ganeti-instance-debootstrap (GID) has a RC bug (grave) affecting
> buster (#942114). I uploaded a minimal package to unstable to fix
> this
> problem which has now trickled down into testing and that I think
> would be important to include in the next point release.
>
> The attached patch describes the current diff between stable and
> testing. All it does is include a patch that changes the `tar` call
> to
> store more information in the cache file so that "special" properties
> (like capabilities) are properly stored across installs.
>
Sorry we never got back to this.
The final point release for buster has now happened, so any further
updates to packages in buster will need to be handled via the LTS team.
I'm therefore going to close this request now.
Regards,
Adam
--- End Message ---