Bug#1013347: buster-pu: package postgresql-common/200+deb10u5
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ansgar@debian.org
Hi,
ftp-master has asked me to upload the fix for #933569 to buster, which
is what this upload is doing.
Failing dak test:
https://salsa.debian.org/ftp-team/dak/-/jobs/2731591#L3411
/usr/bin/pg_virtualenv: line 174: /tmp/pgpassword.wnVYr6: Permission denied
I've also cherry-picked the pg_virtualenv test that the buster package
did not have; the test verifies that the problem is gone.
Christoph
diff --git a/debian/changelog b/debian/changelog
index fa06ca4..fb31230 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+postgresql-common (200+deb10u5) buster; urgency=medium
+
+ * pg_virtualenv: Write temporary password file before chowning the file.
+ (Closes: #933569)
+ * t/135_pg_virtualenv.t: Import test from master.
+
+ -- Christoph Berg <myon@debian.org> Wed, 22 Jun 2022 13:11:44 +0200
+
postgresql-common (200+deb10u4) buster; urgency=medium
* t/170_extensions.t: Don't drop plpgsql before testing extensions.
diff --git a/pg_virtualenv b/pg_virtualenv
index 7329bc9..9bfbd10 100755
--- a/pg_virtualenv
+++ b/pg_virtualenv
@@ -91,6 +91,13 @@ shift $(($OPTIND - 1))
# if no command is given, open a shell
[ "${1:-}" ] || set -- ${SHELL:-/bin/sh}
+# generate a password
+if [ -x /usr/bin/pwgen ]; then
+ export PGPASSWORD=$(pwgen 20 1)
+else
+ export PGPASSWORD=$(dd if=/dev/urandom bs=1k count=1 2>/dev/null | md5sum - | awk '{ print $1 }')
+fi
+
# we are not root
if [ "$(id -u)" != 0 ]; then
NONROOT=1
@@ -114,6 +121,7 @@ if [ "${NONROOT:-}" ]; then
mkdir "$PGSYSCONFDIR" "$WORKDIR/log"
PWFILE="$PGSYSCONFDIR/pwfile"
LOGDIR="$WORKDIR/log"
+ echo "$PGPASSWORD" > "$PWFILE"
cleanup () {
set +e
@@ -141,6 +149,7 @@ else
export PGUSER="postgres"
PWFILE=$(mktemp -t pgpassword.XXXXXX)
+ echo "$PGPASSWORD" > "$PWFILE" # write password before chowning the file
chown postgres:postgres "$PWFILE"
cleanup () {
@@ -166,13 +175,6 @@ else
fi
# create postgres environments
-if [ -x /usr/bin/pwgen ]; then
- export PGPASSWORD=$(pwgen 20 1)
-else
- export PGPASSWORD=$(dd if=/dev/urandom bs=1k count=1 2>/dev/null | md5sum - | awk '{ print $1 }')
-fi
-echo "$PGPASSWORD" > "$PWFILE"
-
for v in $PG_VERSIONS; do
# create temporary cluster
# we chdir to / so programs don't throw "could not change directory to ..."
diff --git a/t/135_pg_virtualenv.t b/t/135_pg_virtualenv.t
new file mode 100644
index 0000000..1662e5b
--- /dev/null
+++ b/t/135_pg_virtualenv.t
@@ -0,0 +1,35 @@
+# check if pg_virtualenv runs ok, even under fakeroot
+
+use strict;
+use warnings;
+
+use lib 't';
+use TestLib;
+
+use Test::More tests => 12 * @MAJORS + 8;
+
+foreach my $v (@MAJORS) {
+ my $args = 'sh -c \'echo "id|$(id -un)"; psql -AtXxc "SELECT current_user"\'';
+ my $virtualenv = "pg_virtualenv -v $v $args";
+
+ $ENV{USER} = 'root';
+ like_program_out 'root', $virtualenv, 0, qr!id.root\ncurrent_user.postgres!, "running pg_virtualenv as root";
+ $ENV{USER} = 'postgres';
+ like_program_out 'postgres', $virtualenv, 0, qr!id.postgres\ncurrent_user.postgres!, "running pg_virtualenv as postgres";
+ $ENV{USER} = 'nobody';
+ like_program_out 'nobody', $virtualenv, 0, qr!id.nobody\ncurrent_user.nobody!, "running pg_virtualenv as nobody";
+
+ SKIP: {
+ skip "/usr/bin/fakeroot not available", 6 unless (-x "/usr/bin/fakeroot"); # CentOS doesn't have fakeroot
+ $ENV{USER} = 'root';
+ like_program_out 'root', "fakeroot $virtualenv", 0, qr!id.root\ncurrent_user.postgres!, "running fakeroot pg_virtualenv as root";
+ $ENV{USER} = 'postgres';
+ like_program_out 'postgres', "fakeroot $virtualenv", 0, qr!id.root\ncurrent_user.postgres!, "running fakeroot pg_virtualenv as postgres";
+ $ENV{USER} = 'nobody';
+ like_program_out 'nobody', "fakeroot $virtualenv", 0, qr!id.root\ncurrent_user.nobody!, "running fakeroot pg_virtualenv as nobody";
+ }
+}
+
+check_clean;
+
+# vim: filetype=perl
Reply to: