[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1107402: marked as done (unblock: acct/6.6.4-6 (pre-approval))

Your message dated Wed, 18 Jun 2025 10:18:32 +0000
with message-id <E1uRpsG-005Lrx-0F@respighi.debian.org>
and subject line unblock acct
has caused the Debian Bug report #1107402,
regarding unblock: acct/6.6.4-6 (pre-approval)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1107402: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107402
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: acct@packages.debian.org
Control: affects -1 + src:acct
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package acct

[ Reason ]
To fix 'Severity: serious' bug #1074591 that will cause the removal of this
package from trixie if unaddressed.

The fix directly addresses the raised issue by adding conditionality to the use
of the new 'last' command and only using it in a compatible way.

The addition of a 'Recommends' on wtmpdb was widely requested and advised by
stakeholders on the BTS, Salsa MR and team mailing list.

The documentation updates and updated package description are necessary changes
to go with this fix in my view to ensure users are correctly informed (see
'impact').

Verbatim from the changelog:

  * Use wtmpdb last appropriately in monthly cron job. (Closes: #1074591)
    - only use last if present.
    - use new last to read the last month from wtmpdb database instead of
      failing to read an old wtmp file.
    - warn of limitations in analysis of old wtmp data.
  * Add 'Recommends: wtmpdb' for login accounting.
  * Update package description to be clear on limitations and use cases.
  * Add NEWS and update README on login accounting limitations.

[ Impact ]
 1. Missing command error from cron job if wtmpdb not installed (harmless but
    recurring).

 2. Bad command usage error from cron job if wtmpdb is installed
    (harmless but recurring).

 3. Excess login records reported beyond the last month in monthly report.
    This is bad because excess information draws attention away from the
    intended information.

 4. Not warned about potentially misleading (incomplete) security audit
    information in monthly wtmp report output.

 5. Not advised about changed suitability for user's use cases of package on
    upgrade.

 6. Not advised about limitations of package on new installation.

[ Tests ]
Manual tests performed: cron script works as expected
  * Install with wtmpdb present
  * Upgrade with wtmpdb present
  * Upgrade with wtmpdb not present
  * Upgrade with wtmpdb not present (--no-install-recommends)
  * Install with no wtmpdb present

[ Risks ]

 1. Introduction of errors in script change
    - no regressions on shell check
    - mitigated with manual testing
    - likely limited harm if an error is introduced

 2. Unintended consequences of new 'Recommends:'
    - wtmpdb is a 'standard' package

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
This is a pre-approval request. The changes have been merged in Salsa by a team
member with the intention of sponsoring an upload upon approval.

Thank you!

unblock acct/6.6.4-6


diff -Nru acct-6.6.4/debian/acct.cron.monthly acct-6.6.4/debian/acct.cron.monthly
--- acct-6.6.4/debian/acct.cron.monthly	2022-05-15 12:55:10.000000000 +0100
+++ acct-6.6.4/debian/acct.cron.monthly	2025-06-06 23:24:07.000000000 +0100
@@ -39,11 +39,10 @@
 
 			gunzip -c /var/log/wtmp.1.gz > "${WTMP}"
 		fi
-        echo "Data contained in rotated wtmp file." >> /var/log/wtmp.report
+        echo "Data contained in rotated wtmp file [*]:" >> /var/log/wtmp.report
         echo >> /var/log/wtmp.report
 		ac -f "${WTMP}" -p | sort -nr -k2 >> /var/log/wtmp.report
 		echo >> /var/log/wtmp.report
-		last -f "${WTMP}" >> /var/log/wtmp.report
 
 		if [ -n "${WTMP_WAS_GZIPPED}" ]
 		then
@@ -51,11 +50,17 @@
 			rm -f "${WTMP}"
 		fi
 fi
-        echo "Data contained in current wtmp file:" >> /var/log/wtmp.report
-		ac -p | sort -nr -k2 >> /var/log/wtmp.report
-		echo >> /var/log/wtmp.report
-		last >> /var/log/wtmp.report
-
+if test -f /var/log/wtmp; then
+	echo "Data contained in current wtmp file [*]:" >> /var/log/wtmp.report
+	ac -p | sort -nr -k2 >> /var/log/wtmp.report
+	echo >> /var/log/wtmp.report
+	printf "[*] data contained in legacy wtmp files is likely to be absent or incomplete\n\n" >> /var/log/wtmp.report
+fi
+if test -x /usr/bin/last; then
+	echo "Data contained in wtmpdb database:" >> /var/log/wtmp.report
+	month_ago="$(date --date='1 month ago' +%Y%m%d%H%M%S)"
+	last -s "$month_ago" >> /var/log/wtmp.report
+fi
 
 chown root:adm /var/log/wtmp.report
 chmod 640 /var/log/wtmp.report
diff -Nru acct-6.6.4/debian/changelog acct-6.6.4/debian/changelog
--- acct-6.6.4/debian/changelog	2022-05-15 12:55:10.000000000 +0100
+++ acct-6.6.4/debian/changelog	2025-06-07 07:57:39.000000000 +0100
@@ -1,3 +1,19 @@
+acct (6.6.4-6) unstable; urgency=medium
+
+  * Team upload.
+
+  [ Andrew Bower ]
+  * Use wtmpdb last appropriately in monthly cron job. (Closes: #1074591)
+    - only use last if present.
+    - use new last to read the last month from wtmpdb database instead of
+      failing to read an old wtmp file.
+    - warn of limitations in analysis of old wtmp data.
+  * Add 'Recommends: wtmpdb' for login accounting.
+  * Update package description to be clear on limitations and use cases.
+  * Add NEWS and update README on login accounting limitations.
+
+ -- Andrew Bower <andrew@bower.uk>  Sat, 07 Jun 2025 07:57:39 +0100
+
 acct (6.6.4-5) unstable; urgency=medium
 
   * Add bug tracking field in upstream metadata.
diff -Nru acct-6.6.4/debian/control acct-6.6.4/debian/control
--- acct-6.6.4/debian/control	2022-05-15 12:55:10.000000000 +0100
+++ acct-6.6.4/debian/control	2025-06-06 23:24:07.000000000 +0100
@@ -14,12 +14,16 @@
 Architecture: any
 Depends: ${misc:Depends}, ${shlibs:Depends}, lsb-base
 Pre-Depends: ${misc:Pre-Depends}
+Recommends:
+ wtmpdb,
 Description: GNU Accounting utilities for process and login accounting
  GNU Accounting Utilities is a set of utilities which reports and summarizes
- data about user connect times and process execution statistics.
+ data about process execution statistics and user connect times.
  .
- "Login accounting" provides summaries of system resource usage based on connect
- time, and "process accounting" provides summaries based on the commands
- executed on the system.
+ "Process accounting" provides summaries of system resource usage based on the
+ commands executed on the system. "Login accounting" provides summaries of
+ system resource usage based on connect time.
  .
- The 'last' command is provided by the util-linux package and not included here.
+ The 'last' command is provided by the wtmpdb package and not included here.
+ The 'ac' login accounting tool is not effective on current Debian systems
+ since the transition to wtmpdb but can be used for forensic purposes.
diff -Nru acct-6.6.4/debian/NEWS acct-6.6.4/debian/NEWS
--- acct-6.6.4/debian/NEWS	1970-01-01 01:00:00.000000000 +0100
+++ acct-6.6.4/debian/NEWS	2025-06-06 23:35:09.000000000 +0100
@@ -0,0 +1,15 @@
+acct (6.6.4-6) unstable; urgency=medium
+
+  The login accounting tool 'ac' is no longer effective on Debian systems
+  since trixie because of the transition from recording system login records
+  in /var/log/wtmp to the wtmpdb database. The tools in this package only
+  understand login records in the utmp(5) format used for /var/log/wtmp and
+  not wtmpdb databases. They can still be used for forensic purposes
+  against files from systems that do store utmp-format logs.
+
+  The process accounting capabilities of this package are still functional.
+
+  It is recommended to install the 'wtmpdb' and 'libpam-wtmpdb' packages for
+  login accounting on the running system.
+
+ -- Andrew Bower <andrew@bower.uk>  Fri, 06 Jun 2025 19:46:58 +0100
diff -Nru acct-6.6.4/debian/README.Debian acct-6.6.4/debian/README.Debian
--- acct-6.6.4/debian/README.Debian	2022-05-15 12:55:10.000000000 +0100
+++ acct-6.6.4/debian/README.Debian	2025-06-06 23:24:07.000000000 +0100
@@ -1,20 +1,9 @@
 acct for Debian
---------------
+---------------
 
-Logrotate no longer rotates the wtmp file on a monthly basis.
-Instead, it checks it monthly but only rotate it when it exceeds 1 MB.
-Only one rotated log file is kept.
+The login accounting facilities in 'acct' are not effective on systems like
+current Debian versions that use the wtmpdb database instead of utmp(5) format
+logs in /var/log/wtmp but are suitable for forensic use on utmp files from
+relevant systems.
 
-In the past, logrotate rotated wtmp on a monthly basis and was executed just
-before the cron job that creates the monthly report. In this way, the report
-was based on a newly created wtmp file an was always empty.
-
-Previous mantainers partially solved this issue by using the freshly rotated
-wtmp.1 or wtmp.1.gz files as input for the last and ac commands.
-
-To avoid any loss of information, the script checks the existence
-from wtmp.1 or wtmp.1.gz, processes it, and then also processes wtmp.
-In this way, you will always have all the info that is present on your
-system in the monthly report.
-
- -- Marcos Fouces <marcos@debian.org>  Tue, 17 Mar 2020 20:31:56 +0100
+ -- Andrew Bower <andrew@bower.uk>  Fri, 06 Jun 2025 19:51:58 +0100

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Unblocked acct.

--- End Message ---
Reply to: