[Debian-ha-maintainers] Bug#1042448: closed by Debian FTP Masters <ftpmaster at ftp-master.debian.org> (reply to Valentin Vidic <vvidic at debian.org>) (Bug#1042448: fixed in crmsh 4.5.0-1)

Florent Carli fcarli at gmail.com
Wed Oct 11 12:34:08 BST 2023 

Hello,

This bug report is about bookworm (stable) version, so the fact that it has
been fixed in unstable is nice, but should not resolve this.
Since it's about a real regression, I think this fix should be eligible for
a backport don't you think?

Thanks.


On Wed, Oct 11, 2023 at 12:21 AM Debian Bug Tracking System <
owner at bugs.debian.org> wrote:

> This is an automatic notification regarding your Bug report
> which was filed against the crmsh package:
>
> #1042448: crmsh: HA_GROUP permission regression after upgrading bullseye
> to bookworm
>
> It has been closed by Debian FTP Masters <ftpmaster at ftp-master.debian.org>
> (reply to Valentin Vidic <vvidic at debian.org>).
>
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Debian FTP Masters <
> ftpmaster at ftp-master.debian.org> (reply to Valentin Vidic <
> vvidic at debian.org>) by
> replying to this email.
>
>
> --
> 1042448: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042448
> Debian Bug Tracking System
> Contact owner at bugs.debian.org with problems
>
>
>
> ---------- Forwarded message ----------
> From: Debian FTP Masters <ftpmaster at ftp-master.debian.org>
> To: 1042448-close at bugs.debian.org
> Cc:
> Bcc:
> Date: Tue, 10 Oct 2023 22:19:34 +0000
> Subject: Bug#1042448: fixed in crmsh 4.5.0-1
> Source: crmsh
> Source-Version: 4.5.0-1
> Done: Valentin Vidic <vvidic at debian.org>
>
> We believe that the bug you reported is fixed in the latest version of
> crmsh, which is due to be installed in the Debian FTP archive.
>
> A summary of the changes between this version and the previous one is
> attached.
>
> Thank you for reporting the bug, which will now be closed.  If you
> have further comments please address them to 1042448 at bugs.debian.org,
> and the maintainer will reopen the bug report if appropriate.
>
> Debian distribution maintenance software
> pp.
> Valentin Vidic <vvidic at debian.org> (supplier of updated crmsh package)
>
> (This message was generated automatically at their request; if you
> believe that there is a problem with it please contact the archive
> administrators by mailing ftpmaster at ftp-master.debian.org)
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Tue, 10 Oct 2023 22:57:14 +0200
> Source: crmsh
> Architecture: source
> Version: 4.5.0-1
> Distribution: unstable
> Urgency: medium
> Maintainer: Debian HA Maintainers <
> debian-ha-maintainers at lists.alioth.debian.org>
> Changed-By: Valentin Vidic <vvidic at debian.org>
> Closes: 1042448 1044302
> Changes:
>  crmsh (4.5.0-1) unstable; urgency=medium
>  .
>    * New upstream version 4.5.0
>    * d/patches: refresh for new version
>    * d/tests: refresh for new version
>    * d/postinst: create a logging directory (Closes: #1042448)
>    * d/clean: remove generated files (Closes: #1044302)
>    * d/patches: add fix for ssh error
> Checksums-Sha1:
>  23a937b6ba05f7af5df655d919504d0fbdb9006a 2337 crmsh_4.5.0-1.dsc
>  8d0459c4be7346179236be43e009d8eadf37e988 1210069 crmsh_4.5.0.orig.tar.gz
>  f1040bde2b0bcfdd008e013b9c67562e480c696f 30856 crmsh_4.5.0-1.debian.tar.xz
>  1d7ab5a0e5c9f597468e2bde5075b6426f0f3bdf 6984
> crmsh_4.5.0-1_source.buildinfo
> Checksums-Sha256:
>  f7abb8c2ec6ca07af26b1d112c2a5d871ca3e5db45a742769a0037aae3d46444 2337
> crmsh_4.5.0-1.dsc
>  18fbed93d5cee530baabfba9e15c6d1f87465506515c8b7e660a1427fdf5801b 1210069
> crmsh_4.5.0.orig.tar.gz
>  f8e974329a682764b51fb34f1db75d8e7ecaab420453cdc92d33427fd0b16014 30856
> crmsh_4.5.0-1.debian.tar.xz
>  1093dae09b6544a708fd4c0f3faf093e370e33f71f67ed4e216f6a0c5403d00c 6984
> crmsh_4.5.0-1_source.buildinfo
> Files:
>  0256301652adfb4a56c0fb8a7cab4952 2337 admin optional crmsh_4.5.0-1.dsc
>  95c363ec7f7e8e6ffd244ddecbaff125 1210069 admin optional
> crmsh_4.5.0.orig.tar.gz
>  2e0663d6fdff1cfd53448436d344f244 30856 admin optional
> crmsh_4.5.0-1.debian.tar.xz
>  1b9d541cfb38c511931686392d771f7c 6984 admin optional
> crmsh_4.5.0-1_source.buildinfo
>
> -----BEGIN PGP SIGNATURE-----
>
> iQJGBAEBCgAwFiEExaW53cM9k/u2PWfIMofYmpfNqHsFAmUlyigSHHZ2aWRpY0Bk
> ZWJpYW4ub3JnAAoJEDKH2JqXzah7WugQAKVp8TCeDRjGEpnBmJgQfVqbE9YG0DKD
> k3Zmok3oJziZvAsmOJgFHIOKqihYZ9LdiEGMoTTSMkMch0zujpJW64BtksXmhruV
> EvgsbnQjZYikG13Py9hCb84nnKcAer+TSU5fIWRDpE0mzVk7HuqJxc01+82iWDIX
> mel82k7emDqh27NAXcEQ7zMaTSuSMYD3CoBvT1nyFSRSripSvkKOd5/elFDtNKYV
> tQx9j/JPlRGJrzuwkE3b65JP2cXQvsUG6M8mDgn48Pk7TtcVnhLMlWiVa3N/2yjJ
> V7XNx5/x771htaMKbNpN4mxZ2s7QYrs7OzS2TEB5gLz/PVS3DqpULBspQyZr+iDx
> qy8ThUKWSde9+j0uS02jTr/B090wCSnCGttiSV12CWY/yddIZjQRix0Hhqiphlts
> rV1SUbVuJZsR9VBfe+FYhmXrKWoOlPzyG9a4429nzEf5t/8dEzyy80M9yOfpKm61
> 5JBE9iMISWC/BpQyTvuOZydN4jayBXxyzslQnGjynbXUOXdjnva2VtEiUTdOZThG
> eo9orPWf51xaV9Cn35mutzCEjPYdK9EmDA4DY/OFmZTcysH/x659c4TOgS6qmms2
> WgKpHT83pmCCWnRrDhBYOM+ya0rq766j2C9VHuajmie4ISGnmv3O95Lq1aRzyO7a
> vYrmJiAEhnDx
> =GeLF
> -----END PGP SIGNATURE-----
>
>
> ---------- Forwarded message ----------
> From: Florent CARLI <fcarli at gmail.com>
> To: Debian Bug Tracking System <submit at bugs.debian.org>
> Cc:
> Bcc:
> Date: Fri, 28 Jul 2023 10:11:48 +0000
> Subject: crmsh: HA_GROUP permission regression after upgrading bullseye to
> bookworm
> Package: crmsh
> Version: 4.4.1-1
> Severity: normal
> X-Debbugs-Cc: fcarli at gmail.com
>
> Dear Maintainer,
>
> I encounter a regression with crmsh on debian12. On debian 11, I used
> to be able to issue crm commands with a standard user as long as it
> was a member of haclient group.
> On debian 12, this same user cannot use crm because of some chown that
> it's not allowed to do:
>
> virtu at virtu-elabo1:~$ id
> uid=1000(virtu) gid=1000(virtu)
> groups=1000(virtu),110(haclient),118(libvirt)
> virtu at virtu-elabo1:~$ crm status
> Traceback (most recent call last):
>   File "/usr/sbin/crm", line 31, in <module>
>     log.setup_logging()
>   File "/usr/lib/python3/dist-packages/crmsh/log.py", line 445, in
> setup_logging
>     shutil.chown(CRMSH_LOG_FILE, constants.HA_USER, constants.HA_GROUP)
>   File "/usr/lib/python3.11/shutil.py", line 1385, in chown
>     os.chown(path, _user, _group)
> PermissionError: [Errno 1] Operation not permitted:
> '/var/log/crmsh/crmsh.log'
>
>
> Ferenc Wágner did a first analysis and concluded that:
>
> it's a bug introduced in 4.4.0 by
> Fix: log: Change the log file owner as hacluster:haclient (bsc#1194619)
>
> https://github.com/ClusterLabs/crmsh/commit/b4ef13cd8c9a8c37f2bf671abb803b24d93125ee
>
> and fixed in 4.5.0 by
> fix: log: fail to open log file even if user is in haclient group
> (bsc#1204670)
>
> https://github.com/ClusterLabs/crmsh/commit/b4abe21d2fd55ced0f56baff5c4892a4826aa0f7
>
>
> Thanks.
> Florent.
>
>
> -- System Information:
> Debian Release: 12.1
>   APT prefers stable-updates
>   APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
> 'stable')
> Architecture: arm64 (aarch64)
>
> Kernel: Linux 5.15.49-linuxkit-pr (SMP w/5 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_OOT_MODULE, TAINT_RANDSTRUCT
> Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: unable to detect
>
> Versions of packages crmsh depends on:
> ii  gawk                 1:5.2.1-2
> ii  iputils-ping         3:20221126-1
> ii  pacemaker-cli-utils  2.1.5-1+deb12u1
> ii  python3              3.11.2-1+b1
> ii  python3-dateutil     2.8.2-2
> ii  python3-lxml         4.9.2-1+b1
> ii  python3-parallax     1.0.6-4
> ii  python3-yaml         6.0-3+b2
>
> Versions of packages crmsh recommends:
> ii  pacemaker  2.1.5-1+deb12u1
>
> Versions of packages crmsh suggests:
> pn  bash-completion    <none>
> pn  csync2             <none>
> pn  dmidecode          <none>
> pn  ocfs2-tools        <none>
> pn  openssh-server     <none>
> pn  parted             <none>
> pn  sbd                <none>
> pn  ufw                <none>
> ii  util-linux         2.38.1-5+b1
> pn  vim-addon-manager  <none>
>
> -- no debconf information
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-ha-maintainers/attachments/20231011/9f49e2b5/attachment.htm>

More information about the Debian-ha-maintainers mailing list