[Debian-ha-maintainers] Bug#1055036: bookworm-pu: package crmsh/4.4.1-1+deb12u1
Valentin Vidic
vvidic at debian.org
Sun Oct 29 21:16:25 GMT 2023
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: crmsh at packages.debian.org
Control: affects -1 + src:crmsh
[ Reason ]
As reported in #1042448, crmsh has a regression in the bookworm
release if the command is run by a non-root user.
[ Impact ]
Running the command as non-root user results in a permission error
while in Debian 11 this worked correctly:
PermissionError: [Errno 1] Operation not permitted: '/var/log/crmsh/crmsh.log'
[ Tests ]
Updated package was tested with autopkgtest and manually to check if the
permissions error is handled correctly by the command.
[ Risks ]
The change is simple and applied in the upstream and unstable
package for a while now.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Log file is now created by the postinst with the correct permissions
and the code is updated to not fail if the owner of the log file
cannot be updated (as in the case of non-root user).
diff -Nru crmsh-4.4.1/debian/changelog crmsh-4.4.1/debian/changelog
--- crmsh-4.4.1/debian/changelog 2023-03-03 22:48:41.000000000 +0100
+++ crmsh-4.4.1/debian/changelog 2023-10-29 20:46:13.000000000 +0100
@@ -1,3 +1,10 @@
+crmsh (4.4.1-1+deb12u1) bookworm; urgency=medium
+
+ * d/postinst: create a logging directory (Closes: #1042448)
+ * d/patches: add patch for log file error
+
+ -- Valentin Vidic <vvidic at debian.org> Sun, 29 Oct 2023 20:46:13 +0100
+
crmsh (4.4.1-1) unstable; urgency=medium
[ Bas Couwenberg ]
diff -Nru crmsh-4.4.1/debian/control crmsh-4.4.1/debian/control
--- crmsh-4.4.1/debian/control 2023-03-03 22:46:48.000000000 +0100
+++ crmsh-4.4.1/debian/control 2023-10-29 20:46:13.000000000 +0100
@@ -43,6 +43,7 @@
Breaks: pacemaker (<< 1.1.12)
Suggests:
bash-completion,
+ cluster-glue,
csync2,
dmidecode,
fdisk | util-linux (<< 2.29.2-3~),
diff -Nru crmsh-4.4.1/debian/crmsh.postinst crmsh-4.4.1/debian/crmsh.postinst
--- crmsh-4.4.1/debian/crmsh.postinst 1970-01-01 01:00:00.000000000 +0100
+++ crmsh-4.4.1/debian/crmsh.postinst 2023-10-29 20:46:13.000000000 +0100
@@ -0,0 +1,46 @@
+#!/bin/sh
+# postinst script for crmsh
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+ configure)
+ mkdir -p /var/log/crmsh
+ chown hacluster:haclient /var/log/crmsh
+ chmod 0775 /var/log/crmsh
+
+ touch /var/log/crmsh/crmsh.log
+ chown hacluster:haclient /var/log/crmsh/crmsh.log
+ chmod 0664 /var/log/crmsh/crmsh.log
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff -Nru crmsh-4.4.1/debian/crmsh.postrm crmsh-4.4.1/debian/crmsh.postrm
--- crmsh-4.4.1/debian/crmsh.postrm 1970-01-01 01:00:00.000000000 +0100
+++ crmsh-4.4.1/debian/crmsh.postrm 2023-10-29 20:46:13.000000000 +0100
@@ -0,0 +1,41 @@
+#!/bin/sh
+# postrm script for crmsh
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <overwriter>
+# <overwriter-version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ purge)
+ rm -rf /var/log/crmsh
+ ;;
+
+ remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff -Nru crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch
--- crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch 1970-01-01 01:00:00.000000000 +0100
+++ crmsh-4.4.1/debian/patches/0019-Fix-log-file-error.patch 2023-10-29 20:46:13.000000000 +0100
@@ -0,0 +1,52 @@
+From b4abe21d2fd55ced0f56baff5c4892a4826aa0f7 Mon Sep 17 00:00:00 2001
+From: nicholasyang <nicholas.yang at suse.com>
+Date: Tue, 25 Oct 2022 13:28:40 +0800
+Subject: [PATCH] fix: log: fail to open log file even if user is in haclient
+ group (bsc#1204670)
+
+The file had been created with umask 0022 in usual so that it was not
+group-writable.
+
+Call chown and chmod explicitly to fix it.
+---
+ crmsh/log.py | 21 ++++++++++-----------
+ 1 file changed, 10 insertions(+), 11 deletions(-)
+
+--- a/crmsh/log.py
++++ b/crmsh/log.py
+@@ -423,14 +423,6 @@
+ self.logger.info("offending xml: %s", xml)
+
+
+-def setup_directory_for_logfile():
+- """
+- Create log file's parent directory
+- """
+- _dir = os.path.dirname(CRMSH_LOG_FILE)
+- os.makedirs(_dir, exist_ok=True)
+-
+-
+ def setup_logging(only_help=False):
+ """
+ Setup log directory and loadding logging config dict
+@@ -439,10 +431,17 @@
+ if only_help:
+ LOGGING_CFG["handlers"]["file"] = {'class': 'logging.NullHandler'}
+ else:
+- setup_directory_for_logfile()
++ # dirname(CRMSH_LOG_FILE) should be created by package manager during installation
++ with open(CRMSH_LOG_FILE, 'a') as f:
++ try:
++ shutil.chown(CRMSH_LOG_FILE, group=constants.HA_GROUP)
++ os.fchmod(f.fileno(), 0o664)
++ shutil.chown(CRMSH_LOG_FILE, user=constants.HA_USER)
++ except PermissionError:
++ # The file has been open with O_APPEND, oo logging can write to it.
++ # Failing to change owner or mode is not a fatal error.
++ pass
+ logging.config.dictConfig(LOGGING_CFG)
+- if os.path.exists(CRMSH_LOG_FILE):
+- shutil.chown(CRMSH_LOG_FILE, constants.HA_USER, constants.HA_GROUP)
+
+
+ def setup_logger(name):
diff -Nru crmsh-4.4.1/debian/patches/series crmsh-4.4.1/debian/patches/series
--- crmsh-4.4.1/debian/patches/series 2023-03-03 22:48:18.000000000 +0100
+++ crmsh-4.4.1/debian/patches/series 2023-10-29 20:46:13.000000000 +0100
@@ -14,3 +14,4 @@
0018-Fix-python3-install.patch
getargspec.patch
spelling-errors.patch
+0019-Fix-log-file-error.patch
More information about the Debian-ha-maintainers
mailing list