Bug#818698: does not convert crontabs correctly

Alexandre Detiste alexandre.detiste at gmail.com
Sun Mar 20 19:59:22 GMT 2016 

Le dimanche 20 mars 2016, 20:02:37 Michael Meskes a écrit :
> > And as systemd-cron is the only user of timers in Debian;
> > you're the first to notice; thanks !
> 
> Surprising, isn't it? Anyway, thanks for debugging.

fstrim did tried to ship a .timer but got immediatly struck down;
I did filed this bug against policy, but that's like a message in a bottle at the sea:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770440

The long-term goal is that systemd-cron would just do nothing if a matching native timer is present;
to allow for a smooth transition.

https://github.com/systemd-cron/systemd-cron/blob/master/src/bin/systemd-crontab-generator.py#L494

    CRONTAB_FILES = files('/etc/cron.d')
    for filename in CRONTAB_FILES:
        basename = os.path.basename(filename)
        if (os.path.exists('@unitdir@/%s.timer' % basename)
         or os.path.exists('/etc/systemd/system/%s.timer' % basename)):
            log(5, 'ignoring %s because native timer is present' % filename)
            continue

 
> > There's well an upload pending (need a sponsor)
> > to allow non-root to use crontab.
> 
> I can do that.

That would be great, I already had several nice sponsors;
but it would be even better if it's someone who does use the package.

I have DM rights, but this has to go through the NEW queue because of this change:

http://anonscm.debian.org/cgit/collab-maint/systemd-cron.git/commit/?id=a57c0640c2c60f7c73c878c583fb314cba7a0506
-Architecture: all
+Architecture: linux-any

This C setgid helper has been enabled for almost two years on Arch + Gentoo;
but having yet an other review of this security-sensitive code is always appreciated:

  https://github.com/systemd-cron/systemd-cron/blob/master/src/bin/crontab_setgid.c

Another option would be to split-out vixie crontab out of src:cron as a shared facility;
but I have no power there.

> > No, it's broken here to since update to v229.
> 
> Right. @systemd team, please include https://github.com/systemd/systemd
> /pull/2695, seems to fix it for me. 
> 
> > > I completely and strongly disagree. Did you see my follow-up email,
> > > it *never*  executed my foo job.

Ah, missed that one.

> > > It may be only serious, but it definitely is not fit for a release. 
> > Then systemd 229 is not fit for release.
>
> Indeed you're right imo.

This fix is not even list in upstream v230 changelog
not really serious.

Greets,

Alexandre Detiste 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20160320/6383a304/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list