Your message dated Mon, 30 May 2011 23:02:31 +0000
with message-id <[email protected]>
and subject line Bug#537073: fixed in cron 3.0pl1-117
has caused the Debian Bug report #537073,
regarding cron: unnecessary dependency on lockfile-progs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
537073: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537073
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cron
Version: 3.0pl1-106
Severity: minor
Tags: patch
As has been mentioned in other bugreports (#485452, #535227), the
use of lockfile-progs by /etc/cron.daily/standard introduces an
unnecessary dependency on a low-Priority package, pulling it in by
default on every Debian install, even though you could get the same
functionality more easily via coreutils these days.
I attach three different sh scripts:
* flockdemo - which just shows how it works;
* standard.daily - a minimal modification of the cronjob;
* rewrite - a thoroughgoing reimplementation.
That third one is just there because I couldn't help myself - it has
extra features such as recognising ext4, but it deliberately changes
more or less every line and probably isn't suitable for use.
I also attach a patch that covers the minimal-change version plus
corresponding edits to the control file, removing the unnecessary
"Recommends: lockfile-progs" and the corresponding paragraph of the
package description. It should also fix bugs #179629 and #478967,
though not bug #333837.
Further comments on the standard cronjobs:
------------------------------------------
First, "/etc/cron.monthly/standard" has been empty for most of a
decade. Now would be a good time to get rid of it.
Second, the names of these cronjobs contravene a "should" in Debian
Policy 9.5, where it defines the namespace for these files:
# If a package wants to install a job that has to be executed via
# cron, it should place a file with the name of the package in one
# or more of the following directories:
Even anacron, which can't use plain "anacron", gets as close as it
can with "0anacron". So the one remaining standard cronjob should
be named "/etc/cron.daily/cron", leaving the namespace clear in case
a package ever turns up named "standard".
Third, I agree with bug #473711: it's pointless to have every single
Debian machine spinning up every single hard disk to check the
status of lost+found directories every single day. Corrupted file
systems don't surreptitiously fsck themselves - doing the check more
often than once per boot is only going to be useful if the sysadmin
performs crucial system rescue procedures without paying attention,
and if you're going to assume that, you need to do a lot more kinds
of check! IMHO this task should belong to initscripts; if that's
too much trouble it could at least be factored out into a script
(something like "/sbin/chklost+found") so that it can be called both
@reboot and @daily.
--
JBR
Ankh kak! (Ancient Egyptian blessing)
#!/bin/sh
FLOCK=~/lock # or whatever; not somewhere world-writable
umask 066 # don't let anyone else get a read-lock
: > $FLOCK # always recreate it in case it's on a tmpfs
exec < $FLOCK # use STDIN, don't interfere with output
if ! flock -n 0; then
echo 'Failed to acquire lock'
exit 1
fi
echo 'Running - now launch another to demonstrate collisions'
sleep 5
echo 'Finished' # $FLOCK automatically released
#!/bin/sh
# /etc/cron.daily/standard: standard daily maintenance script
# Written by Ian A. Murdock <[email protected]>
# Modified by Ian Jackson <[email protected]>
# Modified by Steve Greenland <[email protected]>
# Start in the root filesystem, make SElinux happy
cd /
bak=/var/backups
LOCKFILE=/var/lock/cron.daily
#
# Avoid running more than one at a time
#
umask 066
: > $LOCKFILE
exec < $LOCKFILE
if ! flock -n 0; then
cat <<EOF
Unable to run /etc/cron.daily/standard because lockfile $LOCKFILE
acquisition failed. This probably means that the previous day's
instance is still running. Please check and correct if necessary.
EOF
exit 1
fi
umask 022
#
# Backup key system files
#
if cd $bak ; then
cmp -s passwd.bak /etc/passwd || (cp -p /etc/passwd passwd.bak &&
chmod 600 passwd.bak)
cmp -s group.bak /etc/group || (cp -p /etc/group group.bak &&
chmod 600 group.bak)
if [ -f /etc/shadow ] ; then
cmp -s shadow.bak /etc/shadow || (cp -p /etc/shadow shadow.bak &&
chmod 600 shadow.bak)
fi
if [ -f /etc/gshadow ] ; then
cmp -s gshadow.bak /etc/gshadow || (cp -p /etc/gshadow gshadow.bak &&
chmod 600 gshadow.bak)
fi
fi
if cd $bak ; then
if ! cmp -s dpkg.status.0 /var/lib/dpkg/status ; then
cp -p /var/lib/dpkg/status dpkg.status
savelog -c 7 dpkg.status >/dev/null
fi
fi
#
# Check to see if any files are in lost+found directories and warn admin
#
# Get a list of the (potential) ext2, ext3 and xfs l+f directories
# Discard errors, for systems not using any of these.
df -P --type=ext2 --type=ext3 --type=xfs 2>/dev/null |
awk '/\/dev\// { print }' | sed -e 's/ [[:space:]]*/ /g' |
while read mount block used avail perc mp; do
[ "$mp" = "/" ] && mp=""
echo "$mp/lost+found"
done |
while read lfdir; do
# In each directory, look for files
if [ -d "$lfdir" ] ; then
more_lost_found=`ls -1 "$lfdir" | grep -v 'lost+found$' | sed 's/^/
/'`
if [ -n "$more_lost_found" ] ; then
lost_found="$lost_found
$lfdir:
$more_lost_found"
# NOTE: above weird line breaks in string are intentional!
fi
else
no_lost_found="$no_lost_found
$lfdir"
fi
done
# NOTE: This might need to be configurable if systems abound
# w/o lost+found out there to prevent giving out this warning
# every day.
if [ -n "$lost_found" ]; then
cat << EOF
Files were found in lost+found directories. This is probably
the result of a crash or bad shutdown, or possibly of a disk
problem. These files may contain important information. You
should examine them, and move them out of lost+found or delete
them if they are not important.
The following files were found:
$lost_found
EOF
fi
if [ -n "$no_lost_found" ]; then
cat << EOF
Some local filesystems do not have lost+found directories. This
means that these filesystems will not be able to recover
lost files when the filesystem is checked after a crash.
Consider creating a lost+found directory with mklost+found(8).
The following lost+found directories were not available:
$no_lost_found
EOF
fi
#!/bin/sh
#--------------------------------------------------------------------#
# Preparation
cd / # to keep SElinux happy
. /etc/default/cron # for NO_* variables
#--------------------------------------------------------------------#
# Prevent overlapping runs
FLOCK=/var/lock/cron
if ! test "$NO_FLOCK" # maybe you've got Lenny coreutils
then umask 066 # (only affects the following line)
: > $FLOCK
exec < $FLOCK
if ! flock -n 0
then echo "
Acquisition of lockfile $FLOCK failed - cronjob aborting.
This probably means that the previous instance is still running.
Please check and correct if necessary.
"
exit 1
fi
fi
#--------------------------------------------------------------------#
# Back up key system files
if test "$NO_BACKUPS" # if every MB of space is precious
then :
elif cd /var/backups
then for FILE in passwd group shadow gshadow
do test -f "/etc/$FILE" || continue
cmp -s $FILE.bak /etc/$FILE && continue
cp -p /etc/$FILE $FILE.bak || continue
chmod 0600 $FILE.bak
done
for FILE in /var/lib/dpkg/status
do cmp -s $FILE dpkg.status.0 && continue
cp -p $FILE dpkg.status || continue
savelog -m 644 -c 7 dpkg.status >&-
done
fi
#--------------------------------------------------------------------#
# Check lost+found directories
test "$NO_CHECK_LF" && exit 0 # advisable on e.g. all-JFS systems
LF=lost+found # vary to debug!
NEWLINE='
'
exec < /etc/mtab
while read DEV MP FS
do case $DEV in
/dev/*) ;;
*) continue ;;
esac
case $FS in
ext*|xfs) ;;
*) continue ;;
esac
test "$MP" = '/' && MP=''
if ! test -d "$MP/$LF"
then MISSING="$MISSING$NEWLINE $MP/$LF"
elif cd "$MP/$LF" 2>&-
then for NAME in *
do test "$NAME" = '*' && continue
LIST="$LIST$NEWLINE $NAME"
done
test "$LIST" || continue
CONTENTS="$CONTENTS$NEWLINE $MP/$LF:$LIST"
else echo "Can't access $MP/$LF"
fi
done
#--------------------------------------------------------------------#
# Report findings if any
if test "$MISSING"
then echo "
Some local file systems lack a $LF directory. This means if the
file system is damaged and needs to be repaired, fsck will not have
anywhere to put stray files for recovery. You should consider creating
a $LF directory with mk$LF(8).
The following $LF directories were not available:
$MISSING"
fi
if test "$CONTENTS"
then echo "
Items were found in $LF directories. This is probably the result
of a crash or bad shutdown, or possibly of a disk problem. You should
examine them to see if they contain important information, and either
retrieve them from $LF or delete them.
The following items were found:
$CONTENTS"
fi
#--------------------------------------------------------------------#
# The End
exit 0
#--------------------------------------------------------------------#diff -ru cron-3.0pl1.pristine/debian/control cron-3.0pl1/debian/control
--- cron-3.0pl1.pristine/debian/control 2009-06-30 18:58:02.000000000 +0100
+++ cron-3.0pl1/debian/control 2009-07-11 21:58:27.000000000 +0100
@@ -9,7 +9,7 @@
Package: cron
Architecture: any
Depends: ${shlibs:Depends}, debianutils (>=1.7), adduser, lsb-base (>= 3.0-10)
-Recommends: exim4 | postfix | mail-transport-agent, lockfile-progs
+Recommends: exim4 | postfix | mail-transport-agent
Suggests: anacron (>=2.0-1), logrotate, checksecurity
Conflicts: suidmanager (<< 0.50), lockfile-progs (<< 0.1.7)
Provides:
@@ -31,7 +31,3 @@
maintenance tasks, such as ensuring creating copying key system files.
Additional maintenance tasks are available on external packages, such as
'checksecurity'
- .
- The lockfile-progs package is recommended as it will prevent
- /etc/cron.daily/standard from running multiple
- times if something gets jammed.
diff -ru cron-3.0pl1.pristine/debian/standard.daily cron-3.0pl1/debian/standard.daily
--- cron-3.0pl1.pristine/debian/standard.daily 2009-06-30 18:58:02.000000000 +0100
+++ cron-3.0pl1/debian/standard.daily 2009-07-13 11:51:34.000000000 +0100
@@ -8,15 +8,15 @@
cd /
bak=/var/backups
LOCKFILE=/var/lock/cron.daily
-umask 022
#
# Avoid running more than one at a time
#
-if [ -x /usr/bin/lockfile-create ] ; then
- lockfile-create $LOCKFILE
- if [ $? -ne 0 ] ; then
+umask 066
+: > $LOCKFILE
+exec < $LOCKFILE
+if ! flock -n 0; then
cat <<EOF
Unable to run /etc/cron.daily/standard because lockfile $LOCKFILE
@@ -24,13 +24,9 @@
instance is still running. Please check and correct if necessary.
EOF
- exit 1
- fi
-
- # Keep lockfile fresh
- lockfile-touch $LOCKFILE &
- LOCKTOUCHPID="$!"
+ exit 1
fi
+umask 022
#
# Backup key system files
@@ -112,11 +108,3 @@
$no_lost_found
EOF
fi
-
-#
-# Clean up lockfile
-#
-if [ -x /usr/bin/lockfile-create ] ; then
- kill $LOCKTOUCHPID
- lockfile-remove $LOCKFILE
-fi
--- End Message ---
--- Begin Message ---
Source: cron
Source-Version: 3.0pl1-117
We believe that the bug you reported is fixed in the latest version of
cron, which is due to be installed in the Debian FTP archive:
cron_3.0pl1-117.diff.gz
to main/c/cron/cron_3.0pl1-117.diff.gz
cron_3.0pl1-117.dsc
to main/c/cron/cron_3.0pl1-117.dsc
cron_3.0pl1-117_i386.deb
to main/c/cron/cron_3.0pl1-117_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Kastner <[email protected]> (supplier of updated cron package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 08 May 2011 01:21:15 +0200
Source: cron
Binary: cron
Architecture: source i386
Version: 3.0pl1-117
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <[email protected]>
Changed-By: Christian Kastner <[email protected]>
Description:
cron - process scheduling daemon
Closes: 478967 537073 578856 579640 609780 615855 622645 625491 625493 625495
627859
Changes:
cron (3.0pl1-117) unstable; urgency=low
.
* Makefile:
- Fixed integration of cron-internal debug code into the package building
process. Instead of having to modify debian/rules, this can now driven by
DEB_BUILD_OPTIONS=debug
- Removed hard-coded compiler flags, honoring those provided by
dpkg-buildflags instead
* do_command.c:
- When logging the end of cron jobs, log the PID of the actually exec'ed
user command, not the PID of the parent. Closes: #609780
* database.c:
- Split crontab security checks (type, owner, mode, links) into separate
tests with individual error messages instead of the cryptic message
"WRONG INODE INFO". Closes: #625493
- Extended the ability to recover from broken symlinks (added in -110) to
also recover from failed security checks above. Fixes to these were not
being detected as cron only looks at mtime. Closes: #625495
- Also recover from syntax errors. Fixes to these did change mtime, but
were ignored as cron permanently removes broken crontabs from its
database of files to check. Closes: #627859
* cron.8:
- Documented the fact that /etc/crontab and files in /etc/cron.d must not
be group- or other-writable. Closes: #625491, LP: #741979
* crontab.5:
- Specify parse order of crontabs (thanks, Jonathan Amery). Closes: #622645
* debian/control:
- Bumped Standards-Version to 3.9.2 (no changes needed)
- Added missing Build-Depends on libaudit-dev
- Removed Conflicts for nonexistent package suidmanager
- Removed Conflicts for lockfile-progs (which should have been a Breaks
anyway) as we no longer rely on it, we use flock from util-linux instead
- Changed architecture-specific Build-Depends on libselinux1-dev to
linux-any instead of negating all other OSes
* debian/cron.default:
- Merged the LSBNAMES option with EXTRA_OPTS. Both where used to pass
options to the daemon, making one of them redundant
- Added the ability to disable the daily lost+found check by setting the
new variable CHECK_LOSTFOUND to "no". Closes: #579640
* debian/cron.init:
- Don't call start-stop-daemon directly, use LSB init functions instead.
Among other things, this works around the cron daemon not deleting its
pidfile from /var/run/. Closes: #615855
- Added $network to Should-Start
* debian/rules:
- Converted to dh syntax. This included replacing some manually executed
steps with debhelper file-automated ones (eg: cron.man, cron.examples)
to lessen clutter
- Completely rewrote the PAM/SELinux/audit integration parts. PAM support
was being skipped on kfreebsd and hurd, and audit support was completely
broken. From now on:
+ PAM is enabled by default on all platforms
+ SELinux is enabled by default on linux-any
+ audit is disabled by default on all platforms
All of these can be driven by DEB_BUILD_OPTIONS (see debian/rules)
- Do not compress example perl scripts
* debian/{prerm,postrm,postinst}:
- Let dh_installinit manage stopping/(re)starting of jobs instead of
calling invoke-rc.d ourselves
* debian/standard.daily:
- Backup of /etc/{passd,group} is no longer performed by cron; the task
was handed over to src:shadow (see #554170). In Squeeze, this task will
be performed redundantly by both packages (as discussed on
debian-release)
- Rewrite locking and lost+found-checking code, based on a submission to
the BTS by Justin B. Rye. Closes: #478967, #537073, LP: #257367
- Parse /etc/mtab instead of /proc/mounts; the former makes handling bind
mounts easier. Closes: #578856
- Pull in /etc/cron/default for CHECK_LOSTFOUND (see above)
* debian/copyright:
- Convert to DEP5 format (r173)
* debian/watch:
- Added watch file to silence a lintian warning, even though the last
upstream release was in 2004
* Packaging (general): removed a lot of cruft which seems to have accumulated
over time. This included all the cron-se stuff, which appears to have been
a remnant from the SELinux integration process, and was either not being
used anymore or completely broken. Also, the patches/ directory was
removed, as that location has a specific meaning and the patches in there
were no longer relevant.
Checksums-Sha1:
b05295fceecdd9702c66dfb3b561c0f0bb1481f9 1219 cron_3.0pl1-117.dsc
1d69b6cd9eb94bd0201f70700892028676a7e874 88976 cron_3.0pl1-117.diff.gz
43c7665efa16c0eb55401cb6145026f56bae31a9 95814 cron_3.0pl1-117_i386.deb
Checksums-Sha256:
6719500e6714d797b21bc1dccc44d03332a909f4a76832515e6c0b3856dc4927 1219
cron_3.0pl1-117.dsc
1705799cac874cfa171064d8a9764140fcf3618c8f004e01f5eeda5dd47898e7 88976
cron_3.0pl1-117.diff.gz
28d7f2917dc40e211b269e41d7f9e0661c9a1167a6297a49db780d21c1e73fbb 95814
cron_3.0pl1-117_i386.deb
Files:
ce23eb8cacdfbeefdd79f77bbb87fbcb 1219 admin important cron_3.0pl1-117.dsc
757abb9a1f1c65da068d2e1cb945996b 88976 admin important cron_3.0pl1-117.diff.gz
a4c1e1d0ecfbd1253f4e7cb59bec6a2a 95814 admin important cron_3.0pl1-117_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFN5BSOsandgtyBSwkRAj03AJ4pRKEmbLXXN2LLWI/DxGtDAqdKTwCeM3jL
l8/VkIFBH9WaJWiSZrQDr4k=
=DDkG
-----END PGP SIGNATURE-----
--- End Message ---
