Your message dated Mon, 24 Oct 2016 18:53:29 +0000
with message-id <[email protected]>
and subject line Bug#807428: fixed in csync2 2.0-8-g175a01c-4
has caused the Debian Bug report #807428,
regarding csync2: socket activation and running as system user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
807428: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807428
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: csync2
Version: 2.0+73d3293-2
Severity: wishlist
Tags: patch
Usertags: systemd-units
X-Debbugs-Cc: [email protected]
Dear Maintainer,
The attached patch was prepared to make csync2 a socket activated
service managed with systemd and avoid the use of inetd, it also
configures systemd to run csync2 as a system user. With this approach
the use of root privileges in the synchronization process is avoided
and, if they are required, the cluster admin may enable them with a
drop-in configuration file. Although the use of a system user requires
some care with the ownership of the synchronized files and state
database, I think the benefits of the privilege reduction may be worth
the effort.
The systemd unit files are based on the ones published in
https://github.com/mk-fg/fg_exheres/tree/master/packages/sys-apps/csync2/files/systemd
and the directions received from systemd maintainers have been followed.
Some limited testing has been done in a four node cluster, I hope the
patch can be useful.
Regards,
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (900, 'stable'), (500, 'stable-updates')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages csync2 depends on:
ii adduser 3.113+nmu3
ii init-system-helpers 1.22
ii libc6 2.19-18+deb8u1
ii libgnutls-deb0-28 3.3.8-6+deb8u3
ii librsync1 0.9.7-10
ii netbase 5.3
csync2 recommends no packages.
Versions of packages csync2 suggests:
pn sqlite3 <none>
-- Configuration Files:
/etc/csync2.cfg changed [not included]
-- no debconf information
--
Dhionel Díaz
Centro Nacional de Desarrollo e Investigación en Tecnologías Libres
Ministerio del Poder Popular para
Educación Universitaria, Ciencia y Tecnología
diff -Nru csync2-2.0+73d3293/debian/control csync2-2.0+73d3293/debian/control
--- csync2-2.0+73d3293/debian/control 2015-08-11 05:10:56.000000000 -0430
+++ csync2-2.0+73d3293/debian/control 2015-12-01 16:40:28.000000000 -0430
@@ -10,6 +10,7 @@
automake,
bison,
dh-autoreconf,
+ dh-systemd,
flex,
libmysqlclient-dev,
libpq-dev,
@@ -27,7 +28,7 @@
Depends: ${misc:Depends},
${shlibs:Depends},
netbase (>= 4.25),
- openbsd-inetd | inet-superserver
+ adduser
Suggests: sqlite3
Description: cluster synchronization tool
CSYNC2 synchronizes files in a cluster using the rsync-algorithm.
diff -Nru csync2-2.0+73d3293/debian/cron.d csync2-2.0+73d3293/debian/cron.d
--- csync2-2.0+73d3293/debian/cron.d 2015-07-27 05:14:06.000000000 -0430
+++ csync2-2.0+73d3293/debian/cron.d 2015-12-01 15:15:05.000000000 -0430
@@ -19,4 +19,4 @@
# along with this program; if not, write to the Free Software
# Foundation
#
-# 0 4 * * * root csync2 -cr / ; csync2 -T <my-hostname> <peer-hostname>
+# 0 4 * * * csync2 csync2 -cr / ; csync2 -T <my-hostname> <peer-hostname>
diff -Nru csync2-2.0+73d3293/debian/install csync2-2.0+73d3293/debian/install
--- csync2-2.0+73d3293/debian/install 2015-08-03 10:25:57.000000000 -0430
+++ csync2-2.0+73d3293/debian/install 2015-12-01 17:25:32.000000000 -0430
@@ -1 +1,3 @@
csync2.cfg etc
+debian/systemd/csync2.socket lib/systemd/system
+debian/systemd/[email protected] lib/systemd/system
diff -Nru csync2-2.0+73d3293/debian/postinst csync2-2.0+73d3293/debian/postinst
--- csync2-2.0+73d3293/debian/postinst 2015-07-27 05:14:06.000000000 -0430
+++ csync2-2.0+73d3293/debian/postinst 2015-12-01 16:37:57.000000000 -0430
@@ -19,14 +19,14 @@
case "$1" in
configure)
-
- if ! grep -q "^csync2" /etc/inetd.conf ; then
- update-inetd --remove '^csync2'
- update-inetd --group OTHER --add \
- 'csync2\t\tstream\ttcp\tnowait\troot\t/usr/sbin/csync2\tcsync2 -i'
- fi
-
-
+ adduser --quiet --system --group \
+ --home /var/lib/csync2 --no-create-home \
+ csync2
+ if ! dpkg-statoverride --list /var/lib/csyn2 >/dev/null 2>&1
+ then
+ chown -R csync2:csync2 /var/lib/csync2
+ chmod -R u=rwX,g=rX,o= /var/lib/csync2
+ fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
diff -Nru csync2-2.0+73d3293/debian/prerm csync2-2.0+73d3293/debian/prerm
--- csync2-2.0+73d3293/debian/prerm 2015-08-03 10:59:17.000000000 -0430
+++ csync2-2.0+73d3293/debian/prerm 2015-12-01 17:28:19.000000000 -0430
@@ -19,11 +19,6 @@
case "$1" in
remove|upgrade|deconfigure)
-
- update-inetd --remove '^csync2'
- if [ -f /var/run/inetd.pid ] ; then
- kill -s HUP $(cat /var/run/inetd.pid)
- fi
;;
failed-upgrade)
;;
diff -Nru csync2-2.0+73d3293/debian/rules csync2-2.0+73d3293/debian/rules
--- csync2-2.0+73d3293/debian/rules 2015-08-04 05:22:46.000000000 -0430
+++ csync2-2.0+73d3293/debian/rules 2015-12-01 18:03:48.000000000 -0430
@@ -4,7 +4,7 @@
CFLAGS = $(shell dpkg-buildflags --get CFLAGS) -I$(shell pg_config --includedir)
%:
- dh $@ --with autotools_dev,autoreconf
+ dh $@ --with autotools_dev,autoreconf,systemd
override_dh_auto_configure:
dh_auto_configure \
diff -Nru csync2-2.0+73d3293/debian/systemd/csync2.socket csync2-2.0+73d3293/debian/systemd/csync2.socket
--- csync2-2.0+73d3293/debian/systemd/csync2.socket 1969-12-31 20:00:00.000000000 -0400
+++ csync2-2.0+73d3293/debian/systemd/csync2.socket 2015-12-07 10:29:43.000000000 -0430
@@ -0,0 +1,9 @@
+[Unit]
+Description=csync2 asynchronous file synchronization socket
+
+[Socket]
+ListenStream=30865
+Accept=true
+
+[Install]
+WantedBy=sockets.target
diff -Nru csync2-2.0+73d3293/debian/systemd/[email protected] csync2-2.0+73d3293/debian/systemd/[email protected]
--- csync2-2.0+73d3293/debian/systemd/[email protected] 1969-12-31 20:00:00.000000000 -0400
+++ csync2-2.0+73d3293/debian/systemd/[email protected] 2015-12-07 16:16:14.000000000 -0430
@@ -0,0 +1,8 @@
+[Unit]
+Description=csync2 asynchronous file synchronization
+
+[Service]
+User=csync2
+Group=csync2
+ExecStart=-/usr/sbin/csync2 -i
+StandardInput=socket
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: csync2
Source-Version: 2.0-8-g175a01c-4
We believe that the bug you reported is fixed in the latest version of
csync2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Valentin Vidic <[email protected]> (supplier of updated csync2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Oct 2016 15:38:46 +0200
Source: csync2
Binary: csync2
Architecture: source amd64
Version: 2.0-8-g175a01c-4
Distribution: unstable
Urgency: medium
Maintainer: Debian HA Maintainers
<[email protected]>
Changed-By: Valentin Vidic <[email protected]>
Description:
csync2 - cluster synchronization tool
Closes: 807428
Changes:
csync2 (2.0-8-g175a01c-4) unstable; urgency=medium
.
[ Christoph Berg ]
* Remove Norbert and myself from uploaders.
.
[ Valentin Vidic ]
* Update libmysqlclient-dev dependency
* Move inetd to Recommends
* Add systemd socket in disabled state (Closes: #807428)
* Update debian/tests to check inetd and systemd
* Add xinetd service in disabled state
* systemd: check [email protected] exit code
Checksums-Sha1:
a5cca1a3d59d169a424fbbcebec1e607de21c505 2227 csync2_2.0-8-g175a01c-4.dsc
0198f93dd95cdcb727ee8b090f7c16aacbdfb7ba 7112
csync2_2.0-8-g175a01c-4.debian.tar.xz
a2bdb962f489724426291948af1f1be5a1fe70f5 146450
csync2-dbgsym_2.0-8-g175a01c-4_amd64.deb
daa2fc02435720a755e47f0d5693f4af80c54e19 255136
csync2_2.0-8-g175a01c-4_amd64.deb
Checksums-Sha256:
7606f39add2c900c82ab6b2c674bc32a4cb949ddffeef6b5a459512c91c84d39 2227
csync2_2.0-8-g175a01c-4.dsc
4e16b8c48d3afc82f2e76343643cdd201d26af2ee3e4d6a7117d77c555e362c4 7112
csync2_2.0-8-g175a01c-4.debian.tar.xz
ff95855f869288fa5aace400c8b45cf381b7ad0463d4b139f68dbf20daeebb37 146450
csync2-dbgsym_2.0-8-g175a01c-4_amd64.deb
78dcc361ac996a6d1872a8c4e3d3eb19c2cc5871be6affb2718abcf1887fb7ce 255136
csync2_2.0-8-g175a01c-4_amd64.deb
Files:
65d163a2cdee00b2cec9091c357ba4f5 2227 admin optional
csync2_2.0-8-g175a01c-4.dsc
c1986f03ad29a811e961b59e93ffd38f 7112 admin optional
csync2_2.0-8-g175a01c-4.debian.tar.xz
759219ea37d9d7d18296fae8748a2c95 146450 debug extra
csync2-dbgsym_2.0-8-g175a01c-4_amd64.deb
7354a4e78e663ba08acb78bc6ff3d1d6 255136 admin optional
csync2_2.0-8-g175a01c-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYDlRGAAoJEGH3mF24TgsElq8QALKR66XGcxi77OBxCypGfLH9
Kt2o+NAWBEiyfGt8Sfox98wpp/dT8eLM0gIg7gGwuwIt3fer5DZtckwNeAI0aUNQ
2IQWcDE7P3+eVK1woTV2Uyq2BjOUzJ43yDlVtJb/SmeU+Y9xnHMXDxu4gX2xs8LR
21QJNpAmrC6t2ULVMVKrEM8yvdSsPHsVqGUu1rNll7rjPhgy/1ipKqeJwfetEAmx
eQixZISYcqci7PIRVZgN2nRezjujwEDtqI8C8rsGzX2kQO/cMx4ZsMWgEDss7c7D
Hl81F/9FrhzqASB0Kxh7xB6+ABnHq8l65reZZoE65kOpCMVVS/iVkVdSV0Jait7z
QO+yph25CsCupLo0dEAoyGe2T0pCQytShooDuvfO1laiIycM0QtW9z0S3YApI+NP
P/A4Tr+AuDGJrSXktxM8vDNkK+GtNvoiZ9e9E9CYHU/W+ipphdqmLIokwCQD4VaK
UuqOk19CgiMipTEQaeIB+5DDiuXEN/IpHEzu7ReV53npCQ2qmZTRJfGsSPVEZFfG
fBjhpUgi/Oil0zAgC2O0K3Ey7KiK/YWOjXBDDmYRbkrEm/RuijRcTVGNSQz7CaNW
hlgFeYIA1J4HzR1qHjacj7z4Md5v1kgy8pP0tVTvY8jnptpJBmZs8MLMDJRYebaF
SkBipWYlu43qOH6mRk3U
=aCJP
-----END PGP SIGNATURE-----
--- End Message ---
