Your message dated Fri, 27 Apr 2018 12:51:53 +0000 with message-id <[email protected]> and subject line Bug#883905: fixed in prosody 0.10.0-2 has caused the Debian Bug report #883905, regarding prosody: should use /run not /var/run and needs restorecon after mkdir to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 883905: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883905 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: prosody Version: 0.9.12-2 Severity: normal Tags: patch For a long time /var/run has been a symlink to /run. Therefore it's best to use /run directly which avoids problems if /var isn't mounted (admittedly a configuration that's not common) and makes the operation clearer. On SE Linux systems when a directory is created by an init.d script it needs to have the correct context set. If the restorecon program is installed then it will operate correctly (even in the case where it's installed but SE Linux isn't activated) so the best thing to do is to run restorecon on the directory if restorecon exists. Also note that there is no harm in running restorecon multiple times, it's operation is conceptually similar to chmod or chown except that it has it's own config file to determine what context it should use. Also if you use tmpfiles.d on a systemd system to create the dirctory then it will set the correct context without additional effort. --- /etc/init.d/prosody.orig 2017-12-09 04:41:45.088000000 +0000 +++ /etc/init.d/prosody 2017-12-09 05:00:26.824000000 +0000 @@ -15,7 +15,7 @@ USER=prosody DAEMON=/usr/bin/prosody -PIDPATH=/var/run/prosody +PIDPATH=/run/prosody PIDFILE="$PIDPATH"/prosody.pid NICE= @@ -40,6 +40,7 @@ start_prosody () { mkdir -p `dirname $PIDFILE` chown prosody:adm `dirname $PIDFILE` + [ -x /sbin/restorecon ] && /sbin/restorecon -R `dirname $PIDFILE` if start-stop-daemon --start --quiet --pidfile "$PIDFILE" \ --chuid "$USER" --oknodo --user "$USER" --name lua5.1 \ $(start_opts) --startas "$DAEMON"; -- System Information: Debian Release: 9.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1), LANGUAGE=en_AU (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages prosody depends on: ii adduser 3.115 ii libc6 2.24-11+deb9u1 ii libidn11 1.33-1 ii libssl1.1 1.1.0f-3+deb9u1 ii lsb-base 9.20161125 ii lua-expat [lua5.1-expat] 1.3.0-4 ii lua-filesystem [lua5.1-filesystem] 1.6.3-1 ii lua-sec [lua5.1-sec] 0.6-3 ii lua-socket [lua5.1-socket] 3.0~rc1+git+ac3201d-3 ii lua5.1 5.1.5-8.1+b2 ii ssl-cert 1.0.39 Versions of packages prosody recommends: pn lua5.1-event <none> Versions of packages prosody suggests: pn lua-dbi-mysql <none> pn lua-dbi-postgresql <none> pn lua-dbi-sqlite3 <none> pn lua-zlib <none> -- Configuration Files: /etc/init.d/prosody changed: set -e USER=prosody DAEMON=/usr/bin/prosody PIDPATH=/run/prosody PIDFILE="$PIDPATH"/prosody.pid NICE= MAXFDS= CPUSCHED= IOSCHED= test -x "$DAEMON" || exit 0 . /lib/lsb/init-functions if [ -f /etc/default/prosody ] ; then . /etc/default/prosody fi start_opts() { test -z "$NICE" || echo -n " --nicelevel $NICE" test -z "$CPUSCHED" || echo -n " --procsched $CPUSCHED" test -z "$IOSCHED" || echo -n " --iosched $IOSCHED" } start_prosody () { mkdir -p `dirname $PIDFILE` chown prosody:adm `dirname $PIDFILE` [ -x /sbin/restorecon ] && /sbin/restorecon -R `dirname $PIDFILE` if start-stop-daemon --start --quiet --pidfile "$PIDFILE" \ --chuid "$USER" --oknodo --user "$USER" --name lua5.1 \ $(start_opts) --startas "$DAEMON"; then return 0 else return 1 fi } stop_prosody () { if start-stop-daemon --stop --quiet --retry 30 \ --oknodo --pidfile "$PIDFILE" --user "$USER" --name lua5.1; then return 0 else return 1 fi } signal_prosody () { if start-stop-daemon --stop --quiet --pidfile "$PIDFILE" \ --user "$USER" --name lua5.1 --oknodo --signal $1; then return 0 else return 1 fi } case "$1" in start) log_daemon_msg "Starting Prosody XMPP Server" "prosody" if start_prosody; then log_end_msg 0; else log_end_msg 1; fi ;; stop) log_daemon_msg "Stopping Prosody XMPP Server" "prosody" if stop_prosody; then log_end_msg 0; else log_end_msg 1; fi ;; force-reload|restart) log_daemon_msg "Restarting Prosody XMPP Server" "prosody" stop_prosody if start_prosody; then log_end_msg 0; else log_end_msg 1; fi ;; reload) log_daemon_msg "Reloading Prosody XMPP Server" "prosody" if signal_prosody 1; then log_end_msg 0; else log_end_msg 1; fi ;; status) log_daemon_msg "Status of Prosody XMPP Server" "prosody " status_of_proc -p"$PIDFILE" lua5.1 ;; *) log_action_msg "Usage: /etc/init.d/prosody {start|stop|restart|reload|status}" exit 1 esac exit 0 /etc/prosody/prosody.cfg.lua changed: -- Prosody Example Configuration File -- -- Information on configuring Prosody can be found on our -- website at http://prosody.im/doc/configure -- -- Tip: You can check that the syntax of this file is correct -- when you have finished by running: luac -p prosody.cfg.lua -- If there are any errors, it will let you know what and where -- they are, otherwise it will keep quiet. -- -- The only thing left to do is rename this file to remove the .dist ending, and fill in the -- blanks. Good luck, and happy Jabbering! ---------- Server-wide settings ---------- -- Settings in this section apply to the whole server and are the default settings -- for any virtual hosts -- This is a (by default, empty) list of accounts that are admins -- for the server. Note that you must create the accounts separately -- (see http://prosody.im/doc/creating_accounts for info) -- Example: admins = { "[email protected]", "[email protected]" } admins = { "[email protected]" } -- Enable use of libevent for better performance under high load -- For more information see: http://prosody.im/doc/libevent --use_libevent = true; -- This is the list of modules Prosody will load on startup. -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. -- Documentation on modules can be found at: http://prosody.im/doc/modules modules_enabled = { -- Generally required "roster"; -- Allow users to have a roster. Recommended ;) "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. "tls"; -- Add support for secure TLS on c2s/s2s connections "dialback"; -- s2s dialback support "disco"; -- Service discovery -- Not essential, but recommended "private"; -- Private XML storage (for room bookmarks, etc.) "vcard"; -- Allow users to set vCards -- These are commented by default as they have a performance impact --"privacy"; -- Support privacy lists --"compression"; -- Stream compression (Debian: requires lua-zlib module to work) -- Nice to have "version"; -- Replies to server version requests "uptime"; -- Report how long server has been running "time"; -- Let others know the time here on this server "ping"; -- Replies to XMPP pings with pongs "pep"; -- Enables users to publish their mood, activity, playing music and more "register"; -- Allow users to register on this server using a client and change passwords -- Admin interfaces "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 -- HTTP modules --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" --"http_files"; -- Serve static files from a directory over HTTP -- Other specific functionality "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. --"groups"; -- Shared roster support --"announce"; -- Send announcement to all online users --"welcome"; -- Welcome users who register accounts --"watchregistrations"; -- Alert admins of registrations --"motd"; -- Send a message to users when they log in --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. }; -- These modules are auto-loaded, but should you want -- to disable them then uncomment them here: modules_disabled = { -- "offline"; -- Store offline messages -- "c2s"; -- Handle client connections -- "s2s"; -- Handle server-to-server connections }; -- Disable account creation by default, for security -- For more information see http://prosody.im/doc/creating_accounts allow_registration = false; -- Debian: -- send the server to background. -- daemonize = true; -- Debian: -- Please, don't change this option since /run/prosody/ -- is one of the few directories Prosody is allowed to write to -- pidfile = "/run/prosody/prosody.pid"; -- These are the SSL/TLS-related settings. If you don't want -- to use SSL/TLS, you may comment or remove this ssl = { key = "/etc/letsencrypt/live/gnubies.com/privkey.pem"; certificate = "/etc/letsencrypt/live/gnubies.com/fullchain.pem"; } -- Force clients to use encrypted connections? This option will -- prevent clients from authenticating unless they are using encryption. c2s_require_encryption = false -- Force certificate authentication for server-to-server connections? -- This provides ideal security, but requires servers you communicate -- with to support encryption AND present valid, trusted certificates. -- NOTE: Your version of LuaSec must support certificate verification! -- For more information see http://prosody.im/doc/s2s#security s2s_secure_auth = false -- Many servers don't support encryption or have invalid or self-signed -- certificates. You can list domains here that will not be required to -- authenticate using certificates. They will be authenticated using DNS. --s2s_insecure_domains = { "gmail.com" } -- Even if you leave s2s_secure_auth disabled, you can still require valid -- certificates for some domains by specifying a list here. --s2s_secure_domains = { "jabber.org" } -- Select the authentication backend to use. The 'internal' providers -- use Prosody's configured data storage to store the authentication data. -- To allow Prosody to offer secure authentication mechanisms to clients, the -- default provider stores passwords in plaintext. If you do not trust your -- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed -- for information about using the hashed backend. authentication = "internal_plain" -- Select the storage backend to use. By default Prosody uses flat files -- in its configured data directory, but it also supports more backends -- through modules. An "sql" backend is included by default, but requires -- additional dependencies. See http://prosody.im/doc/storage for more info. --storage = "sql" -- Default is "internal" (Debian: "sql" requires one of the -- lua-dbi-sqlite3, lua-dbi-mysql or lua-dbi-postgresql packages to work) -- For the "sql" backend, you can uncomment *one* of the below to configure: --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } -- Logging configuration -- For advanced logging see http://prosody.im/doc/logging -- -- Debian: -- Logs info and higher to /var/log -- Logs errors to syslog also log = { -- Log files (change 'info' to 'debug' for debug logs): info = "/var/log/prosody/prosody.log"; error = "/var/log/prosody/prosody.err"; -- Syslog: { levels = { "error" }; to = "syslog"; }; } ----------- Virtual hosts ----------- -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host. VirtualHost "gnubies.com" ------ Components ------ -- You can specify components to add hosts that provide special services, -- like multi-user conferences, and transports. -- For more information on components, see http://prosody.im/doc/components ---Set up a MUC (multi-user chat) room server on conference.example.com: --Component "conference.example.com" "muc" -- Set up a SOCKS5 bytestream proxy for server-proxied file transfers: --Component "proxy.example.com" "proxy65" ---Set up an external component (default component port is 5347) -- -- External components allow adding various services, such as gateways/ -- transports to other networks like ICQ, MSN and Yahoo. For more info -- see: http://prosody.im/doc/components#adding_an_external_component -- --Component "gateway.example.com" -- component_secret = "password" ------ Additional config files ------ -- For organizational purposes you may prefer to add VirtualHost and -- Component definitions in their own config files. This line includes -- all config files in /etc/prosody/conf.d/ Include "conf.d/*.cfg.lua" -- no debconf information
--- End Message ---
--- Begin Message ---Source: prosody Source-Version: 0.10.0-2 We believe that the bug you reported is fixed in the latest version of prosody, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sergei Golovan <[email protected]> (supplier of updated prosody package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 27 Apr 2018 13:54:50 +0300 Source: prosody Binary: prosody Architecture: source amd64 Version: 0.10.0-2 Distribution: unstable Urgency: medium Maintainer: Matthew James Wild <[email protected]> Changed-By: Sergei Golovan <[email protected]> Description: prosody - Lightweight Jabber/XMPP server Closes: 827689 851519 851669 883905 888644 Changes: prosody (0.10.0-2) unstable; urgency=medium . * Move the prosody PID file to /run/prosody (closes: #883905). * Exit the logrotate postrotate script with zero status if prosody isn't running (closes: #888644). * Add /usr/local/lib/prosody/modules to a modules search path for local administrators. Remove VirtualHost example from the main config in favor of subconfigs (closes: #827689). * Copy the example snakeoil certificate to /etc/prosody/certs instead of linking it. This helps not to add prosody to the ssl-cert group which may be troubling from a security standpoint (closes: #851669). * Add a systemd unit file, don't daemonize the server, letting systemd or start-stop-daemon do that (closes: #851519). * Bump the debhelper compatibility level to 11. * Bump the standards version to 4.1.4. * Fix the package VCS headers. Checksums-Sha1: 3ba003a53ce2853e1de6054dbf7003c0aad9b5a9 2046 prosody_0.10.0-2.dsc a6e08c2f8354d14281829df99cecb0a1f60a4bc7 15100 prosody_0.10.0-2.debian.tar.xz 5bdb4066d77c3c6b13331ca9b29375ac049b7f43 46900 prosody-dbgsym_0.10.0-2_amd64.deb 9dfa7e01140ad33370e710d19f18798170a10a2f 6400 prosody_0.10.0-2_amd64.buildinfo f41d44cd0f618b9485ebffa4374351b7d8d36f41 248536 prosody_0.10.0-2_amd64.deb Checksums-Sha256: 1a87fe0fb8f685233cf36d954b0bbe13917445b2efde992e26ff8c1eb47a39e5 2046 prosody_0.10.0-2.dsc 641c7bd6a97dd65fa372fc8b74fcf36c5af2c7960013ca084b894a48a023abda 15100 prosody_0.10.0-2.debian.tar.xz c0bb5b8fcf5a75f6aa12796b82ac50018be478e36ab33312d3f1b4fb0a2ec0d6 46900 prosody-dbgsym_0.10.0-2_amd64.deb a9c272b48b516246f616ebd0e24382788aa5748d42c1660abea1060f6dced03a 6400 prosody_0.10.0-2_amd64.buildinfo cbf426399860c972f4cbceaa79d1aaca761cf7038a69bae9713fa86c3c989ab0 248536 prosody_0.10.0-2_amd64.deb Files: c46f0be64adc0dd95ce68eba63815fdf 2046 net optional prosody_0.10.0-2.dsc 957ab9bd9cdfe9dd960f6222b8220056 15100 net optional prosody_0.10.0-2.debian.tar.xz cdd492708cba5e570585e3f652c11b38 46900 debug optional prosody-dbgsym_0.10.0-2_amd64.deb a6ce4df269b6ba8e0f56045d2b32ebd4 6400 net optional prosody_0.10.0-2_amd64.buildinfo 1efc96f6616cc5ca070f0cebc6f889ca 248536 net optional prosody_0.10.0-2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/SYPsyDB+ShSnvc4Tyrk60tj54cFAlrjFs0ACgkQTyrk60tj 54dGiQ//UZnwJRA/SzU7D4nJw+u2CVD4BvdK6tkKKvqoXUQCtJlOIhMkFrfs8BL0 /hC8+VHKsAro2SQSZGG9DtO+R6xrQB31VH+U+JbzGshSHTk0+Nh4NpZ69u/tLmfc CKwRyIIiJiOHWGNyzL9FtW852JPbGdS6OatkfMhPHPjqYtPkedvyGjlO5uoGMhYy jcSrBVB2wB4Z4cWqX/C0cLXts96Q28BuZnCE2Z8NBcksDJgGWcyRu0cMRRxkhvkR GWz4IqTuUkDc/SJ739CuJyCbiar+Aq7W9m20gIkdu39T+ZU1DpfpQuVP1NbLXN6F z+fxzPucU/Nqx5eZPDyaUoFiDscyQ+8rGFOu74Nt3hWSvtYS60kfTD2uOkOLurIJ xVPx4JDfyx7M+SpXzY2o361qqs7kOo22ag8kTP3bxWwAWWtvlz+skg718Sujb04H Cx84jnZO9i5WHtkPRcNLlra96dL0m1/830Uhsdbb+Dj9JbbfCYh8CQmsBqd9dAgG LubV0NYTgrKoJr3p85P3UMKZgFuZHJlR7f43V/NXV4X3TRixHwAdlUltHdLbZ/r8 ab6tkNi9XAMJ2kS6HsfJHCv1zexfjYZTKF5ZYpg8IQNIoZJR90BTPtcCELALA67H DlUztTg//7ai6rglP8WZiEbovp2DTfOpaTr4eZSHdGya5JeBs8E= =DUVB -----END PGP SIGNATURE-----
--- End Message ---
