Bug#990715: marked as done (prometheus-smokeping-prober: Package is non-functional by default, and steps necessary to make it functional are not documented and non-obvious)

[Debian Bug Tracking System]

Your message dated Sun, 05 Dec 2021 18:05:50 +0000
with message-id <e1mtvtw-000ezs...@fasolo.debian.org>
and subject line Bug#990715: fixed in prometheus-smokeping-prober 0.4.2-2
has caused the Debian Bug report #990715,
regarding prometheus-smokeping-prober: Package is non-functional by default, 
and steps necessary to make it functional are not documented and non-obvious
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
990715: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990715
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: prometheus-smokeping-prober
Version: 0.4.1-2+b4
Severity: important
X-Debbugs-Cc: t...@seoss.co.uk

Thanks for packaging this in Debian!  Unfortunately it does appear to
have an important problem which I think most users will hit, and is
actually quite difficult to debug.

Installing this package on a default bullseye system results in this
debconf database entry being set, without any prompting:

  prometheus-smokeping-prober/want_cap_net_raw: false

This makes the package fail silently, without any errors (even when run
with --log.level="debug").

The service appears to run correctly, but is unable to send out any ping
probes, and so just records no data (all metrics are zero).  No errors
are logged, and this debconf database setting is not documented
elsewhere in the package.

I think this setting should ideally be defaulted to true, since this is
the way that e.g. iputils-ping operates (it is always installed with
cap_net_raw=ep set).

Whilst I understand the possible security implication of this, since the
package defaults to executing the binary as the prometheus user, this
could perhaps be mitigated by setting the permissions so that
/usr/bin/prometheus-smokeping-prober is NOT world-executable, and has
group ownership set to the prometheus user.  e.g.

chmod 750 /usr/bin/prometheus-smokeping-prober
chgrp prometheus /usr/bin/prometheus-smokeping-prober

If it is preferred for some reason to continue to default this to false,
then I think the question should have at least "high" priority.

Additionally it would be useful to patch the daemon so that it logs when
it is not authorized to send pings, and probably the existance of the
setting should be documented (e.g. in:
/etc/default/prometheus-smokeping-prober or a README.Debian).


-- System Information:
Debian Release: 11.0
  APT prefers testing-security
  APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_WARN, TAINT_CRAP
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages prometheus-smokeping-prober depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.75
ii  libc6                  2.31-12
ii  libcap2-bin            1:2.44-1

prometheus-smokeping-prober recommends no packages.

prometheus-smokeping-prober suggests no packages.

-- debconf information:
  prometheus-smokeping-prober/want_cap_net_raw: false

--- End Message ---

--- Begin Message ---

Source: prometheus-smokeping-prober
Source-Version: 0.4.2-2
Done: Daniel Swarbrick <dswarbr...@debian.org>

We believe that the bug you reported is fixed in the latest version of
prometheus-smokeping-prober, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 990...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Swarbrick <dswarbr...@debian.org> (supplier of updated 
prometheus-smokeping-prober package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 05 Dec 2021 17:41:59 +0000
Source: prometheus-smokeping-prober
Architecture: source
Version: 0.4.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Daniel Swarbrick <dswarbr...@debian.org>
Closes: 990715
Changes:
 prometheus-smokeping-prober (0.4.2-2) unstable; urgency=medium
 .
   * Enable CAP_NET_RAW for prometheus-smokeping-prober binary by default when
     installing (Closes: #990715)
Checksums-Sha1:
 34a4fbff7e4f321e474d8fd99e572f29f10cd65a 2463 
prometheus-smokeping-prober_0.4.2-2.dsc
 0d7fc6b128cea0ea6b2616ff0046e3d227ce896b 8112 
prometheus-smokeping-prober_0.4.2-2.debian.tar.xz
 b81a5b66beb308490c3a907a429ca8491683c244 8204 
prometheus-smokeping-prober_0.4.2-2_amd64.buildinfo
Checksums-Sha256:
 fa606bbb816096355c636891a444c47b005948cb68807331a0bd77343efdc4ec 2463 
prometheus-smokeping-prober_0.4.2-2.dsc
 6e2a9314c86607a66804eb8f107a44ef5e13f249e82e2d79f43419888150ae71 8112 
prometheus-smokeping-prober_0.4.2-2.debian.tar.xz
 2667786493f38f09fade29facedd4ca1a450c6ff73a55f2a076cfa52fecaab8e 8204 
prometheus-smokeping-prober_0.4.2-2_amd64.buildinfo
Files:
 be1b07961f8e69ac019204f9812bd60b 2463 net optional 
prometheus-smokeping-prober_0.4.2-2.dsc
 caef85ed50bb25e5ffff0262289b992f 8112 net optional 
prometheus-smokeping-prober_0.4.2-2.debian.tar.xz
 8cc56ea28dcc13f6dd50841893dc07cb 8204 net optional 
prometheus-smokeping-prober_0.4.2-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJKBAEBCgA0FiEEMD9oek78sa58GjWjtwAXP7uAWikFAmGs+wcWHGRzd2FyYnJp
Y2tAZGViaWFuLm9yZwAKCRC3ABc/u4BaKXV1D/939/CvagXR81U35h4gtSlyd0Mv
D6jUyCcdU1U+EqfFTATB3SLldIIlVMWMYDcsYeLnghapHh1HfJTLYhjkf9b1HO5B
ctnpCAZ6qSdA/iIhamACvTjhuabISaKbtHQaQMx/QsVKIFbpWvZxf4IHKNWNWd2e
ri1IPVUqCBDVtA9BqTW7XsyZ5sUFqa3+Uq2TXqwLJzBdJ64BNyqQKQkpJjfMzL9X
yXnk3Kl/yX0cAj1VrYkkMgzfH7+N4IFxWLqxk5ZbwUOhpQnGHIXvKUvEgGhE2QOy
KZccrQRGtbmA8J6QJC3RpaSAy4XX65dduWmt3EDyeokNmI2FuBsetU7TR95n3YxH
BK0lSv+tekDbhNyNoNa9BV/sKt8K0+Dw6RaE8X+/kHEdCwby7K3jlR/uz8KG5f6y
ALJkCygnE/DaYBC8YHnV4VRtAr3Urno99z124zS/DvpGxEenlWcCpq9fTI1F3+q1
ycNjpkYia75YxnGaf8lHiNdUYcCCtY5oCJ7ps5dsH6upknnKQsmAlaJ+7/aE28nS
M6Wlcs/xOlrbi59YGGZMyVjt4G5Mley9t7xMxXFjBSBGcoNHPvveh3Vijp80DHtQ
iRSOQNYF26WcZQ19xVT+UqYm7o1CtZ2DpA+Oet3+/b+yGk4eJESK9u/OzjtGRf4K
A8mpaiMHaeuQTs/RPg==
=X/Yj
-----END PGP SIGNATURE-----

--- End Message ---