Your message dated Thu, 05 May 2022 01:17:53 +0900
with message-id <[email protected]>
and subject line Re: redmine.postinst runs bundle install as root user, this
kills running it as any other user
has caused the Debian Bug report #999618,
regarding redmine.postinst runs bundle install as root user, this kills running
it as any other user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
999618: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999618
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: redmine
Version: 4.0.7-1
Severity: normal
At the redmine.postinst beginning there is:
if ! bundle --local --quiet; then
which currently equals to:
if ! bundle install --local --quiet; then
This after changing directory to /usr/share/redmine.
apt runs this command as root, thus when I run "bundle install" from
/usr/share/redmine as any other user than root with a redmine plugin
(redmine_git_hosting
and its dependencies additionnals and redmine_bootstrap_kit which calls to git
versions of gems)
I get the following error:
"
$ bundle install
Your Gemfile lists the gem rubocop (>= 0) more than once.
You should probably keep only one of them.
Remove any duplicate entries and specify the gem only once.
While it's not a problem now, it could cause errors if you change the version
of one of them later.
Your Gemfile lists the gem brakeman (>= 0) more than once.
You should probably keep only one of them.
Remove any duplicate entries and specify the gem only once.
While it's not a problem now, it could cause errors if you change the version
of one of them later.
Following files may not be writable, so sudo is needed:
/usr/local/bin
/var/lib/gems/2.7.0
/var/lib/gems/2.7.0/bin
/var/lib/gems/2.7.0/build_info
/var/lib/gems/2.7.0/bundler
/var/lib/gems/2.7.0/cache
/var/lib/gems/2.7.0/doc
/var/lib/gems/2.7.0/extensions
/var/lib/gems/2.7.0/gems
/var/lib/gems/2.7.0/plugins
/var/lib/gems/2.7.0/specifications
Fetching https://github.com/jbox-web/gitolite-rugged.git
error: cannot open .git/FETCH_HEAD: Permission denied
Retrying `git fetch --force --quiet --tags
/opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454`
at /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 due to error
(2/4): Bundler::Source::Git::GitCommandError Git error: command `git fetch
--force --quiet --tags
/opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454`
in directory /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 has
failed.
If this error persists you could try removing the cache directory
'/var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06'
Retrying `git fetch --force --quiet --tags
/opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454`
at /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 due to error
(3/4): Bundler::Source::Git::GitCommandError Git error: command `git fetch
--force --quiet --tags
/opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454`
in directory /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 has
failed.
If this error persists you could try removing the cache directory
'/var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06'
Retrying `git fetch --force --quiet --tags
/opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454`
at /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 due to error
(4/4): Bundler::Source::Git::GitCommandError Git error: command `git fetch
--force --quiet --tags
/opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454`
in directory /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 has
failed.
If this error persists you could try removing the cache directory
'/var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06'
Git error: command `git fetch --force --quiet --tags
/opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454`
in directory
/var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 has failed.
If this error persists you could try removing the cache directory
'/var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06'
"
indeed /var/lib/gems/2.7.0/bundler/gems/ gems are owned by root as they where
copied to bundler system folder by redmine.postinst "bundle install --local"
call.
May you call "bundle install --local" with sudo as www-data as the "bundle exec
rake" or as any other user as wishlist bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606982 does.
Best regards
Alban
-- System Information:
Debian Release: 11.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable'), (90, 'unstable'), (1, 'experimental')
Architecture: armhf (armv7l)
Kernel: Linux 5.10.0-9-armmp (SMP w/4 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages redmine depends on:
ii dbconfig-common 2.0.19
ii debconf [debconf-2.0] 1.5.77
ii libjs-chart.js 2.9.4+dfsg+~cs2.10.1-3
ii libjs-jquery 3.5.1+dfsg+~3.5.5-7
ii libjs-jquery-ui 1.12.1+dfsg-8
ii libjs-raphael 2.3.0-3
ii libruby2.7 [ruby-csv] 2.7.4-1
ii redmine-pgsql 4.0.7-1
ii ruby 1:2.7+2
ii ruby-actionpack-action-caching 1.2.1-1
ii ruby-actionpack-xml-parser 2.0.1-4
ii ruby-bundler 2.2.5-2
ii ruby-coderay 1.1.3-4
ii ruby-csv 3.1.9-1
ii ruby-i18n 1.8.8-1
ii ruby-jquery-rails 4.3.5-2
ii ruby-mail 2.7.1+dfsg1-1.1
ii ruby-mime-types 3.3.1-1
ii ruby-mimemagic 0.3.5+dfsg-1
ii ruby-mini-mime 1.0.2-1
ii ruby-net-ldap 0.16.1-1
ii ruby-nokogiri 1.11.1+dfsg-2
ii ruby-rack 2.1.4-3
ii ruby-rack-test 0.7.0-1.1
ii ruby-rails 2:6.0.3.7+dfsg-2
ii ruby-rails-dom-testing 2.0.3-3
ii ruby-rails-observers 0.1.5-1.1
ii ruby-rbpdf 1.20.1-1
ii ruby-redcarpet 3.5.1-1
ii ruby-request-store 1.5.0-2
ii ruby-rmagick 2.16.0-7
ii ruby-roadie 4.0.0-1
ii ruby-roadie-rails 2.1.1-2
ii ruby-rouge 3.21.0-1
Versions of packages redmine recommends:
pn passenger <none>
Versions of packages redmine suggests:
ii brz [bzr] 3.1.0-8
ii bzr 2.7.0+bzr6622+brz
pn cvs <none>
pn darcs <none>
ii git 1:2.30.2-1
pn mercurial <none>
pn ruby-fcgi <none>
ii subversion 1.14.1-3
-- Configuration Files:
/etc/default/redmine changed:
REDMINE_INSTANCES_OWNERSHIP=redmine:www-data
REDMINE_INSTANCES_FOLLOW_FHS=yes
REDMINE_INSTANCES_ROOT=/var/lib/redmine
-- debconf information:
* redmine/instances/default/database-type: pgsql
redmine/instances/default/internal/skip-preseed: true
* redmine/instances/default/remote/host: localhost
redmine/instances/default/pgsql/admin-user: debian-sys-maint
redmine/instances/default/dbconfig-upgrade: true
redmine/instances/default/db/basepath:
redmine/missing-redmine-package:
redmine/default-language: en
redmine/instances/default/missing-db-package-error: abort
redmine/instances/default/mysql/method: Unix socket
redmine/instances/default/db/app-user: redmine_default@localhost
redmine/instances/default/dbconfig-remove:
redmine/instances/default/remote/port: 3306
redmine/instances/default/pgsql/changeconf: false
redmine/instances/default/internal/reconfiguring: false
redmine/instances/default/remove-error: abort
redmine/instances/default/pgsql/authmethod-admin: ident
redmine/instances/default/upgrade-backup: true
redmine/instances/default/pgsql/method: TCP/IP
redmine/notify-migration:
redmine/instances/default/pgsql/authmethod-user: password
redmine/instances/default/default-language: en
redmine/instances/default/db/dbname: redmine_default
redmine/old-instances:
redmine/current-instances: default
* redmine/instances/default/mysql/admin-user: debian-sys-maint
redmine/instances/default/pgsql/manualconf:
redmine/instances/default/passwords-do-not-match:
* redmine/instances/default/dbconfig-install: true
redmine/instances/default/upgrade-error: abort
redmine/instances/default/dbconfig-reinstall: false
redmine/instances/default/pgsql/no-empty-passwords:
redmine/instances/default/install-error: abort
redmine/instances/default/purge: false
redmine/instances/default/remote/newhost: localhost
--- End Message ---
--- Begin Message ---
Quack,
/usr/share/redmine/Gemfile* files are part of the package and are not
supposed to be modified. We use bundle install to verify that
dependencies are properly installed, it is not meant to install
dependencies (note the `--local`), that would be against the Debian
policy (all dependencies need to be packaged). If you modify the Gemfile
then you're going to break this verification and the next upgrade of the
package is going to remove all your changes anyway.
I would suggest that you look at the documentation in
/usr/share/doc/redmine/README.Debian.gz. It explains that you can can
drop plugins into /usr/share/redmine/plugins/. If you need dependencies
then you would need to install the proper ruby-* packages. If some are
missing then it can indeed be a problem: you can request for a new
library to be packaged, and a backport to stable, or if this cannot wait
then you would need to install them another way (maybe bundle install
--system but that could affect other apps, maybe limit it to the
www-data user to reduce the impact). I have always found the necessary
libraries packaged so far but I have not tried redmine_git_hosting and
clearly using git versions of gems is going to be very problematic.
I understand that can be annoying but if you change the Gemfile in any
way then you're not using the packages we're preparing anymore since
dependencies needed for your plugins could override versions of
dependencies used by redmine, even create conflicts, and in the end we
simply cannot support all possible situations.
Since this is documented and modifying the application is not supported,
I'm going to close this ticket.
Regards.
\_o<
--
Marc Dequènes
--- End Message ---
