Your message dated Wed, 16 Oct 2024 01:19:29 +0000
with message-id <[email protected]>
and subject line Bug#1078779: fixed in ansible-core 2.17.5-1
has caused the Debian Bug report #1078779,
regarding ansible-core: Ansible not updating mtime on changed files, keeping
old mtime!!!
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1078779: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078779
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ansible-core
Version: 2.17.0,2.17.1,2.17.2,2.17.3
Severity: important
Tags: patch upstream
X-Debbugs-Cc: [email protected]
Dear Maintainer,
Ansible is not updating mtimes on the files it changes on a system.
This breaks normal POSIX behaviour, and means make type configuration
reloads don't work. I found this when changing my firewall Shorewall
configuration, and then find that iptables was not updated! Bind9 zone
file reloading is also affected.
This 'oversight' in their programming is a criticla bug.
Upstream Bug reports are #83235 (one liner partial fix and applied as
in attached patch), and #83805) I am working with upstream to get
these crticial fixes integrated.
I found this fix backporting latest Ansible to Bookworm for my local usage.
Cheers,
Matthew Grant
-- System Information:
Debian Release: 12.6, and Sid unstable
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.103-amd64-mag-lts (SMP w/32 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages ansible-core depends on:
ii openssh-client 1:9.2p1-2+deb12u3
ii python3 3.11.2-1+b1
ii python3-cryptography 38.0.4-3
ii python3-distutils 3.11.2-3
ii python3-dnspython 2.3.0-1
ii python3-httplib2 0.20.4-3
ii python3-jinja2 3.1.2-1
pn python3-netaddr <none>
ii python3-packaging 23.0-1
ii python3-pycryptodome 3.11.0+dfsg1-4
ii python3-resolvelib 0.9.0-2
ii python3-yaml 6.0-3+b2
Versions of packages ansible-core recommends:
pn ansible <none>
pn python3-argcomplete <none>
pn python3-jmespath <none>
pn python3-kerberos <none>
pn python3-libcloud <none>
ii python3-passlib 1.7.4-3
pn python3-selinux <none>
pn python3-winrm <none>
pn python3-xmltodict <none>
Versions of packages ansible-core suggests:
pn cowsay <none>
pn sshpass <none>
Description: atomic_move() mtime fix
Fix mtime not updating on ansible template or copy
.
This fixes the issue of mtimes on ansible 2.17+ not having the
mtime/atime update when a tmplated or copied file is altered.
This can lead to issues with software that uses a make type
algorithm to dect changes on reload, such as Bind 9.x or Shorewall
the latter leading to possible security issues with firewalls not
reloading as expected!
Author: Matthew Grant <[email protected]>
Forwarded: upstream Ansible Bugs #83235 (applied upstream), #83805
Last-Update: 2024-08-16
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Index: ansible-core/lib/ansible/module_utils/basic.py
===================================================================
--- ansible-core.orig/lib/ansible/module_utils/basic.py
+++ ansible-core/lib/ansible/module_utils/basic.py
@@ -1598,6 +1598,7 @@ class AnsibleModule(object):
dest_stat = os.stat(b_dest)
os.chown(b_src, dest_stat.st_uid, dest_stat.st_gid)
shutil.copystat(b_dest, b_src)
+ os.utime(b_src, (time.time(), time.time()))
except OSError as e:
if e.errno != errno.EPERM:
raise
@@ -1645,14 +1646,14 @@ class AnsibleModule(object):
os.close(tmp_dest_fd)
# leaves tmp file behind when sudo and not root
try:
- shutil.move(b_src, b_tmp_dest_name,
copy_function=shutil.copy if keep_dest_attrs else shutil.copy2)
+ shutil.move(b_src, b_tmp_dest_name,
copy_function=shutil.copy2 if keep_dest_attrs else shutil.copy)
except OSError:
# cleanup will happen by 'rm' of tmpdir
# copy2 will preserve some metadata
if keep_dest_attrs:
- shutil.copy(b_src, b_tmp_dest_name)
- else:
shutil.copy2(b_src, b_tmp_dest_name)
+ else:
+ shutil.copy(b_src, b_tmp_dest_name)
if self.selinux_enabled():
self.set_context_if_different(
@@ -1661,6 +1662,8 @@ class AnsibleModule(object):
tmp_stat = os.stat(b_tmp_dest_name)
if keep_dest_attrs and dest_stat and
(tmp_stat.st_uid != dest_stat.st_uid or tmp_stat.st_gid != dest_stat.st_gid):
os.chown(b_tmp_dest_name,
dest_stat.st_uid, dest_stat.st_gid)
+ if keep_dest_attrs:
+ os.utime(b_tmp_dest_name, (time.time(),
time.time()))
except OSError as e:
if e.errno != errno.EPERM:
raise
--- End Message ---
--- Begin Message ---
Source: ansible-core
Source-Version: 2.17.5-1
Done: Colin Watson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ansible-core, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated ansible-core package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 16 Oct 2024 01:57:21 +0100
Source: ansible-core
Architecture: source
Version: 2.17.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 1078779 1079672
Changes:
ansible-core (2.17.5-1) unstable; urgency=medium
.
* Team upload.
* New upstream release:
- copy module now updates mtime/atime (closes: #1078779).
* Skip "raw" integration test, since it requires su (closes: #1079672).
Checksums-Sha1:
d45c77eec10ce80420250c7e6d4ccb76fec17d9e 2593 ansible-core_2.17.5-1.dsc
0ad7fe8a78a2551201796ec571f6c19b0d0bba92 3097858
ansible-core_2.17.5.orig.tar.gz
0940ab8fde82fa2ac4920d1c7a01a3b44caba41c 22768
ansible-core_2.17.5-1.debian.tar.xz
Checksums-Sha256:
3954d68b8c94ee42466a54618079012d27059630803759e2c42786a26478f548 2593
ansible-core_2.17.5-1.dsc
ae7f51fd13dc9d57c9bcd43ef23f9c255ca8f18f4b5c0011a4f9b724d92c5a8e 3097858
ansible-core_2.17.5.orig.tar.gz
715fa16f16e36e2bba716aafbd383bdf1e4ec54a0d0e3f3e8c9635c9a940c93f 22768
ansible-core_2.17.5-1.debian.tar.xz
Files:
24852070ab686b8e129a2cdbf0e68a8f 2593 admin optional ansible-core_2.17.5-1.dsc
3d90bd7a14eae29f55435f77172e1edb 3097858 admin optional
ansible-core_2.17.5.orig.tar.gz
cf2daa709e6af3c4eedd0b48b77a9efd 22768 admin optional
ansible-core_2.17.5-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmcPEDAACgkQOTWH2X2G
UAvvzQ/7B2pAZtA9D76zNLMCOyPIEs1ZBQcK87GygKUSPqLuuvj20J67KWayOgjx
+VXpH2Ut4EYU6Ut1KgPPb8/8UJGz0I0WfhEs5OrmzGLxIrBN8zPDJT+VrDu8RgQC
45S1ybbpobCLb1WuTs9IrGF3R6TC8choVc/K2NPfKVlhfaIcH0XLDWcLiXjKf5Oe
iMNshJvHKty4NH8hWwfq9MnlEDTV2fBxK7kjOUF1DfCBWkXoQieS8Dq/Ophv8wN1
/S2Zdn1b/twKwaAfVNIop/g2zQX7IF2Iwqe6msnsIW2RH9cv/ReRndsa8f5WtNRk
HT+rz+zvyP9KtgD8fW/6Q7mRySoQqDFb/J5gGya3/JqcWmSBFC8Pr9TeGUNmgftI
TUrea0/5fjDjIRX9j9lrjR5XnOUJ0w668PUbgPo6LjWyDMQsjS5fogNgclDSKT3/
1cPdhndPcf71cvB2ZMZBno5QWtKbQEAFdFaVIzCZuCztlAKJUfAKUApWWHBvYp2v
Jk7t8WERj4UwqHdMrFbEYsi1WxC5aC0TZJnAmyfnmiz5S7lwQBXxrATlUFZjLs2x
ewKXD4l0GTamP2/pWCWHiFBSLN/2g/oeiZH/6RHBAXmyIoeVEYiCo5swIj6puP5D
Nh4/BaKtPrZ2rIRgbfHpKZJGRDwXVKEcun8YGronO01ADW5NwpA=
=EgvK
-----END PGP SIGNATURE-----
pgp4uipduCDxq.pgp
Description: PGP signature
--- End Message ---
