Your message dated Wed, 15 Jan 2025 14:46:49 +0000
with message-id <[email protected]>
and subject line Bug#1093135: fixed in clonezilla 5.8.7-2
has caused the Debian Bug report #1093135,
regarding clonezilla: move /usr-move fallout due to wrong use of dpkg-divert
--rename (DEP17)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1093135: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093135
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: clonezilla
Version: 5.8.7-1
Severity: important
Tags: patch
I'm sorry to tell you that the /usr-move fallout is not over. The use of
the --rename flag was wrong in many M18 mitigations. Refer to
https://lists.debian.org/debian-devel/2025/01/msg00125.html for details.
Whilst I was not able to reproduce issues for clonezilla, I recognized
the bad pattern and other defects.
https://sources.debian.org/src/clonezilla/5.8.7-1/setup/files/ocs/live-hook/ocs-live-hook-functions/#L306
removes the canonicalized diversion again whereas the file being
referenced two lines earlier hints at an aliased diversion.
It should also be noted that the existence of
/usr/sbin/start-stop-daemon.distrib may indicate the existence of an
aliased diversion (in bookworm) or a canonicalized diversion (in
trixie), so the code likely does not work for bookworm. I suppose this
is ok-ish.
When restoring the diversions, we may restore
/usr/sbin/start-stop-daemon before adding the /sbin/start-stop-daemon
diversion using --rename. This is exactly the pattern that lead to the
investigation and will move the replacement file. A better pattern is to
first do both diversions and then set up the replacement file.
I am attaching an updated debian/patches/fix_usr_merge.patch, but I have
not figured out how to test it. Keep the fingers crossed. Given that
nobody else noticed, this code may as well be dead code.
Helmut
--- clonezilla-5.8.7.orig/setup/files/ocs/live-hook/ocs-live-hook-functions
+++ clonezilla-5.8.7/setup/files/ocs/live-hook/ocs-live-hook-functions
@@ -275,12 +275,12 @@
# By doing apt-get --purge remove cdebootstrap-helper-diverts, it will
# Removing `diversion of /sbin/start-stop-daemon to /sbin/start-stop-daemon.REAL by cdebootstrap-helper-diverts'
# Removing `diversion of /usr/sbin/invoke-rc.d to /usr/sbin/invoke-rc.d.REAL by cdebootstrap-helper-diverts'
- if [ -e /sbin/start-stop-daemon.REAL ]; then
+ if [ -e /usr/sbin/start-stop-daemon.REAL ]; then
apt-get -y --purge remove cdebootstrap-helper-diverts
fi
# For live-build v2.x, the file name is /sbin/start-stop-daemon.orig, and no more cdebootstrap-helper-diverts in lb_chroot_dpkg. We just restore it. Otherwise the file start-stop-daemon copied to /tftpboot/node_root/sbin/ will be the temp fake one.
- if [ -e /sbin/start-stop-daemon.orig ]; then
- mv -v /sbin/start-stop-daemon.orig /sbin/start-stop-daemon
+ if [ -e /usr/sbin/start-stop-daemon.orig ]; then
+ mv -v /usr/sbin/start-stop-daemon.orig /sbin/start-stop-daemon
fi
# For live-build v3.x, the file name is renamed as start-stop-daemon.distrib by
# dpkg-divert in /usr/lib/live/build/chroot_dpkg:
@@ -312,6 +312,15 @@
set_start_stop_daemon_diverts(){
# For live-build v3.x, after drblpush, we have to revert the status to fake, temp one, so the rest of chroot_dpkg command won't remove the real /sbin/start-stop-daemon.
# Ref: /usr/lib/live/build/chroot_dpkg
+ # begin-remove-after: released:trixie
+ if [ "$lb_3_start_stop_daemon_revert_aliased_flag" = "true" ]; then
+ if dpkg -D /sbin/start-stop-daemon >/dev/null 2>&1; then
+ dpkg-divert --rename --add --divert /sbin/start-stop-daemon.distrib.usr-is-merged /sbin/start-stop-daemon
+ else
+ dpkg-divert --no-rename --add --divert /sbin/start-stop-daemon.distrib.usr-is-merged /sbin/start-stop-daemon
+ fi
+ fi
+ # end-remove-after
if [ "$lb_3_start_stop_daemon_revert_flag" = "true" ]; then
dpkg-divert --rename --add /usr/sbin/start-stop-daemon
cat > /usr/sbin/start-stop-daemon << EOF
@@ -322,8 +331,7 @@
chmod 755 /usr/sbin/start-stop-daemon
fi
# begin-remove-after: released:trixie
- if [ "$lb_3_start_stop_daemon_revert_aliased_flag" = "true" ]; then
- dpkg-divert --rename --add --divert /sbin/start-stop-daemon.distrib.usr-is-merged /sbin/start-stop-daemon
+ if [ "$lb_3_start_stop_daemon_revert_aliased_flag" = "true" ] && [ "$lb_3_start_stop_daemon_revert_flag" != "true" ]; then
cat > /sbin/start-stop-daemon << EOF
#!/bin/sh
@@ -405,6 +413,7 @@
UDEV_END
update_initramfs_flag="yes"
fi
+ # end-remove-after
}
#
append_framebuffer_modules_if_necessary() {
--- End Message ---
--- Begin Message ---
Source: clonezilla
Source-Version: 5.8.7-2
Done: Georges Khaznadar <[email protected]>
We believe that the bug you reported is fixed in the latest version of
clonezilla, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Georges Khaznadar <[email protected]> (supplier of updated clonezilla package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 15 Jan 2025 15:01:45 +0100
Source: clonezilla
Architecture: source
Version: 5.8.7-2
Distribution: unstable
Urgency: medium
Maintainer: Georges Khaznadar <[email protected]>
Changed-By: Georges Khaznadar <[email protected]>
Closes: 1093135
Changes:
clonezilla (5.8.7-2) unstable; urgency=medium
.
* fixed debian/patches/fix_usr_merge.patch, thanks to Helmut Grohne
Closes: #1093135
Checksums-Sha1:
ece6b79622f80a14c6d83ec7f27369fe3e587f00 1842 clonezilla_5.8.7-2.dsc
4e10a3a74b3b0dcd0cd6c2c130ef1df9f62428cb 5628 clonezilla_5.8.7-2.debian.tar.xz
8cdc517e071d45778d297ac23605633e186bed5b 5833
clonezilla_5.8.7-2_amd64.buildinfo
Checksums-Sha256:
2fa2e4b5f3035cd4af19a470ebb76c5fb7f16b5174b317ceff5d21e529dd4672 1842
clonezilla_5.8.7-2.dsc
e52ba1e9fd6262eea8df6e7e59c8791096a25d5c53f6842aacf02439011fdba0 5628
clonezilla_5.8.7-2.debian.tar.xz
ed3e2264868bad66450771c91eb95285b4a59116e1db84bb320b97e661e8276f 5833
clonezilla_5.8.7-2_amd64.buildinfo
Files:
566d0d7725b63d9a79e684333890a889 1842 admin optional clonezilla_5.8.7-2.dsc
2f73286b5f49f8634b3a4bf9c5d2c079 5628 admin optional
clonezilla_5.8.7-2.debian.tar.xz
c1ae99376eae04f9881b46e74f25cf45 5833 admin optional
clonezilla_5.8.7-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEM0CzZP9nFT+3zK6FHCgWkHE2rjkFAmeHwJMACgkQHCgWkHE2
rjmGlg/+McM4MiAj+UVMS3ovFr/QK2M5RoWRx6dl+TPJ5ZkrWcVCIgQQdCw3Zuy5
ZZnQkzGzYkiJoJ25300AOxBfQgk1xgf8eOlOZ/7eaYSIZT5a2ATJgDbZ0UwnX6Dt
9102i69w6VycdMc1+lo7brdTU2HpIZU5mJHPYo3rGtulMxPD4d5BjVG0592WNuZW
fbmbC7aEQ5bYplPRQOsm5vAPLMXFc8Z1ADlJPA2G5yts8EAPnG1ylOhKAJSG4nLK
bxO6+K4biTzpp96sHDmkYvLb7SlcZ4GxMj+OYLadAlb3dqOO4fJhRlVB7f6PW0zY
+0k+Xyv4j6VK77kojbi18qv/+KZH80ylkJ15KZNvzkvhr8IC9+/YjPJPpvSVDWZb
SYV1PJqg5oJArKYRWmnQEPhSTtTAMLGkzLsX3SSWrj2w7URp6xlMkiI79Z9aW4xf
Dv/f1idbzFc0mqqYTUh5NT+m3jpalWOTaPmLz5zCua+IE/mr3zgWPEz6EOvp2V0l
U6kP1U9q+mdWThI16eSrmMALNhZ6s/6k44zq8QTye6jqSPjfTl2MyCWMoW7MxB6r
Y1mgB6X/P8DOdF4qlOicACYhyiO/5wUki9Z/hsdPk/HgCmmxPnuJG7ehKA6GxN9f
7Lmh590iT8wEJhhiWgIw4kCGTQ/TXplJIQSplsUyx6EJ22Yh+bY=
=gjhH
-----END PGP SIGNATURE-----
pgpJVgfiYkR35.pgp
Description: PGP signature
--- End Message ---
