Your message dated Thu, 03 Apr 2025 16:19:51 +0000
with message-id <[email protected]>
and subject line Bug#1093545: fixed in runit 2.2.0-2
has caused the Debian Bug report #1093545,
regarding runit: please consider fake xchpst compat for runscripts
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1093545: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093545
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: runit
Version: 2.1.2-60
Severity: wishlist
Tags: patch
Hey Lorenzo,
Would you consider adding a script to your runit package to help
runscripts benefit from my new xchpst hardening tool while falling back
to chpst-compatible options when it isn't installed, please?
xchpst works on the same principle as chpst and includes all of chpst's
options for compatibility, but adds support for Linux namespaces and
capabilities as well as other new process control features that chpst
predates.
I hope to add new features in future. I believe that runit is an
attractive service supervisor, not just for low footprint or embedded
systems, but also for desktops and servers, and that the runit ecosystem
could offer a capable non-monolithic option in those use cases without
compromising the low footprint ones! This might also preempt criticism
of systemd alternatives and improve the impression of runscripts
contributed to service packages.
The compatibility script would get installed as /usr/bin/xchpst and work
by stripping out any extended options before passing the remainder of
the command line to /usr/bin/chpst. If xchpst is installed, it sets up a
dpkg-divert and installs the proper /usr/bin/xchpst. Runscripts which
are written to benefit from extended options simply call xchpst but
indicate with a marker option ('-@') when they end.
You can find my proposed change as the head commit here:
<https://salsa.debian.org/abower/runit/-/commits/xchpst-compat>
For proof-of-concept examples of how runscripts could use this new
functionality, please see the head commit here:
<https://salsa.debian.org/abower/runit-services/-/commits/xchpst-poc>
Do you have any other thoughts on how this compatibilty could be
achieved? I'd be interested in any other options!
(One alternative would be for chpst to scan the options for the marker
before calling getopt(3) if it is invoked as xchpst - I'm happy to code
that approach up if you prefer it!)
I hope you feel this proposal is compatible with the direction you are
trying to take runit - minimal dependencies and footprint etc..
I have structured this solution so it doesn't bloat runit or runscripts
unless users and scripts opt in to take advantage. (I think the changes
would have been excessive to introduce into chpst itself and overwhelm
the code base, hence a separate tool.)
Although there would be at most minimal use of this facility in trixie,
it would be nice for the compat to be present to support third party
packages and user experimentation in the stable release ahead of forky,
and xchpst reached the archive sooner than I was expecting! For trixie
I will be focussed on consolidating the existing options and integration.
I look forward to any feedback you have, and as always thanks for all
the work on runit! I am conscious that other areas are your priority
at the moment.
Andrew
--- End Message ---
--- Begin Message ---
Source: runit
Source-Version: 2.2.0-2
Done: Lorenzo Puliti <[email protected]>
We believe that the bug you reported is fixed in the latest version of
runit, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lorenzo Puliti <[email protected]> (supplier of updated runit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 21 Mar 2025 11:53:56 +0100
Source: runit
Architecture: source
Version: 2.2.0-2
Distribution: unstable
Urgency: medium
Maintainer: Lorenzo Puliti <[email protected]>
Changed-By: Lorenzo Puliti <[email protected]>
Closes: 1093545
Changes:
runit (2.2.0-2) unstable; urgency=medium
.
* stage 3: raise shutdown timeout to 25 sec
* test /etc/runit/stopit instead of /run/runit.stopit
* temporary add a compatibility symlink for runit-init
* sysv-override:
- update readme file
- map force-reload to reload
* runit-init: add protected: yes
* invoke-run: add experimental support for xchpst (Closes: #1093545)
* runit: breaks with xchpst << 0.5.0-1~
* fix FTBFS on alpha due to a race in rescan-test
Checksums-Sha1:
57fbec499496b17a61e8452e2c9e623e04659ebf 2053 runit_2.2.0-2.dsc
676913600f3cc619a768fefcc1e2ea4ebf6374b6 69572 runit_2.2.0-2.debian.tar.xz
15d0e2f99236538cae6bfb67947bff7bea824e84 5580 runit_2.2.0-2_source.buildinfo
Checksums-Sha256:
7347408b5d6bd36408d30c5a7a15030e5a722e23aeb352bea60ea251c9f6375b 2053
runit_2.2.0-2.dsc
e65ca59b268e77809743442256c51feb5622220e342adcadebd7bddb4609ab3c 69572
runit_2.2.0-2.debian.tar.xz
3ff5016502759f0bd4d04b8500cc13066ef59379afd839de86e8b52acb0ce508 5580
runit_2.2.0-2_source.buildinfo
Files:
eba655d7a21596926df2d875c3bab6da 2053 admin optional runit_2.2.0-2.dsc
4d5c54c159d8de045cb68fbdb8e24a1c 69572 admin optional
runit_2.2.0-2.debian.tar.xz
382eccd45bbece36fe3208b0241c9da7 5580 admin optional
runit_2.2.0-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmfusRwQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFNNVC/44V1jacgdnYwSnSlGB5sXgMMeANWTHD/1N
V4QGTpT35XxabM6gAD9NeFG9ZAC1cQ6uzdD2LNfeMJVtTOJl2XSMaU2eJfOkWz8n
eNXbZaDmaC3Cx+PLNlOTdZYhTXyLfC38Yc7EhNsUM82GOFXbSnIo3MA6mKVkt4w0
b+foo3O7xvPvecZ6BrQsDitscr1+Ggf7St22p5ZfkwnnTMKQL12wWzLR/RJY1JfB
dXXeoxmK1BQbHmy7j4C1iRRmNJQ+hF6yWh3uVCgZaZm7H2TxBJbAqBTa7sBX92He
zTS6pH2qTKKAcjtP5oJrfuYfy1kpRkwM8g5S8so911bsu7o/OrcstDtwhV9APL1X
O0bqeKxJ6s0h8rzYNM5WolhFYU979v3f5qa5M0grNqdVNxeP4Mq+h0F+FaZzjlq/
q6aKX70wddXMoQ6Jt/ZQvT1ju9HNl2FJX6jtDXctKcO4Dx84hVLHaR+3J1rQCbLs
e5twoDkdUos2WoGOmFFgPwHhZhJgoIo=
=uQps
-----END PGP SIGNATURE-----
pgpVifNMFvrYE.pgp
Description: PGP signature
--- End Message ---