Your message dated Tue, 13 Sep 2022 14:34:41 +0000
with message-id <e1oy6zp-005djd...@fasolo.debian.org>
and subject line Bug#992662: fixed in cfengine3 3.15.2-3.2
has caused the Debian Bug report #992662,
regarding cfengine3: stores wrong path to chpasswd, etc. if built on
merged-/usr system
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
992662: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992662
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: cfengine3
Version: 3.15.2-3
Severity: important
Tags: patch bookworm sid
User: reproducible-bui...@lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org, Fabio Tranchitella
<kob...@debian.org>
If cfengine3 is built on a merged-/usr system (as created by new
installations of Debian >= 10, debootstrap --merged-usr, or installing
the usrmerge package into an existing installation), the paths to
chpasswd, useradd etc. are recorded in the binary as /sbin/chpasswd,
/sbin/useradd, etc.
This can be seen on the reproducible-builds.org infra:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/cfengine3.html
(search for "/sbin/chpasswd" to see the differences I'm concerned about).
If you have sbuild available, an easy way to reproduce this is to build
twice, once with --add-depends-arch=usrmerge and once without.
The problematic situation is if the package is *built* on a merged-/usr
system, but *used* on a non-merged-/usr system. In this situation,
/sbin/chpasswd etc. exist on the build system but not on the system
where cfengine3 will be used, resulting in the features that use these
executables not being available.
Technical Committee resolution #978636 mandates heading towards a
transition to merged-/usr, and this will become a non-issue at the end of
that transition; but variation between merged-/usr and non-merged-/usr
builds is a problem while that transition is taking place, because it
can lead to partial upgrades behaving incorrectly. It is likely that
this class of bugs will become release-critical later in the bookworm
development cycle.
The attached patch resolves this: with it applied, the package builds
identically with and without --add-depends-arch=usrmerge.
A side benefit of fixing this is that this change seems likely to be
sufficient to make the package reproducible (as recommended by Policy
ยง4.15).
smcv
>From 9e28323e714949a960c88c56b99aab5d6b90f91a Mon Sep 17 00:00:00 2001
From: Simon McVittie <s...@debian.org>
Date: Sat, 21 Aug 2021 23:13:30 +0100
Subject: [PATCH] Specify canonical paths to chpasswd, etc.
If cfengine3 is built on a merged-/usr system where both /usr/bin/chpasswd
and /sbin/chpasswd exist, it will hard-code the latter into binaries,
resulting in a package that will not work correctly when used on
non-merged-/usr systems. Forcing the canonical path will make it work
on any combination of merged-/usr and non-merged-/usr build and runtime
systems, as well as improving reproducibility.
Signed-off-by: Simon McVittie <s...@debian.org>
---
...4-Make-it-possible-to-override-paths.patch | 46 +++++++++++++++++++
debian/patches/series | 1 +
debian/rules | 4 ++
3 files changed, 51 insertions(+)
create mode 100644 debian/patches/cf3_path_root_prog.m4-Make-it-possible-to-override-paths.patch
diff --git a/debian/patches/cf3_path_root_prog.m4-Make-it-possible-to-override-paths.patch b/debian/patches/cf3_path_root_prog.m4-Make-it-possible-to-override-paths.patch
new file mode 100644
index 00000000..a0eb3398
--- /dev/null
+++ b/debian/patches/cf3_path_root_prog.m4-Make-it-possible-to-override-paths.patch
@@ -0,0 +1,46 @@
+From: Simon McVittie <s...@debian.org>
+Date: Sat, 21 Aug 2021 23:13:08 +0100
+Subject: cf3_path_root_prog.m4: Make it possible to override paths
+
+CF3_PATH_ROOT_PROG is documented to have almost the same semantics as
+AC_PATH_PROG, but AC_PATH_PROG has the key feature that if the variable
+given as its first argument is set to a value, that value is used as-is.
+Give CF3_PATH_ROOT_PROG that feature too, so that we can force the paths
+for various programs to take their canonical values.
+
+Signed-off-by: Simon McVittie <s...@debian.org>
+---
+ libntech/m4/cf3_path_root_prog.m4 | 4 ++++
+ m4/cf3_path_root_prog.m4 | 4 ++++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/libntech/m4/cf3_path_root_prog.m4 b/libntech/m4/cf3_path_root_prog.m4
+index c7fe4f9..00ed909 100644
+--- a/libntech/m4/cf3_path_root_prog.m4
++++ b/libntech/m4/cf3_path_root_prog.m4
+@@ -40,6 +40,10 @@ AC_DEFUN([CF3_PATH_ROOT_PROG],
+ ])
+ AS_ECHO_N(["checking for $2... "])
+ for i in $(echo $path | sed -e 's/:/ /g'); do
++ AS_IF([test -n "$][$1"], [
++ found=1
++ break
++ ])
+ AS_IF([test -e $i/$2 && ls -ld $i/$2 | grep ['^[^ ][^ ][^ ][xs][^ ][^ ][^ ][^ ][^ ][^ ]'] > /dev/null], [
+ $1=$i/$2
+ found=1
+diff --git a/m4/cf3_path_root_prog.m4 b/m4/cf3_path_root_prog.m4
+index 8d5613f..1743acd 100644
+--- a/m4/cf3_path_root_prog.m4
++++ b/m4/cf3_path_root_prog.m4
+@@ -40,6 +40,10 @@ AC_DEFUN([CF3_PATH_ROOT_PROG],
+ ])
+ AS_ECHO_N(["checking for $2... "])
+ for i in $(echo $path | sed -e 's/:/ /g'); do
++ AS_IF([test -n "$][$1"], [
++ found=1
++ break
++ ])
+ AS_IF([test -e $i/$2 && ls -ld $i/$2 | grep ['^[^ ][^ ][^ ][xs][^ ][^ ][^ ][^ ][^ ][^ ]'] > /dev/null], [
+ $1=$i/$2
+ found=1
diff --git a/debian/patches/series b/debian/patches/series
index 7ed77bb0..b6c8f4f3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,4 @@
0011-fix_interpreters.patch
0012-CFE-3401-remove_unused_buffer.patch
0013-rename_package_to_cfengine3.patch
+cf3_path_root_prog.m4-Make-it-possible-to-override-paths.patch
diff --git a/debian/rules b/debian/rules
index 99786275..866b3d1e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -17,6 +17,10 @@ export V=1
# openssl1.1 transition, re-enable once it becomes ready.
override_dh_auto_configure:
dh_auto_configure -- \
+ CHPASSWD=/usr/sbin/chpasswd \
+ USERADD=/usr/sbin/useradd \
+ USERDEL=/usr/sbin/userdel \
+ USERMOD=/usr/sbin/usermod \
--enable-fhs \
--libdir=/usr/lib \
--with-logdir=/var/log/cfengine3 \
--
2.33.0
--- End Message ---
--- Begin Message ---
Source: cfengine3
Source-Version: 3.15.2-3.2
Done: Hugh McMaster <hugh.mcmas...@outlook.com>
We believe that the bug you reported is fixed in the latest version of
cfengine3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 992...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hugh McMaster <hugh.mcmas...@outlook.com> (supplier of updated cfengine3
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 09 Sep 2022 17:13:10 +1000
Source: cfengine3
Architecture: source
Version: 3.15.2-3.2
Distribution: unstable
Urgency: medium
Maintainer: Antonio Radici <anto...@debian.org>
Changed-By: Hugh McMaster <hugh.mcmas...@outlook.com>
Closes: 945623 949086 972893 992662 998014
Changes:
cfengine3 (3.15.2-3.2) unstable; urgency=medium
.
* Non-maintainer upload.
* debian/control:
+ Build-Depend on pkg-config.
+ cfengine3: Recommend python3 instead of python (Closes: #998014).
* debian/patches:
+ Drop 883480-fix-crossbuild-libxml2.patch (no longer needed).
+ Use pkg-config to find libxml2 (Closes: #972893, #949086).
+ Remove /sbin from the CF3_PATH_ROOT_PROG macro PATH override to ensure
system tools can be invoked on usr-merged and non-usr-merged systems
(Closes: #992662).
+ Fix python3 and shell interpreter paths; use python3 syntax in upstream
apt_get module (Closes: #945623).
+ Fix spelling error in openssl3.patch metadata.
Checksums-Sha1:
671a149edf279e8cf0bbe4045b494797b97e2824 2340 cfengine3_3.15.2-3.2.dsc
af2a917fcda4923acf7de4975092a2f4c5587383 483402
cfengine3_3.15.2.orig-masterfiles.tar.gz
6b71fdb0e22de1a647044b6aa3a1e2d8ad6556da 3099121 cfengine3_3.15.2.orig.tar.gz
521d62882298d430cac20ebcf5db0476a8214473 21644
cfengine3_3.15.2-3.2.debian.tar.xz
52b5ff7cfbef46fbcc8b9d6777e2c2801decbf62 9057
cfengine3_3.15.2-3.2_amd64.buildinfo
Checksums-Sha256:
f299e5625338e92df4d7d474fca33370808efe20768b642e47da6428f74fa6d4 2340
cfengine3_3.15.2-3.2.dsc
6d05f3211c80f0295677f3ddadf1959b3e624a847814097d5e3ed54c11aaf759 483402
cfengine3_3.15.2.orig-masterfiles.tar.gz
d1c570b7a0f47794a92f66e21cccdc86b8f56a7028a389780e705db41bfd3cab 3099121
cfengine3_3.15.2.orig.tar.gz
c2cb8fca0004e25fff0f5c0f2bedb475326af8f0cf05f285e2664369f82bd9c8 21644
cfengine3_3.15.2-3.2.debian.tar.xz
933e3e923d203f336cc0a894c8ced6d74c1ab9ffe121676aea76ea07b0b97219 9057
cfengine3_3.15.2-3.2_amd64.buildinfo
Files:
17c1a994fd6aa4ea50522cb4b44b2349 2340 admin optional cfengine3_3.15.2-3.2.dsc
27b6ead9201b14a11167cedfbaacf977 483402 admin optional
cfengine3_3.15.2.orig-masterfiles.tar.gz
be04030c007dacd69ad705059a906495 3099121 admin optional
cfengine3_3.15.2.orig.tar.gz
eb81dc34f6d083345d7d0bf56c01abba 21644 admin optional
cfengine3_3.15.2-3.2.debian.tar.xz
7c887cbc28caafd8fe2095cd40e4d222 9057 admin optional
cfengine3_3.15.2-3.2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEienqSdlSvBRoCebg9oBraugTkrAFAmMgirQACgkQ9oBraugT
krAN/Q//XYB6x8z0hSR7QIAYztLWICbEM8syjkmgjLIY3DWfnPRQxyKLkw/bKmvT
1Gz/RxMbT7CSMuIJxwL+hBsojSdTxgr8rp4kgRorA/041MYi0W9c7OzUGztVzUYq
qwdLMxwuq8oYWUTNTIt7Z+VTpdkEOEBDSEKHPnuPo2IGo3ju4FVDb0lYoaX3Nf3s
6F534Lb+fNNCylaOHWiiB/K9BrEjIVv0jVbPFj+6rTFzhrdEUKRj14GgCw48pId5
2lppOv7IaruKr0pkPKx+ANVrG72O3BeqQ2rXJpCAmd2AMBqpUYklZkhbLa9nPhfF
LzAax6uj4gI+C2SDKd+g41lVYClQ6fPr3onWIPzT7HrwKbiek4LhEdaY5UVqad7d
oVqAoYzucN0BCJ2fv5kGjMQtQ6fIJ3dSqeNirpEHKQCjdMaNWPhzgL7xEdUlBItx
H/EWfXQcusX5T+O3HAGkmIZytdFz4amCuCCGVGRTub2nRSgu+QFE0N2CzQ+RREd6
jFtrJxRHxSZkrfq05R7X22/CzvY3l79L8PGbxeyjWs6qnhrQUNX1+VxLzan1ifU7
NYczfBxE4LMidSdHHV+8/GiNFfH1igsLJYJRov/qPFY4HHH/Sl1UsgauNrKJ5xI8
GkhfsWEX1SVBKlf3XrkfIQQHWzda+E3/RSPkFaU5uG30ibc+SXg=
=WYVj
-----END PGP SIGNATURE-----
--- End Message ---
