Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Please unblock package exabgp [ Reason ] When run as root, ExaBGP won't be able to access the FIFO owned by the exabgp user. Make ExaBGP run as exabgp user to fix this situation. No need to run as root as the process has the CAP_NET_ADMIN and can therefore bind to port 179 if needed. [ Impact ] ExaBGP does not work out-of-the box. See #886568 and #989447. [ Tests ] Several users confirmed the issue is fixed in 4.2.8-2. Change has also been accepted upstream. [ Risks ] This is a leaf package. Change is small. User can still fix the problem itself if we introduce another issue. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing unblock exabgp/4.2.8-2 -----BEGIN PGP SIGNATURE----- iQJGBAEBCAAwFiEErvI0h2bzccaJpzYAlaQv6DU1JfkFAmC5W6QSHGJlcm5hdEBk ZWJpYW4ub3JnAAoJEJWkL+g1NSX5CnkQAIkOlUHYhz0grHKmD9OiUjfT7R+gF8tp /t+Vh6bMMIaFxkX/4k+uhnNoUqoKEs/563x8mvBOzyQJFADsiNTeHV0nALbiFTPr Yx/SrdoySYRefauB6rSmOjfXaeMo4Qkd5Nhd3xZYI0dgMs2MWFI34KXfDKIT52NA UHA1NXL6RzDbKEEmp4/iSBtpWGj4Qk118r0clQtISUbkIPci34RFbf/Lu5x+YJuf xrJdjYQOQZKK3aFZy4oSvh6pwq678mckHJ3gXOUboHhwV76chhhyqC1xRI1a4mI9 eI1jx3I1Y+qqu6IxDEA7+IA7MP6aW3DYXKLYlE5u5ZwK4Dns/qrtpGI9Eq00YUCx TGGBqswRn1h+CORDZYrkZNRnYo5x7kXamg4axzqrGGQv+FChDBQmb8zudzB6K1xv DKRyQHBZlbwhb8+XSvcIWjM42BgAkkuU4bMLosJTcryNZsjvlrXkCu/Q8ST97LfB 9gOnViSZNhyps+mlOUecZvkyEV81W8xoBQyZh3AMKt56GXFFl+IB3AyQkLtD/Ebg j8w/gAECb3SF93tkw7hfIYOIt5ZRlYZGXWZ26+sZkI+h80R2HcOLDCqW05Aj1cMK v7nXCxZR7ZLVYMaBGnvHU7atAFazESu5ZGeUYXrRA3lS1S715XwwfDgLMqVt2pEm S+Zlt5wPiY7E =Md+w -----END PGP SIGNATURE-----
diff --git a/debian/changelog b/debian/changelog index 8d8be4a94d23..05580f6f4a6c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +exabgp (4.2.8-2) unstable; urgency=medium + + * Patch exabgp.service to fix socket creation on start. + Closes: #886568. + + -- Vincent Bernat <ber...@debian.org> Sun, 02 May 2021 17:48:55 +0200 + exabgp (4.2.8-1) unstable; urgency=medium * New upstream release. diff --git a/debian/patches/0001-Patch-exabgp.service-to-fix-socket-creation-on-start.patch b/debian/patches/0001-Patch-exabgp.service-to-fix-socket-creation-on-start.patch new file mode 100644 index 000000000000..78d26f73f093 --- /dev/null +++ b/debian/patches/0001-Patch-exabgp.service-to-fix-socket-creation-on-start.patch @@ -0,0 +1,38 @@ +From: Vincent Bernat <vinc...@bernat.ch> +Date: Sun, 2 May 2021 17:47:10 +0200 +Subject: Patch exabgp.service to fix socket creation on start + +Patch from Marco d'Itri. + +Closes: #886568. +--- + etc/systemd/exabgp.service | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +diff --git a/etc/systemd/exabgp.service b/etc/systemd/exabgp.service +index 17ce886..b2da5ba 100644 +--- a/etc/systemd/exabgp.service ++++ b/etc/systemd/exabgp.service +@@ -7,16 +7,13 @@ After=network.target + ConditionPathExists=/etc/exabgp/exabgp.conf + + [Service] +-#User=exabgp +-#Group=exabgp + Environment=exabgp_daemon_daemonize=false +-PermissionsStartOnly=true +-ExecStartPre=-mkfifo /run/exabgp.in +-ExecStartPre=-mkfifo /run/exabgp.out +-ExecStartPre=chmod 600 /run/exabgp.in +-ExecStartPre=chmod 600 /run/exabgp.out +-ExecStartPre=chown exabgp.exabgp /run/exabgp.in +-ExecStartPre=chown exabgp.exabgp /run/exabgp.out ++User=exabgp ++Group=exabgp ++RuntimeDirectory=exabgp ++RuntimeDirectoryMode=0750 ++ExecStartPre=-/usr/bin/mkfifo /run/exabgp/exabgp.in ++ExecStartPre=-/usr/bin/mkfifo /run/exabgp/exabgp.out + ExecStart=/usr/sbin/exabgp /etc/exabgp/exabgp.conf + ExecReload=/bin/kill -USR1 $MAINPID + Restart=always diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000000000000..24c1c8f183a2 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +0001-Patch-exabgp.service-to-fix-socket-creation-on-start.patch
