Bug#1055599: dh_installsystemd tries to start static unit which deb-systemd-invoke rejects

2023-11-08 Thread Daniel Carpenter 
Package: debhelper
Version: 13.11.4

If I include this static (i.e. no [Install] section) systemd service:

# debian/debhelper-example.service
[Service]
Type=oneshot
ExecStart=true

then dh_installsystemd will insert this snippet in postinst:

if [ -n "$2" ]; then
_dh_action=restart
else
_dh_action=start
fi
deb-systemd-invoke $_dh_action 'debhelper-example.service' >/dev/null ||
true

When I install the package, deb-systemd-invoke issues a warning:

debhelper-example.service is a disabled or a static unit, not starting it.

Indeed, such a unit should not be started on package installation (but
rather by a path, socket or timer unit). I notice that dh_installsystemd
produces another snippet which enables the unit if it contains an [Install]
section. I think both snippets should be omitted for static units.

On upgrades, the restart part makes more sense, but for type=oneshot I
think that's only relevant if RemainAfterExit=true.

As a workaround, I can write:

override_dh_installsystemd:
dh_installsystemd --no-start

in debian/rules, but that prevents any units from being started, not just
the static ones. I assume you have to list the static units with
--no-start, and the others without it, but that's more error prone than
letting debhelper handle it.

Bug#1055591: maintainer-script-lacks-home-in-adduser erroneously raised

2023-11-08 Thread Daniel Carpenter 
Package: lintian
Version: 2.116.3

If my postinst contains:

adduser --system --home=/var/lib/myuser myuser

Then lintian complains:

E: lintian-adduser-bug: maintainer-script-lacks-home-in-adduser "adduser
--system --home=/var/lib/myuser myuser" [postinst:2]

As a workaround, I can wrap adduser or --system in quotes, or remove the
equals sign between --home and the directory. Then lintian does not
complain, even though those variations have the same meaning.

Bug#1053449: VisiData requires python3-pkg-resources

2023-10-04 Thread Daniel Carpenter 
Package: visidata
Version: 2.11-1

When I install visidata in a fresh debian:sid docker container, it crashes
when I try to start it:

  File "/usr/bin/vd", line 3, in 
import visidata.main
  File "/usr/lib/python3/dist-packages/visidata/__init__.py", line 102, in

import visidata.main
  File "/usr/lib/python3/dist-packages/visidata/main.py", line 19, in

from pkg_resources import resource_filename
ModuleNotFoundError: No module named 'pkg_resources'

If I also install python3-pkg-resources, it does start. Is it a dependency?

I see that bullseye is not affected, but bookworm and trixie are.

Bug#1051423: Documentation for return command

2023-09-07 Thread Daniel Carpenter 
Package: dash
Version: 0.5.11+git20200708+dd9ef66-5

Dear maintainer,

The dash manpage states:

 The syntax of the return command is

   return [exitstatus]

 It terminates the currently executing function.  Return is implemented
as a builtin command.

I can't find any reference to what happens when exitstatus is omitted. Bash
does this:

   return [n]
  Causes  a  function  to  stop  executing and return the value
specified by n to its
  caller.  If n is omitted, the return status is that of the
last command executed in
  the  function body.

Is it the same? Could a sentence be added to the manpage (or return could
be added to the builtins section, like exit)?

Kind regards,
Dan

Bug#1025976: python3-minimal: debpython.files.from_package passes input to system shell

2022-12-12 Thread Daniel Carpenter 
Package: python3-minimal
Version: 3.9.2-3
Severity: normal
X-Debbugs-Cc: danseb...@gmail.com

Dear Maintainer,

The from_files function in /usr/share/python3/debpython/files.py passes its
argument to the shell. It calls `Popen("/usr/bin/dpkg -L %s" %
package_name, shell=True)`, executing the contents of package_name as code.
A safe alternative is `subprocess.run("/usr/bin/dpkg", "-L", package_name)`.

A consequence of this is that `py3clean "--package=; touch /tmp/hello"`
runs the embedded command and shows the incorrect error message
"dpkg-query: error: --listfiles needs at least one package name argument"
instead of e.g. "dpkg-query: package '; touch /tmp/hello' is not installed".

Yours faithfully,
Dan

Bug#987188: libcurl3-gnutls from buster-backports enables broken tls 1.3

2021-04-29 Thread Daniel Carpenter 
I stumbled upon the same issue when trying to use libcurl to send e-mail via 
"smtp.googlemail.com" as part of a C application. With curl 7.64, TLS 1.2 is 
used and the e-mail is sent. However, with curl 7.74, TLS 1.3 is used, and I 
see (before any SMTP communication):


* GnuTLS recv error (-10): The specified session has been invalidated for some 
reason.
* Closing connection 0
context.c:91 Cannot transfer: Failure when receiving data from the peer

So the e-mail is not sent.


libcurl3-gnutls never used TLS 1.3 before 
https://github.com/curl/curl/pull/5223 . We could revert that change for buster 
backports by disabling this "if" check 
https://github.com/curl/curl/blob/curl-7_74_0/lib/vtls/gtls.c#L587 so that +SRP 
is always in the "priority list" and TLS 1.3 is always disabled.

git has a GIT_SSL_VERSION option, but it doesn't seem to work (this fails, 
trying to use TLS 1.3 anyway): GIT_CURL_VERBOSE=T GIT_SSL_VERSION=tlsv1.2 git 
clone https://github.com/git/git

In case it helps anyone else, my application works again when I set 
CURLOPT_SSLVERSION to CURL_SSLVERSION_MAX_TLSv1_2 .