Bug#966644: lintian: detect mismatches between symbols files and changelog versions
Package: lintian Severity: wishlist In #966409 I detected that libjpeg-turbo added symbols without including the epoch in the symbols version numbers. It would be great if lintian could detect when a version number in the symbols files does not match one of the upstream or Debian versions in the Debian changelog files. Versions older than the oldest version in the Debian changelog file can be ignored of course. I'd suggest structuring this as two complaints with two severities: * At error level, probably ftp-master rejected, for when a symbols version is just missing the epoch. So a check that any of the versions in the Debian changelog file would match the symbol versions if the epoch were present in the symbols version. * At pedantic level, for when symbols version just doesn't match any of the versions in the Debian changelog file. Maybe later once there is an indication of how many false positives there are, this can then be elevated to warning level. Both of these need to take into account that the versions in the symbols file might be missing the Debian revision or they might have a tilde appended to the Debian revision in order to allow backports. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Re: libjpeg-turbo: versions in debian/*.symbols files are missing the epochs
Control: clone -1 -2 Control: reassign -2 lintian Control: severity -2 wishlist Control: retitle -2 lintian: detect mismatches between symbols files and changelog versions On Tue, 28 Jul 2020 15:04:08 +0800 Paul Wise wrote: > The versions in the debian/*.symbols files are missing the epochs. This > means that packages using symbols newer than buster will not upgrade > libjpeg62-turbo and libturbojpeg0 when being upgraded to bullseye. It would be great if lintian could detect when a version number in the symbols files does not match one of the upstream or Debian versions in the Debian changelog files. Versions older than the oldest version in the Debian changelog file can be ignored of course. I'd suggest structuring this as two complaints with two severities: * At error level, probably ftp-master rejected, for when a symbols version is just missing the epoch. So a check that any of the versions in the Debian changelog file would match the symbol versions if the epoch were present in the symbols version. * At warning or info level, for when symbols version just doesn't match any of the versions in the Debian changelog file. Both of these need to take into account that the versions in the symbols file might be missing the Debian revision or they might have a tilde appended to the Debian revision in order to allow backports. -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Processed: Bug#966368 marked as pending in lintian
Processing control commands: > tag -1 pending Bug #966368 [lintian] lintian gets stuck when run by sbuild within rebuildd Bug #966122 [lintian] Hangs when run under mc(1) Ignoring request to alter tags of bug #966368 to the same tags previously set Ignoring request to alter tags of bug #966122 to the same tags previously set -- 966122: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966122 966368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966368 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#966072 marked as pending in lintian
Processing control commands: > tag -1 pending Bug #966072 [lintian] lintian: Cannot pipe() - Too many open files Added tag(s) pending. -- 966072: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966072 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Bug#966122 marked as pending in lintian
Processing control commands: > tag -1 pending Bug #966122 [lintian] Hangs when run under mc(1) Bug #966368 [lintian] lintian gets stuck when run by sbuild within rebuildd Added tag(s) pending. Added tag(s) pending. -- 966122: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966122 966368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966368 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#966623: Please warn if User=nobody is used in service files
Package: lintian Version: 2.85.0 Severity: wishlist X-Debbugs-Cc: pkg-systemd-maintain...@lists.alioth.debian.org Hi, according to [1], there are quite a few packages which use User=nobody (and Group=nogroup). This is discouraged, and systemd v246 will now log a warning about this. See https://github.com/systemd/systemd/blob/master/NEWS#L106 for the reasoning: ``` * If the service setting User= is set to the "nobody" user, a warning message is now written to the logs (but the value is nonetheless accepted). Setting User=nobody is unsafe, since the primary purpose of the "nobody" user is to own all files whose owner cannot be mapped locally. It's in particular used by the NFS subsystem and in user namespacing. By running a service under this user's UID it might get read and even write access to all these otherwise unmappable files, which is quite likely a major security problem. ``` It's preferrable to create a dedicated system user (and group) for individual services, to not get accidental access for stuff they are not supposed to be able to access. For some services, DynamicUser=true might be an option. This would alleviate the need for manually creating a system user. https://www.freedesktop.org/software/systemd/man/systemd.exec.html#DynamicUser= Regards, Michael [1] https://codesearch.debian.net/search?q=User%3Dnobody&literal=1&perpkg=1 -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages lintian depends on: ii binutils 2.35-1 ii bzip2 1.0.8-4 ii diffstat 1.63-1 ii dpkg 1.20.5 ii dpkg-dev 1.20.5 ii file 1:5.38-5 ii gettext 0.19.8.1-10 ii gpg 2.2.20-1 ii intltool-debian 0.35.0+20060710.5 ii libapt-pkg-perl 0.1.36+b3 ii libarchive-zip-perl 1.68-1 ii libcapture-tiny-perl 0.48-1 ii libclass-xsaccessor-perl 1.19-3+b5 ii libclone-perl 0.45-1 ii libconfig-tiny-perl 2.24-1 ii libcpanel-json-xs-perl4.19-1 ii libdata-dpath-perl0.58-1 ii libdata-validate-domain-perl 0.10-1 ii libdevel-size-perl0.83-1+b1 ii libdigest-sha-perl6.02-1+b2 ii libdpkg-perl 1.20.5 ii libemail-address-xs-perl 1.04-1+b2 ii libfile-basedir-perl 0.08-1 ii libfile-find-rule-perl0.34-1 ii libfont-ttf-perl 1.06-1 ii libhtml-parser-perl 3.72-5 ii libio-async-loop-epoll-perl 0.21-1 ii libio-async-perl 0.77-3 ii libjson-maybexs-perl 1.004002-1 ii liblist-compare-perl 0.53-1 ii liblist-moreutils-perl0.416-1+b5 ii liblist-utilsby-perl 0.11-1 ii libmoo-perl 2.004000-1 ii libmoox-aliases-perl 0.001006-1 ii libnamespace-clean-perl 0.27-1 ii libpath-tiny-perl 0.114-1 ii libsereal-decoder-perl4.017+ds-1 ii libsereal-encoder-perl4.017+ds-1 ii libtext-levenshteinxs-perl0.03-4+b7 ii libtext-xslate-perl 3.5.8-1 ii libtime-duration-perl 1.21-1 ii libtime-moment-perl 0.44-1+b2 ii libtimedate-perl 2.3300-1 ii libtry-tiny-perl 0.30-1 ii libtype-tiny-perl 1.010002-1 ii libunicode-utf8-perl 0.62-1+b1 ii liburi-perl 1.76-2 ii libxml-libxml-perl2.0134+dfsg-2 ii libxml-writer-perl0.625-1 ii libyaml-libyaml-perl 0.82+repack-1 ii man-db2.9.3-2 ii patchutils0.4.2-1 ii perl [libdigest-sha-perl] 5.30.3-4 ii t1utils 1.41-4 ii xz-utils 5.2.4-1+b1 Versions of packages lintian recommends: ii libperlio-gzip-perl 0.19-1+b6 Versions of packages lintian suggests: pn binutils-multiarch ii libtext-template-perl 1.59-1 -- no debconf information
Processed: Re: Bug#966612: systemd-networkd failed to restart on upgrade to 246-1
Processing control commands: > clone -1 -2 Bug #966612 [systemd] systemd-networkd failed to restart on upgrade to 246-1 Bug 966612 cloned as bug 966617 > reassign -2 lintian Bug #966617 [systemd] systemd-networkd failed to restart on upgrade to 246-1 Bug reassigned from package 'systemd' to 'lintian'. No longer marked as found in versions systemd/246-1. Ignoring request to alter fixed versions of bug #966617 to the same values previously set > severity -2 wishlist Bug #966617 [lintian] systemd-networkd failed to restart on upgrade to 246-1 Severity set to 'wishlist' from 'minor' > retitle -2 "Please if Standard{Output,Error}=syslog is used" Bug #966617 [lintian] systemd-networkd failed to restart on upgrade to 246-1 Changed Bug title to '"Please if Standard{Output,Error}=syslog is used"' from 'systemd-networkd failed to restart on upgrade to 246-1'. -- 966612: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966612 966617: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966617 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: retitle 966617 to lintian: Please warn when Standard{Output,Error}=syslog is used in service files
Processing commands for cont...@bugs.debian.org: > retitle 966617 lintian: Please warn when Standard{Output,Error}=syslog is > used in service files Bug #966617 [lintian] "Please if Standard{Output,Error}=syslog is used" Changed Bug title to 'lintian: Please warn when Standard{Output,Error}=syslog is used in service files' from '"Please if Standard{Output,Error}=syslog is used"'. > thanks Stopping processing here. Please contact me if you need assistance. -- 966617: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966617 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Re: Bug#966612: systemd-networkd failed to restart on upgrade to 246-1
Control: clone -1 -2 Control: reassign -2 lintian Control: severity -2 wishlist Control: retitle -2 "Please if Standard{Output,Error}=syslog is used" Hi Ansgar, thanks for testing the v246 package from experimental. Am 31.07.2020 um 14:45 schrieb Ansgar: > Package: systemd > Version: 246-1 > Severity: minor > > systemd-networkd failed to (re)start on an upgrade from systemd > 245.6-2 to 246-1: > > +--- > | Jul 31 14:30:06 systemd[1]: Reexecuting. > | Jul 31 14:30:06 systemd[1]: systemd 246-1 running in system mode. (+PAM > +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LI> > | Jul 31 14:30:06 systemd[1]: Detected architecture x86-64. > | Jul 31 14:30:06 kernel: Lockdown: systemd: /dev/mem,kmem,port is > restricted; see https://wiki.debian.org/SecureBoot > | Jul 31 14:30:06 systemd[1]: /lib/systemd/system/plymouth-start.service:16: > Unit configured to use KillMode=none. This is unsafe, > > | Jul 31 14:30:06 systemd[1]: /lib/systemd/system/apt-listbugs.service:30: > Standard output type syslog is obsolete, automatically u> > | Jul 31 14:30:06 systemd[1]: /lib/systemd/system/apt-listbugs.service:31: > Standard output type syslog is obsolete, automatically u> > | Jul 31 14:30:06 systemd[1]: /lib/systemd/system/gdm.service:30: Standard > output type syslog is obsolete, automatically updating t> > | Jul 31 14:30:06 systemd[1]: /lib/systemd/system/smartmontools.service:10: > Standard output type syslog is obsolete, automatically > Looks like something we should file individual bug reports for or add a lintian check. I decided for the latter for now. Dear lintian maintainers, please see https://github.com/systemd/systemd/blob/master/NEWS#L101 ``` * StandardError= and StandardOutput= in unit files no longer support the "syslog" and "syslog-console" switches. They were long removed from the documentation, but will now result in warnings when used, and be converted to "journal" and "journal+console" automatically. ``` Since journal is the default anyway, I guess the best recommendation is, that maintainers simply remove any such lines from their unit files. See also https://www.freedesktop.org/software/systemd/man/systemd.exec.html#StandardOutput= > | Jul 31 14:30:06 systemd[1]: Unknown serialization item 'show-status=no', > ignoring. Interesting, I've not seen this one before. Might be worth investigating separately what this is about if it's reproducible. > | Jul 31 14:30:07 systemd[1]: cgroup compatibility translation between legacy > and unified hierarchy settings activated. See cgroup-> > | Jul 31 14:30:07 systemd[1]: Stopping Network Service... > | Jul 31 14:30:07 systemd[1]: systemd-networkd.service: Succeeded. > | Jul 31 14:30:07 systemd[1]: Stopped Network Service. > | Jul 31 14:30:07 systemd[1]: Starting Network Service... > | Jul 31 14:30:07 systemd-networkd[171450]: Could not enumerate links: > Exchange full Hm, this appears to be https://github.com/systemd/systemd/issues/16319 I appears the offending two commits were (unfortunately) cherry-picked into v245.6 and fixed in v246. Since this is supposedly a transient issue and upgrades from buster should not be affected, I'm inclined to close this bug report. WDYT? Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature