On Wed, Dec 08, 2010 at 08:44:48PM +, Adam D. Barratt wrote:
On Tue, 2010-12-07 at 17:31 +, Roger Leigh wrote:
I've made a new upload of schroot to unstable which fixes a few
security- and upgrade-related bugs. The bulk of the changes are
documentation (manual pages, release notes and changelogs). The
code changes are tiny, but are important to have to upgrade from
lenny cleanly and fully document security issues and program
behaviour.
Unblocked; thanks.
As discussed on IRC, it's a shame that this resulted in a new
translatable (and currently untranslated) string, although the fact that
the string should rarely be seen and is in the program translation
rather than a debconf template mitigates this slightly.
I've allowed a fortnight for translation updates to come back, and
made a new release (1.4.17-1) containing five translation updates
and an additional RC bugfix. Please could you unblock this to
allow it into squeeze?
Changes:
http://git.debian.org/?p=buildd-tools/schroot.git;a=commitdiff;h=debian/schroot-1.4.17-1;hp=debian/schroot-1.4.16-1
Changes with generated files included:
http://git.debian.org/?p=buildd-tools/schroot.git;a=commitdiff;h=distribution/schroot-1.4.17;hp=distribution/schroot-1.4.16
Many thanks,
Roger
schroot (1.4.17-1) unstable; urgency=low
* New upstream stable release.
* 15killprocs: Don't kill processes in other sessions
(Closes: #608054). Compare full chroot path in addition to device
and inode numbers, since the device and inode are not sufficiently
unique (they are shared between non-cloned sessions such as for
directory type chroots).
* Updated translations:
- da (Closes: #606305). Thanks to Joe Hansen.
- de (Closes: #606245). Thanks to Holger Wansing.
- fr (Closes: #606394). Thanks to Thomas Blein.
- it. Thanks to Vincenzo Campanella.
- zh_CN. Thanks to Ji ZhengYu.
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`-GPG Public Key: 0x25BFB848 Please GPG sign your mail.
diff --git a/NEWS b/NEWS
index 8fa9bba..bdc5677 100644
--- a/NEWS
+++ b/NEWS
@@ -1,12 +1,16 @@
NEWS-*- outline -*-
-Welcome to schroot 1.4.16. Please read these release notes carefully.
+Welcome to schroot 1.4.17. Please read these release notes carefully.
Full installation instructions are provided in the INSTALL file. The
README file also contains more specific notes regarding building and
configuration.
+* Major changes in 1.4.17:
+
+ None.
+
* Major changes in 1.4.16:
1) Chroot naming restrictions introduced in 1.4.0 have been relaxed
diff --git a/debian/changelog b/debian/changelog
index 19022bf..fdb1c7f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+schroot (1.4.17-1) unstable; urgency=low
+
+ * New upstream stable release.
+ * 15killprocs: Don't kill processes in other sessions
+(Closes: #608054). Compare full chroot path in addition to device
+and inode numbers, since the device and inode are not sufficiently
+unique (they are shared between non-cloned sessions such as for
+directory type chroots).
+ * Updated translations:
+- da (Closes: #606305). Thanks to Joe Hansen.
+- de (Closes: #606245). Thanks to Holger Wansing.
+- fr (Closes: #606394). Thanks to Thomas Blein.
+- it. Thanks to Vincenzo Campanella.
+- zh_CN. Thanks to Ji ZhengYu.
+
+ -- Roger Leigh rle...@debian.org Wed, 29 Dec 2010 16:41:30 +
+
schroot (1.4.16-1) unstable; urgency=low
* New upstream stable release.
diff --git a/etc/setup.d/15killprocs b/etc/setup.d/15killprocs
index 619035e..1f246b0 100755
--- a/etc/setup.d/15killprocs
+++ b/etc/setup.d/15killprocs
@@ -40,28 +40,35 @@ do_kill_all()
info Killing processes run inside $1
ls /proc | egrep '^[[:digit:]]+$' |
while read pid; do
+ # Check if process root are the same device/inode as chroot
+ # root (for efficiency)
if [ /proc/$pid/root -ef $1 ]; then
-exe=$(readlink /proc/$pid/exe || true)
-info Killing left-over pid $pid (${exe##$1})
-info Sending SIGTERM to pid $pid
+ # Check if process and chroot root are the same (may be
+ # different even if device/inode match).
+ root=$(readlink /proc/$pid/root || true)
+ if [ $root = $1 ]; then
+ exe=$(readlink /proc/$pid/exe || true)
+ info Killing left-over pid $pid (${exe##$1})
+ info Sending SIGTERM to pid $pid
-/bin/kill -TERM $pid 2/dev/null
+ /bin/kill -TERM $pid 2/dev/null
-count=0
-max=5
-while [ -d /proc/$pid ]; do
-count=$(( $count + 1 ))
-info Waiting for pid $pid to shut down... ($count/$max)
-sleep 1
-# Wait for $max seconds for process to die before -9'ing