Control: tags 734568 + pending Control: tags 753643 + patch Control: tags 753643 + pending
Dear maintainer, I've prepared an NMU for munge (versioned as 0.5.11-1.1) and uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards.
diff -Nru munge-0.5.11/debian/changelog munge-0.5.11/debian/changelog --- munge-0.5.11/debian/changelog 2013-11-01 12:19:33.000000000 +0100 +++ munge-0.5.11/debian/changelog 2014-09-17 23:21:02.000000000 +0200 @@ -1,3 +1,17 @@ +munge (0.5.11-1.1) unstable; urgency=medium + + [ RĂ©mi Palancher <r...@rezib.org>] + * Non-maintainer upload. + * Fix post-installation by generating new key in case none existed + previously. (Closes: #753643) + * Updated README.Debian with instructions for key management + * Bumped Standards-Version to 3.9.5 + + [ Ana Beatriz Guerrero Lopez ] + * Use dh-autoreconf to fix FTBFS on ppc64el. (Closes: #734568) + + -- Ana Beatriz Guerrero Lopez <a...@debian.org> Wed, 17 Sep 2014 23:21:01 +0200 + munge (0.5.11-1) unstable; urgency=low * New upstream release (Closes: #727467) diff -Nru munge-0.5.11/debian/control munge-0.5.11/debian/control --- munge-0.5.11/debian/control 2013-10-31 18:27:00.000000000 +0100 +++ munge-0.5.11/debian/control 2014-09-17 23:18:44.000000000 +0200 @@ -2,8 +2,8 @@ Section: admin Priority: extra Maintainer: Gennaro Oliva <oliv...@na.icar.cnr.it> -Build-Depends: debhelper (>= 7.0.0), autotools-dev, po-debconf, dpkg-dev (>= 1.13.19), zlib1g-dev, libbz2-dev, libgcrypt11-dev -Standards-Version: 3.9.4.0 +Build-Depends: debhelper (>= 7.0.0), dh-autoreconf, po-debconf, dpkg-dev (>= 1.13.19), zlib1g-dev, libbz2-dev, libgcrypt11-dev +Standards-Version: 3.9.5 Homepage: http://munge.googlecode.com/ Package: munge diff -Nru munge-0.5.11/debian/postinst munge-0.5.11/debian/postinst --- munge-0.5.11/debian/postinst 2013-10-31 18:27:00.000000000 +0100 +++ munge-0.5.11/debian/postinst 2014-09-17 23:24:59.000000000 +0200 @@ -27,6 +27,10 @@ if [ -e /etc/munge/munge.key ] ; then chown munge:munge /etc/munge/munge.key chmod 0400 /etc/munge/munge.key + else + /usr/sbin/create-munge-key + echo "Please refer to /usr/share/doc/munge/README.Debian"\ + "for instructions to generate more secure key." fi ;; diff -Nru munge-0.5.11/debian/README.Debian munge-0.5.11/debian/README.Debian --- munge-0.5.11/debian/README.Debian 2013-10-31 18:27:00.000000000 +0100 +++ munge-0.5.11/debian/README.Debian 2014-09-17 23:17:31.000000000 +0200 @@ -1,12 +1,20 @@ -To use munge, you need to create a secret key file /etc/munge/munge.key, -you can run the create-munge-key script as root to generate a random -key or follow the instructions in QUICKSTART. +Munge daemon needs a secret key file /etc/munge/munge.key. -You need to securely propagate the secret key file (eg, via ssh) to -other hosts within the same security realm. Credentials are valid only -within a security realm (ie, on hosts sharing the same secret key). All -munged daemons exchanging credentials need to share the same secret key. +If not existing previously, the package generates a new key at +installation time. In order to minimize the generation time, the +generator does not use a random number generator with a very good +source of entropy. In order to generate stronger key with better +entropy, you are advised to run the following command as root: + + # create-munge-key -f -r If the secret key file is created or copyed before the package is installed, the installation script will accept the key instead of generating a new one. + +Then follow the instructions in QUICKSTART. + +You need to securely propagate the secret key file (eg, via ssh) to +other hosts within the same security realm. Credentials are valid only +within a security realm (ie, on hosts sharing the same secret key). All +munged daemons exchanging credentials need to share the same secret key. diff -Nru munge-0.5.11/debian/rules munge-0.5.11/debian/rules --- munge-0.5.11/debian/rules 2013-11-01 12:11:54.000000000 +0100 +++ munge-0.5.11/debian/rules 2014-09-17 23:19:20.000000000 +0200 @@ -32,6 +32,7 @@ config.status: configure dh_testdir + dh_autoreconf # Add here commands to configure the package. CPPFLAGS="$(shell dpkg-buildflags --get CPPFLAGS)" LDFLAGS="$(shell dpkg-buildflags --get LDFLAGS)" CFLAGS="$(CFLAGS) -Wl,-z,defs" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --localstatedir=/var --sysconfdir=/etc --with-crypto-lib=libgcrypt @@ -61,6 +62,7 @@ # Add here commands to clean up after the build process. [ ! -f Makefile ] || $(MAKE) distclean + dh_autoreconf_clean dh_clean install: install-indep install-arch
