Bug#861688: unblock: newpid/8

Christoph Berg Tue, 02 May 2017 11:33:44 -0700

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock


Please unblock package newpid. The new version mainly fixes postinst
installation failures on filesystems that do not support capabilities
(#860031).

The remaining changes are a trivial shell script update and
documentation/testsuite updates. (Needless to say, the testsuite is
passing, both on travis-ci.com and ci.debian.net.)


Control files: lines which differ (wdiff format)
------------------------------------------------
Standards-Version: [-3.9.6-] {+3.9.8+}

diff -Nru newpid-7/debian/changelog newpid-8/debian/changelog
--- newpid-7/debian/changelog   2015-12-23 11:33:14.000000000 +0100
+++ newpid-8/debian/changelog   2017-05-01 18:15:30.000000000 +0200
@@ -1,3 +1,15 @@
+newpid (8) unstable; urgency=medium
+
+  * If setcap fails (because the filesystem or namespace lacks support for
+    capabilities), fall back to setuid, so the installation doesn't fail.
+    Thanks to Adam Conrad for the patch! Closes: #860031
+  * newpid: More verbose usage output.
+  * newnet: Guard arguments with --.
+  * README: Note required kernel and glibc version.
+  * Bump Standards-Version.
+
+ -- Christoph Berg <m...@debian.org>  Mon, 01 May 2017 18:15:30 +0200
+
 newpid (7) unstable; urgency=medium
 
   * Add support for joining network namespaces (newpid -N).
diff -Nru newpid-7/debian/control newpid-8/debian/control
--- newpid-7/debian/control     2015-09-30 16:20:10.000000000 +0200
+++ newpid-8/debian/control     2017-05-01 18:15:30.000000000 +0200
@@ -2,7 +2,7 @@
 Section: utils
 Priority: optional
 Maintainer: Christoph Berg <m...@debian.org>
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Build-Depends: debhelper (>= 9~)
 Vcs-Browser: https://github.com/ChristophBerg/newpid
 Vcs-Git: git://github.com/ChristophBerg/newpid.git
diff -Nru newpid-7/debian/newpid.postinst newpid-8/debian/newpid.postinst
--- newpid-7/debian/newpid.postinst     2015-09-30 16:29:52.000000000 +0200
+++ newpid-8/debian/newpid.postinst     2017-05-01 18:13:17.000000000 +0200
@@ -4,7 +4,13 @@
 
 case $1 in
        configure)
-               setcap "CAP_SYS_ADMIN,CAP_NET_ADMIN=pe" /usr/bin/newpid
+               # Code cargo-culted from iputils-ping postinst:
+               if setcap "CAP_SYS_ADMIN,CAP_NET_ADMIN=pe" /usr/bin/newpid; then
+                       chmod u-s /usr/bin/newpid
+               else
+                       echo "Setcap failed on /usr/bin/newpid, falling back to 
setuid" >&2
+                       chmod u+s /usr/bin/newpid
+               fi
                ;;
 esac
 
diff -Nru newpid-7/newnet newpid-8/newnet
--- newpid-7/newnet     2015-10-07 10:01:32.000000000 +0200
+++ newpid-8/newnet     2015-12-26 18:15:24.000000000 +0100
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-exec newpid -inu "$@"
+exec newpid -inu -- "$@"
diff -Nru newpid-7/newpid.c newpid-8/newpid.c
--- newpid-7/newpid.c   2015-12-17 17:06:21.000000000 +0100
+++ newpid-8/newpid.c   2017-05-01 18:14:45.000000000 +0200
@@ -214,8 +214,13 @@
                                cloneflags |= CLONE_NEWUTS;
                                break;
                        default: /* '?' */
-                               fprintf(stderr, "Usage: %s [-inu] [command args 
...]\n",
+                               fprintf(stderr, "Usage: %s [options] [command 
args ...]\n",
                                                argv[0]);
+                               fprintf(stderr, "Options:\n");
+                               fprintf(stderr, "  -i           request new IPC 
namespace (CLONE_NEWIPC)\n");
+                               fprintf(stderr, "  -n           request new 
network namespace (CLONE_NEWNET)\n");
+                               fprintf(stderr, "  -N newpidns  join named 
network namespace\n");
+                               fprintf(stderr, "  -u           request new UTS 
namespace (CLONE_NEWUTS)\n");
                                exit(EXIT_FAILURE);
                }
        }
diff -Nru newpid-7/README.md newpid-8/README.md
--- newpid-7/README.md  2015-12-17 16:45:51.000000000 +0100
+++ newpid-8/README.md  2017-05-01 18:15:30.000000000 +0200
@@ -1,6 +1,8 @@
 newpid
 ======
 
+[![Build 
Status](https://travis-ci.org/ChristophBerg/newpid.svg?branch=master)](https://travis-ci.org/ChristophBerg/newpid)
+
 Newpid is a wrapper around clone(CLONE_NEWPID) that launches a command
 in a new PID namespace. Child processes exiting are properly reaped so no
 zombie processes stay around. /proc is also remounted so it sees the new
@@ -57,4 +59,10 @@
 ip netns exec newpidns1 ip link set veth1 up
 </pre>
 
+Requirements
+------------
+
+The setns() system call first appeared in Linux in kernel 3.0; library support
+was added to glibc in version 2.14.
+
  -- Christoph Berg <m...@debian.org>
diff -Nru newpid-7/.travis.yml newpid-8/.travis.yml
--- newpid-7/.travis.yml        1970-01-01 01:00:00.000000000 +0100
+++ newpid-8/.travis.yml        2017-05-01 18:15:30.000000000 +0200
@@ -0,0 +1,14 @@
+# run the testsuite on travis-ci.com
+---
+language: C
+dist: trusty
+sudo: required
+
+install:
+  - sudo apt-get install build-essential debhelper devscripts fakeroot 
iputils-ping
+
+script:
+  - dpkg-buildpackage -us -uc -rfakeroot
+  - for deb in ../*.deb; do echo "$deb:"; dpkg-deb --info $deb; dpkg-deb 
--contents $deb; done
+  - sudo debi
+  - LANGUAGE= LANG=C.UTF-8 make check


unblock newpid/8


Thanks for considering,
Christoph

signature.asc
Description: PGP signature

Bug#861688: unblock: newpid/8

Reply via email to