Hello, This bug report is about bookworm (stable) version, so the fact that it has been fixed in unstable is nice, but should not resolve this. Since it's about a real regression, I think this fix should be eligible for a backport don't you think?
Thanks. On Wed, Oct 11, 2023 at 12:21 AM Debian Bug Tracking System < ow...@bugs.debian.org> wrote: > This is an automatic notification regarding your Bug report > which was filed against the crmsh package: > > #1042448: crmsh: HA_GROUP permission regression after upgrading bullseye > to bookworm > > It has been closed by Debian FTP Masters <ftpmas...@ftp-master.debian.org> > (reply to Valentin Vidic <vvi...@debian.org>). > > Their explanation is attached below along with your original report. > If this explanation is unsatisfactory and you have not received a > better one in a separate message then please contact Debian FTP Masters < > ftpmas...@ftp-master.debian.org> (reply to Valentin Vidic < > vvi...@debian.org>) by > replying to this email. > > > -- > 1042448: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042448 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > > > > ---------- Forwarded message ---------- > From: Debian FTP Masters <ftpmas...@ftp-master.debian.org> > To: 1042448-cl...@bugs.debian.org > Cc: > Bcc: > Date: Tue, 10 Oct 2023 22:19:34 +0000 > Subject: Bug#1042448: fixed in crmsh 4.5.0-1 > Source: crmsh > Source-Version: 4.5.0-1 > Done: Valentin Vidic <vvi...@debian.org> > > We believe that the bug you reported is fixed in the latest version of > crmsh, which is due to be installed in the Debian FTP archive. > > A summary of the changes between this version and the previous one is > attached. > > Thank you for reporting the bug, which will now be closed. If you > have further comments please address them to 1042...@bugs.debian.org, > and the maintainer will reopen the bug report if appropriate. > > Debian distribution maintenance software > pp. > Valentin Vidic <vvi...@debian.org> (supplier of updated crmsh package) > > (This message was generated automatically at their request; if you > believe that there is a problem with it please contact the archive > administrators by mailing ftpmas...@ftp-master.debian.org) > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Format: 1.8 > Date: Tue, 10 Oct 2023 22:57:14 +0200 > Source: crmsh > Architecture: source > Version: 4.5.0-1 > Distribution: unstable > Urgency: medium > Maintainer: Debian HA Maintainers < > debian-ha-maintain...@lists.alioth.debian.org> > Changed-By: Valentin Vidic <vvi...@debian.org> > Closes: 1042448 1044302 > Changes: > crmsh (4.5.0-1) unstable; urgency=medium > . > * New upstream version 4.5.0 > * d/patches: refresh for new version > * d/tests: refresh for new version > * d/postinst: create a logging directory (Closes: #1042448) > * d/clean: remove generated files (Closes: #1044302) > * d/patches: add fix for ssh error > Checksums-Sha1: > 23a937b6ba05f7af5df655d919504d0fbdb9006a 2337 crmsh_4.5.0-1.dsc > 8d0459c4be7346179236be43e009d8eadf37e988 1210069 crmsh_4.5.0.orig.tar.gz > f1040bde2b0bcfdd008e013b9c67562e480c696f 30856 crmsh_4.5.0-1.debian.tar.xz > 1d7ab5a0e5c9f597468e2bde5075b6426f0f3bdf 6984 > crmsh_4.5.0-1_source.buildinfo > Checksums-Sha256: > f7abb8c2ec6ca07af26b1d112c2a5d871ca3e5db45a742769a0037aae3d46444 2337 > crmsh_4.5.0-1.dsc > 18fbed93d5cee530baabfba9e15c6d1f87465506515c8b7e660a1427fdf5801b 1210069 > crmsh_4.5.0.orig.tar.gz > f8e974329a682764b51fb34f1db75d8e7ecaab420453cdc92d33427fd0b16014 30856 > crmsh_4.5.0-1.debian.tar.xz > 1093dae09b6544a708fd4c0f3faf093e370e33f71f67ed4e216f6a0c5403d00c 6984 > crmsh_4.5.0-1_source.buildinfo > Files: > 0256301652adfb4a56c0fb8a7cab4952 2337 admin optional crmsh_4.5.0-1.dsc > 95c363ec7f7e8e6ffd244ddecbaff125 1210069 admin optional > crmsh_4.5.0.orig.tar.gz > 2e0663d6fdff1cfd53448436d344f244 30856 admin optional > crmsh_4.5.0-1.debian.tar.xz > 1b9d541cfb38c511931686392d771f7c 6984 admin optional > crmsh_4.5.0-1_source.buildinfo > > -----BEGIN PGP SIGNATURE----- > > iQJGBAEBCgAwFiEExaW53cM9k/u2PWfIMofYmpfNqHsFAmUlyigSHHZ2aWRpY0Bk > ZWJpYW4ub3JnAAoJEDKH2JqXzah7WugQAKVp8TCeDRjGEpnBmJgQfVqbE9YG0DKD > k3Zmok3oJziZvAsmOJgFHIOKqihYZ9LdiEGMoTTSMkMch0zujpJW64BtksXmhruV > EvgsbnQjZYikG13Py9hCb84nnKcAer+TSU5fIWRDpE0mzVk7HuqJxc01+82iWDIX > mel82k7emDqh27NAXcEQ7zMaTSuSMYD3CoBvT1nyFSRSripSvkKOd5/elFDtNKYV > tQx9j/JPlRGJrzuwkE3b65JP2cXQvsUG6M8mDgn48Pk7TtcVnhLMlWiVa3N/2yjJ > V7XNx5/x771htaMKbNpN4mxZ2s7QYrs7OzS2TEB5gLz/PVS3DqpULBspQyZr+iDx > qy8ThUKWSde9+j0uS02jTr/B090wCSnCGttiSV12CWY/yddIZjQRix0Hhqiphlts > rV1SUbVuJZsR9VBfe+FYhmXrKWoOlPzyG9a4429nzEf5t/8dEzyy80M9yOfpKm61 > 5JBE9iMISWC/BpQyTvuOZydN4jayBXxyzslQnGjynbXUOXdjnva2VtEiUTdOZThG > eo9orPWf51xaV9Cn35mutzCEjPYdK9EmDA4DY/OFmZTcysH/x659c4TOgS6qmms2 > WgKpHT83pmCCWnRrDhBYOM+ya0rq766j2C9VHuajmie4ISGnmv3O95Lq1aRzyO7a > vYrmJiAEhnDx > =GeLF > -----END PGP SIGNATURE----- > > > ---------- Forwarded message ---------- > From: Florent CARLI <fca...@gmail.com> > To: Debian Bug Tracking System <sub...@bugs.debian.org> > Cc: > Bcc: > Date: Fri, 28 Jul 2023 10:11:48 +0000 > Subject: crmsh: HA_GROUP permission regression after upgrading bullseye to > bookworm > Package: crmsh > Version: 4.4.1-1 > Severity: normal > X-Debbugs-Cc: fca...@gmail.com > > Dear Maintainer, > > I encounter a regression with crmsh on debian12. On debian 11, I used > to be able to issue crm commands with a standard user as long as it > was a member of haclient group. > On debian 12, this same user cannot use crm because of some chown that > it's not allowed to do: > > virtu@virtu-elabo1:~$ id > uid=1000(virtu) gid=1000(virtu) > groups=1000(virtu),110(haclient),118(libvirt) > virtu@virtu-elabo1:~$ crm status > Traceback (most recent call last): > File "/usr/sbin/crm", line 31, in <module> > log.setup_logging() > File "/usr/lib/python3/dist-packages/crmsh/log.py", line 445, in > setup_logging > shutil.chown(CRMSH_LOG_FILE, constants.HA_USER, constants.HA_GROUP) > File "/usr/lib/python3.11/shutil.py", line 1385, in chown > os.chown(path, _user, _group) > PermissionError: [Errno 1] Operation not permitted: > '/var/log/crmsh/crmsh.log' > > > Ferenc Wágner did a first analysis and concluded that: > > it's a bug introduced in 4.4.0 by > Fix: log: Change the log file owner as hacluster:haclient (bsc#1194619) > > https://github.com/ClusterLabs/crmsh/commit/b4ef13cd8c9a8c37f2bf671abb803b24d93125ee > > and fixed in 4.5.0 by > fix: log: fail to open log file even if user is in haclient group > (bsc#1204670) > > https://github.com/ClusterLabs/crmsh/commit/b4abe21d2fd55ced0f56baff5c4892a4826aa0f7 > > > Thanks. > Florent. > > > -- System Information: > Debian Release: 12.1 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, > 'stable') > Architecture: arm64 (aarch64) > > Kernel: Linux 5.15.49-linuxkit-pr (SMP w/5 CPU threads; PREEMPT) > Kernel taint flags: TAINT_OOT_MODULE, TAINT_RANDSTRUCT > Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set > Shell: /bin/sh linked to /usr/bin/dash > Init: unable to detect > > Versions of packages crmsh depends on: > ii gawk 1:5.2.1-2 > ii iputils-ping 3:20221126-1 > ii pacemaker-cli-utils 2.1.5-1+deb12u1 > ii python3 3.11.2-1+b1 > ii python3-dateutil 2.8.2-2 > ii python3-lxml 4.9.2-1+b1 > ii python3-parallax 1.0.6-4 > ii python3-yaml 6.0-3+b2 > > Versions of packages crmsh recommends: > ii pacemaker 2.1.5-1+deb12u1 > > Versions of packages crmsh suggests: > pn bash-completion <none> > pn csync2 <none> > pn dmidecode <none> > pn ocfs2-tools <none> > pn openssh-server <none> > pn parted <none> > pn sbd <none> > pn ufw <none> > ii util-linux 2.38.1-5+b1 > pn vim-addon-manager <none> > > -- no debconf information >
