Your message dated Tue, 23 Jun 2009 17:02:06 +0000 with message-id <e1mj9nm-0006uk...@ries.debian.org> and subject line Bug#526398: fixed in sysvinit 2.86.ds1-62 has caused the Debian Bug report #526398, regarding /etc/init.d/checkroot.sh: can cause serious data corruption if booting on battery power to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 526398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526398 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: initscripts Version: 2.86.ds1-61 Severity: critical File: /etc/init.d/checkroot.sh Justification: causes serious data loss I was rather horrified to watch my laptop boot with a dirty root filesystem mounted read/write. Upon further investigation, I discovered that checkroot.sh and checkfs.sh are hardcoded to bypass filesystem checks if AC power is not present. This makes no sense. If a journalling filesystem has errors, it should not be mounted read/write until those errors are corrected. Non-journalling filesystems always need fsck if they are umounted uncleanly, so they shouldn't be mounted read/write without checking and possible correction either. Both cases require fsck before mounting regardless of the power source. Failing to fsck in either case can cause serious data loss, especially if the filesystem's metadata falsely indicates occupied space is free and the system is used for some time. This can lead to duplicate allocations between filesystem metadata and user data, which leads to data loss, security problems, unintentional data disclosure, and worse. Recovery from errors of this kind is nearly impossible without a good set of backups handy. Serious problems can remain undetected for sufficently long periods of time that backups get corrupted as well. The problem is even worse for laptops that are only rebooted due to crashes, and only crash "in the field" while running on battery power. Such machines may never run fsck until the corruption is sufficiently bad that the machine is unusable. I would propose that the battery power status should only be tested in checkroot.sh and checkfs.sh if a configuration setting explicitly permits it. For example, a variable FSCKONBATTERY might be added to /etc/default/rcS with these options: yes - check filesystems regardless of battery status (ignore on_ac_power entirely). This should be the default. no - don't check filesystems when on_ac_power returns false. This is the current behavior. The system should not corrupt data by default, which is why the default I propose above is different from the current behavior. Installed systems which are upgrading from legacy versions of initscripts might preserve the old behavior in accordance with the principle of least surprise, but all new systems should be installed with the default set as above. I would argue that unexpected data corruption is a much bigger surprise than fscks on battery, but other bugs filed against this package suggest people actually prefer the broken behavior, and these people would probably complain if we fixed it for them. -- System Information: Debian Release: 5.0.1 APT prefers stable APT policy: (500, 'stable'), (189, 'testing'), (179, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.28.4-zb64 (SMP w/4 CPU cores; PREEMPT) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages initscripts depends on: ii debianutils 2.30 Miscellaneous utilities specific t ii e2fsprogs 1.41.3-1 ext2/ext3/ext4 file system utiliti ii libc6 2.9-4 GNU C Library: Shared libraries ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii mount 2.13.1.1-1 Tools for mounting and manipulatin ii sysvinit-utils 2.86.ds1-61 System-V-like utilities Versions of packages initscripts recommends: ii psmisc 22.6-1 Utilities that use the proc filesy initscripts suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: sysvinit Source-Version: 2.86.ds1-62 We believe that the bug you reported is fixed in the latest version of sysvinit, which is due to be installed in the Debian FTP archive: initscripts_2.86.ds1-62_i386.deb to pool/main/s/sysvinit/initscripts_2.86.ds1-62_i386.deb sysv-rc_2.86.ds1-62_all.deb to pool/main/s/sysvinit/sysv-rc_2.86.ds1-62_all.deb sysvinit-utils_2.86.ds1-62_i386.deb to pool/main/s/sysvinit/sysvinit-utils_2.86.ds1-62_i386.deb sysvinit_2.86.ds1-62.diff.gz to pool/main/s/sysvinit/sysvinit_2.86.ds1-62.diff.gz sysvinit_2.86.ds1-62.dsc to pool/main/s/sysvinit/sysvinit_2.86.ds1-62.dsc sysvinit_2.86.ds1-62_i386.deb to pool/main/s/sysvinit/sysvinit_2.86.ds1-62_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 526...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Petter Reinholdtsen <p...@debian.org> (supplier of updated sysvinit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 23 Jun 2009 18:18:53 +0200 Source: sysvinit Binary: sysvinit sysvinit-utils sysv-rc initscripts Architecture: source i386 all Version: 2.86.ds1-62 Distribution: unstable Urgency: low Maintainer: Debian sysvinit maintainers <pkg-sysvinit-de...@lists.alioth.debian.org> Changed-By: Petter Reinholdtsen <p...@debian.org> Description: initscripts - Scripts for initializing and shutting down the system sysv-rc - System-V-like runlevel change mechanism sysvinit - System-V-like init utilities sysvinit-utils - System-V-like utilities Closes: 67095 316468 339955 360165 422940 457896 461103 471101 483392 484883 501724 504877 510455 510912 512003 519520 526398 529805 534300 Changes: sysvinit (2.86.ds1-62) unstable; urgency=low . [ Kel Modderman ] * Add missing semi-colon in LSB header of init.d/urandom (Closes: #501724). * Force C locale for df command used in init.d/mountoverflowtmp. (Closes: #510912) * Update startpar source to upstream 0.52 (from 0.50) and apply debian compatibility patch (sent upstream). Also workaround /dev/pts not being mounted early in runlevel S by having startpar use an own version of getpt(2) system call. (Closes: #457896, #484883) * Enable CONCURRENCY=makefile mode in debian/sysv-rc/etc/init.d/rc. This mode uses startpar and the /etc/init.d/.depend.* makefile-like information created by insserv to calculate boot script execution order. The splash API is not supported in this mode of boot. This mode of boot is considered very experimental at this time. * Allow startpar using concurrency modes to operate in runlevel S, now that startpar can manage to work properly in absence of /dev/pts. * Use uscan dversionmangle option to remove .ds\d+ string from modifed orig.tar.gz. This fixes the debian-watch-file-should-mangle-version lintian warning. Patch taken from diff on LP: #312764. * Add comment to debian/sysv-rc/etc/init.d/rc about debug=echo, it should never be left uncommented for a real boot process and should only be used for interactive debugging. (Closes: #510455) * Do not mount usbfs any more, it was deprecated long ago. Applications should all use /dev/bus/usb, which can be managed more flexibly (assign permissions with udev, and the like). Thanks Martin Pitt. (Closes: #483392, #422940, #360165, #471101) * Add Homepage field to debian/control. * Add interface for disabling system init script start links with update-rc.d, and enabling them again. (Closes: #67095) * When update-rc.d in "start|stop"-mode is invoked without the final dot, script warnings are displayed just before the "usage" message is shown. Check that last argument to start|stop command is a period earlier. Thanks to Patrick <p...@painfullscratch.nl>. (Closes: #512003) * Use -delete option of find(1) instead of piping through xargs in debian/initscripts/lib/init/bootclean.sh. (Closes: #316468, #461103) * Make init.d/rc simpler by dropping support for sourcing .sh files after the policy finally changed in 3.8.1. Update to Standards version 3.8.1. (Closes: #339955, #519520) * Allow initscripts postinst maintainer script to not fail when attempting to mkdir /dev/pts and /dev/shm when running in a fakechroot environment. This is done by checking for FAKECHROOT env variable before bailing out. Patch thanks to Daniel Kahn Gillmor. (Closes: #504877) * Update debian/NOTES to reflect current affairs. . [ Petter Reinholdtsen ] * Move the startpar binary to a more proper location, from sysvinit to sysvinit-utils. * Comment out the code disabling fsck when running on battery. It need changes in fsck to work properly (Closes: #526398). This Reopens #326647. * Add a /usr/sbin/service command (Closes: #534300). Modified the manual page based on ideas from the sysvconfig package. Thanks to Steve Langasek and Ubuntu. Add conflict with sysvconfig and chkconfig providing the same program. * Improve init.d/umountfs umount ordering code to avoid being confused while still solving #391673 (Closes: #529805). Patch from Tim Phipps. * Make sysv-rc depend on a version of sysvinit-utils with a properly working startpar, in case concurrent booting is enabled. * Drop shell style concurrent booting, and make CONCURRENCY=shell behave like CONCURRENTY=startpar, as startpar concurrency now work properly. Checksums-Sha1: 77ff3ecfa1130e320dacfaec70b044d381c85fca 1483 sysvinit_2.86.ds1-62.dsc 0fe9f119888b22ab789e2b9babeabcb95efb0b5d 155616 sysvinit_2.86.ds1-62.diff.gz 81cb9e47352efc1de8e72c31d3b4f7c6c4c6d69f 103082 sysvinit_2.86.ds1-62_i386.deb 34da4a531585d44301ece3088c5981d687a002c5 86618 sysvinit-utils_2.86.ds1-62_i386.deb f2f446c6e5c9fdbb1c93822fa33e209967d09545 69010 initscripts_2.86.ds1-62_i386.deb a2ebfd00011db4f3d0609634b2409acba7e14826 65638 sysv-rc_2.86.ds1-62_all.deb Checksums-Sha256: 89db98da56f8c2417aee098f44cc301c2821409bbe1682515a86fa311363c843 1483 sysvinit_2.86.ds1-62.dsc f655ed6fdfd2591dadc399aaae9fe6dc1782d165feb908ff240b7ad2d1f0e4f2 155616 sysvinit_2.86.ds1-62.diff.gz 718dfa0d930d38130358cef22d5b86ae2e078eb7ea9615b6a75a3ed8307128f8 103082 sysvinit_2.86.ds1-62_i386.deb ab26b862341d93190797c4b79bcd4acf25185eccb12f6127b98954cbf667ba60 86618 sysvinit-utils_2.86.ds1-62_i386.deb bf8f5330b35ba5ea5a42fbd43d8d43dcf893534983114a83d5daff7db2d6031f 69010 initscripts_2.86.ds1-62_i386.deb bf3e86f69effe488a950c8c04955505e6dedb73d577b6c038edab4c4376092d3 65638 sysv-rc_2.86.ds1-62_all.deb Files: 8aff0cbff66ff250babf4be897c88dda 1483 admin required sysvinit_2.86.ds1-62.dsc 6dd9d90daa7384f24198e2a20534d9cd 155616 admin required sysvinit_2.86.ds1-62.diff.gz 88235b6992eccdbc9689efd79c021149 103082 admin required sysvinit_2.86.ds1-62_i386.deb 40006b5c47ecd8e7af6f2fb0356eecbe 86618 admin required sysvinit-utils_2.86.ds1-62_i386.deb a8cd6f0d2982e6cfb7489d56a449f079 69010 admin required initscripts_2.86.ds1-62_i386.deb 2b8ebaa8b9a72a66abf0e7c5ffb90fd9 65638 admin required sysv-rc_2.86.ds1-62_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKQQiC20zMSyow1ykRAjJ7AKDts2KBER9fjpOcCIrHnwyy9aR/xgCgy0r5 ZBq+xDveg/S8a8ikptgAiC0= =O+4B -----END PGP SIGNATURE-----
--- End Message ---
