Your message dated Sun, 18 Aug 2024 11:34:34 +0000
with message-id <e1sfeb8-00e2j0...@fasolo.debian.org>
and subject line Bug#1076751: fixed in ikiwiki-hosting 0.20220717-1
has caused the Debian Bug report #1076751,
regarding ikiwiki-hosting: autopkgtest regression with git 2.45.2: dubious
ownership in repository at
'/var/lib/ikiwiki-hosting-web/git/foo.example.com.git'
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1076751: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076751
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ikiwiki-hosting
Version: 0.20220716-2
Severity: serious
Tags: upstream trixie sid
Justification: https://release.debian.org/testing/rc_policy.txt ยง6a
X-Debbugs-Cc: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: needs-update
As reported (eventually) in
<https://salsa.debian.org/debian/ikiwiki-hosting/-/merge_requests/4>,
ikiwiki-hosting's autopkgtest is failing with git >= 2.45 as a result
of new restrictions on reading other uids' git repositories.
The root cause of this appears to be <https://bugs.debian.org/1076750>.
ikiwiki-hosting-web runs an instance of git-daemon(1) as uid 'ikiwiki-anon'
to serve user-generated content that is owned by other uids, and
git-daemon(1) no longer allows this by default. This is a genuine
regression in ikiwiki-hosting-web that was detected by its autopkgtest,
and not just a test issue.
I asked the git maintainers on #1076750 whether this was an intentional
behaviour change for git-daemon(1), which I had expected might have been
special-cased to be unaffected by this hardening because exporting git
repositories that it doesn't own is its whole purpose.
A crude solution would be for ikiwiki-hosting to write
[safe]
directory=*
into /var/lib/ikiwiki-hosting-web/git/.gitconfig, which happens to be
~/.gitconfig for the ikiwiki-anon user. I'm hoping that git maintainers
can suggest a better version of this, but unfortunately the first thing
I tried,
[safe]
directory=/var/lib/ikiwiki-hosting-web/git/*
does not work.
I do not consider the workaround proposed in
<https://salsa.debian.org/debian/ikiwiki-hosting/-/merge_requests/4>
to be a valid solution to this issue.
ikiwiki-hosting is a less important package than git, so I'm reporting this
as a RC bug in ikiwiki-hosting so that it will eventually get autoremoved,
hopefully allowing git to migrate.
smcv
--- End Message ---
--- Begin Message ---
Source: ikiwiki-hosting
Source-Version: 0.20220717-1
Done: Simon McVittie <s...@debian.org>
We believe that the bug you reported is fixed in the latest version of
ikiwiki-hosting, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1076...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <s...@debian.org> (supplier of updated ikiwiki-hosting package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 18 Aug 2024 10:44:28 +0100
Source: ikiwiki-hosting
Architecture: source
Version: 0.20220717-1
Distribution: unstable
Urgency: medium
Maintainer: Simon McVittie <s...@debian.org>
Changed-By: Simon McVittie <s...@debian.org>
Closes: 1076751
Changes:
ikiwiki-hosting (0.20220717-1) unstable; urgency=medium
.
[ Debian Janitor ]
* d/upstream/metadata: Add
* Remove version constraints unnecessary since Debian 10
.
[ Philip Hands ]
* Drop unnecessary dependency on lsb-base
* d/p/accept-ec-keys-as-valid-in-addition-to-r.patch:
Accept ECDSA keys as valid in addition to RSA keys.
Certbot 2.x generates these by default.
.
[ Simon McVittie ]
* New upstream release
* d/p/ikisite-backup-Create-the-bundle-as-the-site-s-user.patch:
Drop patch that was applied upstream
* d/upstream/metadata: Fill in more fields
* d/p/ikisite-Explicitly-set-0755-permissions-on-website-user-s.patch:
Add patch to fix autopkgtest failure with recent util-linux/shadow.
Home directories are now created with 0700 permissions by default,
breaking ikiwiki-hosting's assumption that the www-data and ikiwiki-anon
users will be able to read the home directories of the users that own
hosted websites.
* d/ikiwiki-hosting-web.init, d/ikiwiki-hosting-web.service:
Allow reading other users' repositories.
Each website's git repository is owned by its own uid, and the
git-daemon running as ikiwiki-anon needs to be able to read them all.
(Closes: #1076751)
* d/gbp.conf: Use debian/latest branch for packaging
Checksums-Sha1:
c11c864a2f06ccc4ea160d672d40e7e3f56efe28 2334 ikiwiki-hosting_0.20220717-1.dsc
a48b6ccccba5f6033eb33a4e1a50fae25f9b5cfa 113908
ikiwiki-hosting_0.20220717.orig.tar.xz
174ccc49e8b4bf352d3eb184ec9b6b4542699042 23464
ikiwiki-hosting_0.20220717-1.debian.tar.xz
7220a9f102131c8aef6dee7f7d7fdc11156f3abb 5771
ikiwiki-hosting_0.20220717-1_source.buildinfo
Checksums-Sha256:
219d7ce2600294bc4fca8872cc235469b899669d67d192909bc822b7ef2ff65d 2334
ikiwiki-hosting_0.20220717-1.dsc
f79079f88d2a88e9b7be328ae5c426ac6904a3cd7302ea7a6c2a1f0a1e7f0647 113908
ikiwiki-hosting_0.20220717.orig.tar.xz
45b8e65b136ced5476f1bff202d6f54f90fd05290cdb6ee1937867a8c11e062a 23464
ikiwiki-hosting_0.20220717-1.debian.tar.xz
b5f0c48f7e4ad40d5c9bc4a08892675161237ee372587f3eebe756600d4d3009 5771
ikiwiki-hosting_0.20220717-1_source.buildinfo
Files:
6fe08fc041a7c0aacf2d534e28c937e0 2334 admin optional
ikiwiki-hosting_0.20220717-1.dsc
75c20ed787355e9183716faf3e272245 113908 admin optional
ikiwiki-hosting_0.20220717.orig.tar.xz
ee19e31bab895daba524b1a5b6babacd 23464 admin optional
ikiwiki-hosting_0.20220717-1.debian.tar.xz
30013489304b4e6c0276863484d59cfb 5771 admin optional
ikiwiki-hosting_0.20220717-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmbB2yEACgkQ4FrhR4+B
TE9kug/+JJcjED0X0hPNKbwu6ykHtRtZa1o0+AjNFyJTLhRvDP7awy8SUvhofmp7
0ZGOyxyuRoZGneGxwpb0xGNufke2EW/YoYeFVbBXwkJ8pRf1nVXl285ljl+Z87sE
qPf2kDCMQDyv9ttUoA/10KuoFfOeHr6umqqnaSU3WBinVGv9Fmesg0LZc1hLio94
Vg11njTWeef7wd5Q+4LNn+JZ9jV0qUbR1nydLGXZlQtNSz+ORZYbKODK6U75VEVU
EE3JtKU9paMvpcz+Ui8caN2Uk3C7jxrZK0S9UzKh8Hp511V6D2+hPfINjNgWUpPZ
Wjo/CBv3tp47l7j7gLxInC9bTgjrBa0w0XUuKDsmIxz8dlKRfxd3RLJUL9nZ80cM
Vsu4re8pkjIXrqQ34E0ZCrsgYpHbRqCKSIiHMeeZBoNAAx+YNF0xzV7payXmO9zk
/+YcFBxruUytEWC90p+zUv+pV8DsRNpcYpaZTABRA4eljE/LTA00QrQ8B/xz5chu
qLm13krXhUEQDe5ppjUlK4nVngd8YgXCQYDFmIJDTK/vzw4Rjynbmncr6ep/XyD6
NWY2FTY+EpbUL0Awtl4xJP+4mcRfEdQswc+Lxme25gNEaJaeM67e3PgkeLSyPX34
7h+PpQPlv22c6BeOPOKg80S0alT5s6P8CmlCEgGQ2K2QwrDSEkI=
=9OxC
-----END PGP SIGNATURE-----
pgpFmY2h8xMZY.pgp
Description: PGP signature
--- End Message ---
