Your message dated Mon, 09 Sep 2024 16:32:09 +0000
with message-id <e1snhjb-00f4ke...@fasolo.debian.org>
and subject line Bug#1076751: fixed in ikiwiki-hosting 0.20220716-2+deb12u1
has caused the Debian Bug report #1076751,
regarding ikiwiki-hosting: autopkgtest regression with git 2.45.2: dubious
ownership in repository at
'/var/lib/ikiwiki-hosting-web/git/foo.example.com.git'
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1076751: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076751
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ikiwiki-hosting
Version: 0.20220716-2
Severity: serious
Tags: upstream trixie sid
Justification: https://release.debian.org/testing/rc_policy.txt ยง6a
X-Debbugs-Cc: debian...@lists.debian.org
User: debian...@lists.debian.org
Usertags: needs-update
As reported (eventually) in
<https://salsa.debian.org/debian/ikiwiki-hosting/-/merge_requests/4>,
ikiwiki-hosting's autopkgtest is failing with git >= 2.45 as a result
of new restrictions on reading other uids' git repositories.
The root cause of this appears to be <https://bugs.debian.org/1076750>.
ikiwiki-hosting-web runs an instance of git-daemon(1) as uid 'ikiwiki-anon'
to serve user-generated content that is owned by other uids, and
git-daemon(1) no longer allows this by default. This is a genuine
regression in ikiwiki-hosting-web that was detected by its autopkgtest,
and not just a test issue.
I asked the git maintainers on #1076750 whether this was an intentional
behaviour change for git-daemon(1), which I had expected might have been
special-cased to be unaffected by this hardening because exporting git
repositories that it doesn't own is its whole purpose.
A crude solution would be for ikiwiki-hosting to write
[safe]
directory=*
into /var/lib/ikiwiki-hosting-web/git/.gitconfig, which happens to be
~/.gitconfig for the ikiwiki-anon user. I'm hoping that git maintainers
can suggest a better version of this, but unfortunately the first thing
I tried,
[safe]
directory=/var/lib/ikiwiki-hosting-web/git/*
does not work.
I do not consider the workaround proposed in
<https://salsa.debian.org/debian/ikiwiki-hosting/-/merge_requests/4>
to be a valid solution to this issue.
ikiwiki-hosting is a less important package than git, so I'm reporting this
as a RC bug in ikiwiki-hosting so that it will eventually get autoremoved,
hopefully allowing git to migrate.
smcv
--- End Message ---
--- Begin Message ---
Source: ikiwiki-hosting
Source-Version: 0.20220716-2+deb12u1
Done: Salvatore Bonaccorso <car...@debian.org>
We believe that the bug you reported is fixed in the latest version of
ikiwiki-hosting, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1076...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated ikiwiki-hosting
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 07 Sep 2024 11:38:42 +0200
Source: ikiwiki-hosting
Architecture: source
Version: 0.20220716-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Simon McVittie <s...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 1076751
Changes:
ikiwiki-hosting (0.20220716-2+deb12u1) bookworm; urgency=medium
.
[ Simon McVittie ]
* d/ikiwiki-hosting-web.{init,service}: Allow reading other users'
repositories.
Each website's git repository is owned by its own uid, and the
git-daemon running as ikiwiki-anon needs to be able to read them all.
(Closes: #1076751)
Checksums-Sha1:
92389b861f0ce874f16deb34f471f4ac9c44e606 2394
ikiwiki-hosting_0.20220716-2+deb12u1.dsc
f83d51f4a75cb26eae92a6aa2d7a0f469d3d61b9 22756
ikiwiki-hosting_0.20220716-2+deb12u1.debian.tar.xz
3b073641a945f720b52f12705a181c69cc575e80 7267
ikiwiki-hosting_0.20220716-2+deb12u1_source.buildinfo
Checksums-Sha256:
d2e7aff8c2e4139f1ff5c4aeae1950eaafeba243d7f63ef0bbc1959e74d6e276 2394
ikiwiki-hosting_0.20220716-2+deb12u1.dsc
c3ba88ae4a4b7ce9994cd05a417840382b5a4b79163dd17229be125b1efaffe8 22756
ikiwiki-hosting_0.20220716-2+deb12u1.debian.tar.xz
af42c260b33a63e536821ef656edff2a701b322c8d85fb438384a269b96ec5c9 7267
ikiwiki-hosting_0.20220716-2+deb12u1_source.buildinfo
Files:
f40c3688e9a09d36f46d0a53e3d20bd8 2394 admin optional
ikiwiki-hosting_0.20220716-2+deb12u1.dsc
ffbd878cbf42e7bab4aad41ec2223879 22756 admin optional
ikiwiki-hosting_0.20220716-2+deb12u1.debian.tar.xz
cc042cddbc965b38dcff3c3379f3f322 7267 admin optional
ikiwiki-hosting_0.20220716-2+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmbe8+9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EAG4P/R2mtY9LFArSsOe5fwLYu0XEZepLTlgx
T4pGzf5AuFylQmA6s3etLm4ULdL6hyXCAPiamqQYBOMogRcULAOdvxYI5Ehe4L9v
7FXfiTzh4xNkHr/xNvcZIz2a2Wycfn1tsQgOFo78SnNU0EhiAS4jBrOtBcaKzX4F
i7sClap5WLMAUi0U09AgY6NFeYexm4m642GHKrivX23egn/8FQfjo5PgZz3kjDar
q6X3CDEXXB/rS45JwqGsvs3Cixa4SosEm6SZCX/NOPAIqGVm94ln5dJO54UJWaaf
UqW54wSUyHax5UKHEizuhMyXemwWiHKqn8yXmXRZi3uV/0xJH1n4kmLEVSW64vZ6
ix/I7/Bjmh1FdFUoOQnkiXf+CEuZOQxxjDMo0cAB8GLh+uqmhIdxQ3/39rE0gDQe
JZ8xd7e8b45v2f/LeGw5n2UYdU6It/GbrUSObxMa4fpOJlYCwc3/CvhD2jf5LSIj
R0kEy2Xnzy1e2DFiEShXwy306C3iTjKSmGRK11+mYOkSSCAf0v5K6L+bud5D7puk
w7AtSWPjWB5TWjHcQwFcmnA2pIMhyGmxL7XCTQU1jsRU/2xVxdyhITZe1WTBFaji
k+ufNEUdv4K4R4BZTHZ/cH1/necjJBII24M+vZMHOFDKUstynQCPPSCfR73cfLB5
IzhcwaN4KdD2
=UdoO
-----END PGP SIGNATURE-----
pgpLixCALfb2v.pgp
Description: PGP signature
--- End Message ---
