Bug#861688: unblock: newpid/8

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#861688: unblock: newpid/8
From: Christoph Berg <myon@debian.org>
Date: Tue, 2 May 2017 20:30:45 +0200
Message-id: <[🔎] 20170502183045.inke43am4dghdap7@msg.df7cb.de>
Mail-followup-to: Christoph Berg <myon@debian.org>, Debian Bug Tracking System <submit@bugs.debian.org>
Reply-to: Christoph Berg <myon@debian.org>, 861688@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package newpid. The new version mainly fixes postinst
installation failures on filesystems that do not support capabilities
(#860031).

The remaining changes are a trivial shell script update and
documentation/testsuite updates. (Needless to say, the testsuite is
passing, both on travis-ci.com and ci.debian.net.)


Control files: lines which differ (wdiff format)
------------------------------------------------
Standards-Version: [-3.9.6-] {+3.9.8+}

diff -Nru newpid-7/debian/changelog newpid-8/debian/changelog
--- newpid-7/debian/changelog	2015-12-23 11:33:14.000000000 +0100
+++ newpid-8/debian/changelog	2017-05-01 18:15:30.000000000 +0200
@@ -1,3 +1,15 @@
+newpid (8) unstable; urgency=medium
+
+  * If setcap fails (because the filesystem or namespace lacks support for
+    capabilities), fall back to setuid, so the installation doesn't fail.
+    Thanks to Adam Conrad for the patch! Closes: #860031
+  * newpid: More verbose usage output.
+  * newnet: Guard arguments with --.
+  * README: Note required kernel and glibc version.
+  * Bump Standards-Version.
+
+ -- Christoph Berg <myon@debian.org>  Mon, 01 May 2017 18:15:30 +0200
+
 newpid (7) unstable; urgency=medium
 
   * Add support for joining network namespaces (newpid -N).
diff -Nru newpid-7/debian/control newpid-8/debian/control
--- newpid-7/debian/control	2015-09-30 16:20:10.000000000 +0200
+++ newpid-8/debian/control	2017-05-01 18:15:30.000000000 +0200
@@ -2,7 +2,7 @@
 Section: utils
 Priority: optional
 Maintainer: Christoph Berg <myon@debian.org>
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Build-Depends: debhelper (>= 9~)
 Vcs-Browser: https://github.com/ChristophBerg/newpid
 Vcs-Git: git://github.com/ChristophBerg/newpid.git
diff -Nru newpid-7/debian/newpid.postinst newpid-8/debian/newpid.postinst
--- newpid-7/debian/newpid.postinst	2015-09-30 16:29:52.000000000 +0200
+++ newpid-8/debian/newpid.postinst	2017-05-01 18:13:17.000000000 +0200
@@ -4,7 +4,13 @@
 
 case $1 in
 	configure)
-		setcap "CAP_SYS_ADMIN,CAP_NET_ADMIN=pe" /usr/bin/newpid
+		# Code cargo-culted from iputils-ping postinst:
+		if setcap "CAP_SYS_ADMIN,CAP_NET_ADMIN=pe" /usr/bin/newpid; then
+			chmod u-s /usr/bin/newpid
+		else
+			echo "Setcap failed on /usr/bin/newpid, falling back to setuid" >&2
+			chmod u+s /usr/bin/newpid
+		fi
 		;;
 esac
 
diff -Nru newpid-7/newnet newpid-8/newnet
--- newpid-7/newnet	2015-10-07 10:01:32.000000000 +0200
+++ newpid-8/newnet	2015-12-26 18:15:24.000000000 +0100
@@ -1,3 +1,3 @@
 #!/bin/sh
 
-exec newpid -inu "$@"
+exec newpid -inu -- "$@"
diff -Nru newpid-7/newpid.c newpid-8/newpid.c
--- newpid-7/newpid.c	2015-12-17 17:06:21.000000000 +0100
+++ newpid-8/newpid.c	2017-05-01 18:14:45.000000000 +0200
@@ -214,8 +214,13 @@
 				cloneflags |= CLONE_NEWUTS;
 				break;
 			default: /* '?' */
-				fprintf(stderr, "Usage: %s [-inu] [command args ...]\n",
+				fprintf(stderr, "Usage: %s [options] [command args ...]\n",
 						argv[0]);
+				fprintf(stderr, "Options:\n");
+				fprintf(stderr, "  -i           request new IPC namespace (CLONE_NEWIPC)\n");
+				fprintf(stderr, "  -n           request new network namespace (CLONE_NEWNET)\n");
+				fprintf(stderr, "  -N newpidns  join named network namespace\n");
+				fprintf(stderr, "  -u           request new UTS namespace (CLONE_NEWUTS)\n");
 				exit(EXIT_FAILURE);
 		}
 	}
diff -Nru newpid-7/README.md newpid-8/README.md
--- newpid-7/README.md	2015-12-17 16:45:51.000000000 +0100
+++ newpid-8/README.md	2017-05-01 18:15:30.000000000 +0200
@@ -1,6 +1,8 @@
 newpid
 ======
 
+[![Build Status](https://travis-ci.org/ChristophBerg/newpid.svg?branch=master)](https://travis-ci.org/ChristophBerg/newpid)
+
 Newpid is a wrapper around clone(CLONE_NEWPID) that launches a command
 in a new PID namespace. Child processes exiting are properly reaped so no
 zombie processes stay around. /proc is also remounted so it sees the new
@@ -57,4 +59,10 @@
 ip netns exec newpidns1 ip link set veth1 up
 </pre>
 
+Requirements
+------------
+
+The setns() system call first appeared in Linux in kernel 3.0; library support
+was added to glibc in version 2.14.
+
  -- Christoph Berg <myon@debian.org>
diff -Nru newpid-7/.travis.yml newpid-8/.travis.yml
--- newpid-7/.travis.yml	1970-01-01 01:00:00.000000000 +0100
+++ newpid-8/.travis.yml	2017-05-01 18:15:30.000000000 +0200
@@ -0,0 +1,14 @@
+# run the testsuite on travis-ci.com
+---
+language: C
+dist: trusty
+sudo: required
+
+install:
+  - sudo apt-get install build-essential debhelper devscripts fakeroot iputils-ping
+
+script:
+  - dpkg-buildpackage -us -uc -rfakeroot
+  - for deb in ../*.deb; do echo "$deb:"; dpkg-deb --info $deb; dpkg-deb --contents $deb; done
+  - sudo debi
+  - LANGUAGE= LANG=C.UTF-8 make check


unblock newpid/8


Thanks for considering,
Christoph

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#861688: marked as done (unblock: newpid/8)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#861686: unblock: openssl/1.1.0e-2
Next by Date: Bug#861589: marked as done (unblock: gnumed-client/1.6.11+dfsg-3)
Previous by thread: Bug#861686: marked as done (unblock: openssl/1.1.0e-2)
Next by thread: Bug#861688: marked as done (unblock: newpid/8)
Index(es):
- Date
- Thread