checksecurity: Doesn't seem to install cleanly.

Automatically imported from Debian bug report #299811 http://bugs.debian.org/299811

Message-ID: <20050316175526.GA7357@forest>
Date: Wed, 16 Mar 2005 18:55:27 +0100
From: Uwe Hermann <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: checksecurity: Doesn't seem to install cleanly.

Package: checksecurity
Version: 2.0.7-2
Severity: grave
Justification: renders package unusable

I tried to install checksecurity today, and this is what I got:

# apt-get install checksecurity
Reading Package Lists... Done
Building Dependency Tree... Done
Suggested packages:
  apt-watch cron-apt
Recommended packages:
  tripwire integrit aide samhain fcheck
The following NEW packages will be installed:
  checksecurity
0 upgraded, 1 newly installed, 0 to remove and 121 not upgraded.
Need to get 19.9kB of archives.
After unpacking 168kB of additional disk space will be used.
Get:1 http://http.us.debian.org unstable/main checksecurity 2.0.7-2
[19.9kB]
Fetched 19.9kB in 0s (21.6kB/s)
Preconfiguring packages ...
Selecting previously deselected package checksecurity.
(Reading database ... 200154 files and directories currently installed.)
Unpacking checksecurity (from .../checksecurity_2.0.7-2_all.deb) ...
Setting up checksecurity (2.0.7-2) ...
dpkg: error processing checksecurity (--configure):
 subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
 checksecurity
E: Sub-process /usr/bin/dpkg returned an error code (1)

I haven't looked further into it, but if you need more information I'll
happily provide it.

Uwe.
--
Uwe Hermann <email address hidden>
http://www.hermann-uwe.de | http://www.crazy-hacks.org
http://www.it-services-uh.de | http://www.phpmeat.org
http://www.unmaintained-free-software.org | http://www.holsham-traders.de

Message-Id: <E1DBd5Y-0008KE-00@localhost>
Date: Wed, 16 Mar 2005 13:17:47 -0500
From: Justin Pryzby <email address hidden>
To: <email address hidden>
Subject: tagging 299811

# Automatically generated email from bts, devscripts version 2.8.10
tags 299811 sid

Message-ID: <20050316182134.GA32054@andromeda>
Date: Wed, 16 Mar 2005 13:21:34 -0500
From: Justin Pryzby <email address hidden>
To: <email address hidden>
Subject: checksecurity bug

I was able to upgrade then purge, then reinstall sid's new
checksecurity. So, I think it would be useful if you could make the
postinst set -x and reconfigure it to point out where the problem is.

Thanks,
Justin

Message-ID: <email address hidden>
Date: Wed, 16 Mar 2005 19:47:24 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
To: Uwe Hermann <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#299811: checksecurity: Doesn't seem to install cleanly.

--jI8keyz6grp/JLjh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

tags 299811 moreinfo unreproducible
thanks

> I tried to install checksecurity today, and this is what I got:
(...)
> Unpacking checksecurity (from .../checksecurity_2.0.7-2_all.deb) ...
> Setting up checksecurity (2.0.7-2) ...
> dpkg: error processing checksecurity (--configure):
> subprocess post-installation script returned error exit status 1
> Errors were encountered while processing:
> checksecurity
> E: Sub-process /usr/bin/dpkg returned an error code (1)
>=20
>=20
> I haven't looked further into it, but if you need more information I'll
> happily provide it.

Yes, please, I cannot reproduce this. Can you please do this?

# export DEBCONF_DEBUG=3Ddeveloper
# apt-get install --reinstall checksecurity

And if that fails, run this and provide the output here:

# debconf --frontend=3Dreadline sh -x \
/var/lib/dpkg/info/checksecurity.postinst configure 2.0.7-2

Thanks

Javier

--jI8keyz6grp/JLjh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCOH88i4sehJTrj0oRApmxAKCas79AwAlUlZ9wUq5olL2h4a7brgCfcB3d
sFEf2sT8JlhA+Qz4JRxm2YE=
=fTkt
-----END PGP SIGNATURE-----

--jI8keyz6grp/JLjh--

Message-ID: <email address hidden>
Date: Wed, 16 Mar 2005 19:49:29 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
To: Justin Pryzby <email address hidden>,
  <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#299811: checksecurity bug

On Wed, Mar 16, 2005 at 01:21:34PM -0500, Justin Pryzby wrote:
> I was able to upgrade then purge, then reinstall sid's new
> checksecurity. So, I think it would be useful if you could make the
> postinst set -x and reconfigure it to point out where the problem is.

That might work too, but I suggested previously running the script through
debconf with DEBUG on to see what's going on.

Regards

Javier

Not pretty, but it does install in Hoary:

(Reading database ... 143525 files and directories currently installed.)
Unpacking checksecurity (from .../checksecurity_2.0.7-1_all.deb) ...
Setting up checksecurity (2.0.7-1) ...
mv: cannot stat `/var/log/setuid.yesterday': No such file or directory
mv: cannot stat `/var/log/setuid.today': No such file or directory
mv: cannot stat `/var/log/setuid.changes': No such file or directory
mv: cannot stat `/var/log/setuid.changes.*': No such file or directory

Message-ID: <20050316223830.GA29090@forest>
Date: Wed, 16 Mar 2005 23:38:30 +0100
From: Uwe Hermann <email address hidden>
To: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#299811: checksecurity: Doesn't seem to install cleanly.

Hi,

On Wed, Mar 16, 2005 at 07:47:24PM +0100, Javier Fern=E1ndez-Sanguino Pe=F1=
a wrote:
> Yes, please, I cannot reproduce this. Can you please do this?
>=20
> # export DEBCONF_DEBUG=3Ddeveloper
> # apt-get install --reinstall checksecurity

Reinstalling works without errors. I did some debugging and came up with =
a
patch. The problem is this snippet in postinst:

if [ ! -d /var/log/setuid ]; then
        mkdir -m 750 /var/log/setuid
        chown root:adm /var/log/setuid || true
        for file in /var/log/setuid.yesterday /var/log/setuid.today
/var/log/setuid.changes \
                /var/log/setuid.changes.*; do
                [ -e $file ] && mv $file /var/log/setuid
        done
fi

The [ -e $file ] has a return code of 1 if the given files don't exist.
This return code seems to become the return code of the whole postinst
script, later. Here's my proposed fix, which works for me (tm):

--- postinst 2005-03-16 23:27:57.000000000 +0100
+++ postinst.new 2005-03-16 23:28:26.000000000 +0100
@@ -19,7 +19,9 @@
        chown root:adm /var/log/setuid || true
        for file in /var/log/setuid.yesterday /var/log/setuid.today
/var/log/setuid.changes \
                /var/log/setuid.changes.*; do
- [ -e $file ] && mv $file /var/log/setuid=20
+ if [ -e $file ]; then
+ mv $file /var/log/setuid
+ fi
        done
 fi

HTH, Uwe.
--=20
Uwe Hermann <email address hidden>
http://www.hermann-uwe.de | http://www.crazy-hacks.org
http://www.it-services-uh.de | http://www.phpmeat.org
http://www.unmaintained-free-software.org | http://www.holsham-traders.de

Message-Id: <email address hidden>
Date: Wed, 16 Mar 2005 19:47:06 -0500
From: Javier Fernandez-Sanguino Pen~a <email address hidden>
To: <email address hidden>
Subject: Bug#299811: fixed in checksecurity 2.0.7-3

Source: checksecurity
Source-Version: 2.0.7-3

We believe that the bug you reported is fixed in the latest version of
checksecurity, which is due to be installed in the Debian FTP archive:

checksecurity_2.0.7-3.diff.gz
  to pool/main/c/checksecurity/checksecurity_2.0.7-3.diff.gz
checksecurity_2.0.7-3.dsc
  to pool/main/c/checksecurity/checksecurity_2.0.7-3.dsc
checksecurity_2.0.7-3_all.deb
  to pool/main/c/checksecurity/checksecurity_2.0.7-3_all.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <email address hidden> (supplier of updated checksecurity package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 17 Mar 2005 01:19:29 +0100
Source: checksecurity
Binary: checksecurity
Architecture: source all
Version: 2.0.7-3
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <email address hidden>
Changed-By: Javier Fernandez-Sanguino Pen~a <email address hidden>
Description:
 checksecurity - basic system security checks
Closes: 299811
Changes:
 checksecurity (2.0.7-3) unstable; urgency=low
 .
   * Fix postinst's check for files so that the return code is always
     true, have the script run with -e and add also an 'exit 0'
     return status in any case. (Closes: #299811)
Files:
 78ab376507ee991ccd13f26dada57a64 726 admin optional checksecurity_2.0.7-3.dsc
 dbbc7f8d278c60d8c52326a320f90914 8746 admin optional checksecurity_2.0.7-3.diff.gz
 c008166d9ea724623171d4339d2ad12a 20044 admin optional checksecurity_2.0.7-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iQCVAwUBQjjNnPtEPvakNq0lAQI/PAP+OWO8gmbkp8eklp/WdrUH+kMxh+Pselnv
SxkNOBI96vb103ZErVMCvbaGe9DM5tXvoOjsWPxWmmLMnci9z/EfileFgxAoN1Ht
5TxTEIMFw8/pz5AAkzUi6A3PZy9rbiIpK0hBpZNSI2rnfuUa4/93fF3u6MEL/RYr
jpHWV2D/xxc=
=6cKf
-----END PGP SIGNATURE-----

Looks like the bug was introduced with the code to avoid those ugly errors, so
we don't have the bug