Netplan generates systemd-networkd config files with incorrect file permissions

Status changed to 'Confirmed' because the bug affects multiple users.

Yes, should enforce proper permissions on the generated files.

It looks like this and bug LP: #1736965 are duplicates.

I have proposed https://github.com/CanonicalLtd/netplan/pull/36 as a fix.

Regards,
Daniel

This bug was fixed in the package netplan.io - 0.40

---------------
netplan.io (0.40) cosmic; urgency=medium

  * New upstream release:
    - networkd: route source is PreferredSource= not From=
    - Improve NetworkManager error reporting on unrenderable routes.
    - Don't render ipv4 dns-search unless we have an ipv4 address.
      (LP: #1786726)
    - Set permissive umask on networkd .network, .link and .netdev files
      (LP: #1736965, LP: #1768560)
    - Fix support for link-scope routes. (LP: #1747455)
    - Update man pages for deletion of replug code.
    - Spell Gratuitous ARP correctly and make it work. (LP: #1756701)
    - Many typo fixes for documentation. (LP: #1783940)
    - Various build system fixes.
    - Fix integration tests:
      - iproute2 output changes for link-scope routes
      - fix stability of networkd igmp-resend test
      - fix manual_addresses test now that networkd lists ~. domain
    - Deduplicate code for parsing interface options
    - Add support for optional-addresses.

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 13 Sep 2018 17:29:41 -0400

Hello Corey, or anyone else affected,

Accepted netplan.io into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.40~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Corey, or anyone else affected,

Accepted netplan.io into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.40.1~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Marking verification-done since the master bug #1736965 was marked verification-done.

Hello Corey, or anyone else affected,

Accepted netplan.io into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.40.1~18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

This bug was fixed in the package netplan.io - 0.40.1~18.04.2

---------------
netplan.io (0.40.1~18.04.2) bionic; urgency=medium

  * Fix typo breaking rename on 'netplan apply'. (LP: #1770082)

netplan.io (0.40.1~18.04.1) bionic; urgency=medium

  * Backport netplan 0.40.1 to 18.04. (LP: #1793309)

netplan.io (0.40.1) cosmic; urgency=medium

  * tests/generate.py: use random.sample() instead of random.choices() to
    better support older pythons.
  * Deal gracefully with empty files on 'netplan apply' (LP: #1795343)

netplan.io (0.40) cosmic; urgency=medium

  * New upstream release:
    - networkd: route source is PreferredSource= not From=
    - Improve NetworkManager error reporting on unrenderable routes.
    - Don't render ipv4 dns-search unless we have an ipv4 address.
      (LP: #1786726)
    - Set permissive umask on networkd .network, .link and .netdev files
      (LP: #1736965, LP: #1768560)
    - Fix support for link-scope routes. (LP: #1747455)
    - Update man pages for deletion of replug code.
    - Spell Gratuitous ARP correctly and make it work. (LP: #1756701)
    - Many typo fixes for documentation. (LP: #1783940)
    - Various build system fixes.
    - Fix integration tests:
      - iproute2 output changes for link-scope routes
      - fix stability of networkd igmp-resend test
      - fix manual_addresses test now that networkd lists ~. domain
    - Deduplicate code for parsing interface options
    - Add support for optional-addresses.

netplan.io (0.39) cosmic; urgency=medium

  * New upstream release:
    - Allow link-local addresses to be configured. (LP: #1771704)
    - Forces bridges with no addresses to be brought online. (LP: #1736975)

netplan.io (0.38) cosmic; urgency=medium

  * New upstream release:
    - Write udev .rules files to /run/udev/rules.d to enforce interface
      renaming. (LP: #1770082)
    - Don't traceback for 'netplan ip leases' when iface is not managed or
      doesn't DHCP (LP: #1768823)
    - Fix duplicate "/" path separator in error messages (LP: #1771440)
    - Fix incorrect terminal reset in 'netplan try' on Ctrl-C. (LP: #1768798)
    - Updated doc entries: mtu, fix fwmark->mark, cleanup optional.
      (LP: #1768783)
    - Added documentation validation at build.
    - Added configuration example for multi-ip interfaces.
  * tests/integration.py: fix test_eth_and_bridge autopkg test harder.
  * debian/control:
    - Add iproute2 to Depends.
    - Add python3-netifaces to Depends, Build-Depends.

 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 22 Oct 2018 15:02:30 -0400

Hello Corey, or anyone else affected,

Accepted netplan.io into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.40.1~18.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Resetting the tags to verification-done as per the discussion in https://bugs.launchpad.net/netplan/+bug/1770082/comments/95.

The SRU had been rolled back due to a regression that needed to be fixed, but we still consider the previous verification to be valid.

This bug was fixed in the package netplan.io - 0.40.1~18.04.3

---------------
netplan.io (0.40.1~18.04.3) bionic; urgency=medium

  * Fix idempotency in renaming: bond members should be exempt from rename, as
    they may all share a single MAC for the bond device. (LP: #1802322)
  * tests/integration.py: add test designed to catch the above regression.

netplan.io (0.40.1~18.04.2) bionic; urgency=medium

  * Fix typo breaking rename on 'netplan apply'. (LP: #1770082)

netplan.io (0.40.1~18.04.1) bionic; urgency=medium

  * Backport netplan 0.40.1 to 18.04. (LP: #1793309)

netplan.io (0.40.1) cosmic; urgency=medium

  * tests/generate.py: use random.sample() instead of random.choices() to
    better support older pythons.
  * Deal gracefully with empty files on 'netplan apply' (LP: #1795343)

netplan.io (0.40) cosmic; urgency=medium

  * New upstream release:
    - networkd: route source is PreferredSource= not From=
    - Improve NetworkManager error reporting on unrenderable routes.
    - Don't render ipv4 dns-search unless we have an ipv4 address.
      (LP: #1786726)
    - Set permissive umask on networkd .network, .link and .netdev files
      (LP: #1736965, LP: #1768560)
    - Fix support for link-scope routes. (LP: #1747455)
    - Update man pages for deletion of replug code.
    - Spell Gratuitous ARP correctly and make it work. (LP: #1756701)
    - Many typo fixes for documentation. (LP: #1783940)
    - Various build system fixes.
    - Fix integration tests:
      - iproute2 output changes for link-scope routes
      - fix stability of networkd igmp-resend test
      - fix manual_addresses test now that networkd lists ~. domain
    - Deduplicate code for parsing interface options
    - Add support for optional-addresses.

netplan.io (0.39) cosmic; urgency=medium

  * New upstream release:
    - Allow link-local addresses to be configured. (LP: #1771704)
    - Forces bridges with no addresses to be brought online. (LP: #1736975)

netplan.io (0.38) cosmic; urgency=medium

  * New upstream release:
    - Write udev .rules files to /run/udev/rules.d to enforce interface
      renaming. (LP: #1770082)
    - Don't traceback for 'netplan ip leases' when iface is not managed or
      doesn't DHCP (LP: #1768823)
    - Fix duplicate "/" path separator in error messages (LP: #1771440)
    - Fix incorrect terminal reset in 'netplan try' on Ctrl-C. (LP: #1768798)
    - Updated doc entries: mtu, fix fwmark->mark, cleanup optional.
      (LP: #1768783)
    - Added documentation validation at build.
    - Added configuration example for multi-ip interfaces.
  * tests/integration.py: fix test_eth_and_bridge autopkg test harder.
  * debian/control:
    - Add iproute2 to Depends.
    - Add python3-netifaces to Depends, Build-Depends.

 -- Mathieu Trudel-Lapierre <email address hidden> Wed, 21 Nov 2018 14:42:59 -0500

The verification of the Stable Release Update for netplan.io has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.