Debian Bug report logs - #376670
reseed: postinst failure when no HTTP proxy and ICMP is filtered

version graph

Package: reseed; Maintainer for reseed is (unknown);

Reported by: Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>

Date: Tue, 4 Jul 2006 07:33:01 UTC

Severity: grave

Tags: fixed, patch

Found in version reseed/1.1-3.1

Fixed in version 1.1-3.2

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Sam Johnston <samj@aos.net.au>:
Bug#376670; Package reseed. Full text and rfc822 format available.

Acknowledgement sent to "Laurent Bonnaud" <bonnaud@lis.inpg.fr>:
New Bug report received and forwarded. Copy sent to Sam Johnston <samj@aos.net.au>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Laurent Bonnaud" <bonnaud@lis.inpg.fr>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: reseed: postinst failure when no HTTP proxy and ICMP is filtered
Date: Tue, 04 Jul 2006 09:26:13 +0200
Package: reseed
Version: 1.1-3.1
Severity: grave
Justification: renders package unusable


Hi,

I'm trying to use reseed on a network whith direct Internet access,
where there is no HTTP proxy and where all ICMP packets are filtered.
In this situation reseed fails to configure:


Setting up reseed (1.1-3.1) ...
Re-seeding random number generator from net...no net access
dpkg: error processing reseed (--configure):


Using ping to test if there is network access is useless.  The
random.org HTTP server should be queried directly.


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (100, 'unstable'), (99, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-686
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)

Versions of packages reseed depends on:
ii  libwww-perl                   5.805-1    WWW client/server library for Perl

reseed recommends no packages.

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Johnston <samj@aos.net.au>:
Bug#376670; Package reseed. Full text and rfc822 format available.

Acknowledgement sent to joseparrella@cantv.net:
Extra info received and forwarded to list. Copy sent to Sam Johnston <samj@aos.net.au>. Full text and rfc822 format available.

Message #10 received at 376670@bugs.debian.org (full text, mbox):

From: José Parrella <joseparrella@cantv.net>
To: 376670@bugs.debian.org, control@bugs.debian.org
Subject: Patch for reseed: postinst failure when no HTTP proxy and ICMP is filtered
Date: Wed, 19 Jul 2006 21:27:50 -0400
[Message part 1 (text/plain, inline)]
tags 376670 +patch
thank you

The following patch should solve the failure in the postinst action in
ICMP filtered environments, while preventing the further execution of
the program if no random seed could be retrieved:

50,13d12
< use Net::Ping;
50,54d48
< # see if we've got net access
< my $p = new Net::Ping('icmp');
< die("no net access\n") unless $p->ping($ping_host);
< $p->close();
<
58a53
> die("no net access\n") unless $response->{_rc} eq "200";

I'm attaching a patched reseed program. Please comment on this patch and
apply it as soon as you can if it's good for you.

Jose

-- 
José M. Parrella -> Debian Sid, k2.6.16.20
Escuela de Ingenieria Electrica
Universidad Central de Venezuela -> ucvlug.info
[reseed (text/plain, inline)]
#!/usr/bin/perl

# reseed - re-seed the random number generator using a number
# acquired from random.org, the Internet random numbers source
# Generally this script is intended to be run as part of the
# boot process, and must be run with root permissions
# $Id: reseed,v 1.1 1999/11/01 12:30:43 dobsons Exp $

use strict;

use LWP::UserAgent;
use URI::URL;

autoflush STDOUT 1;
print "Re-seeding random number generator from net...";

my $proxies = "/etc/sysconfig/proxies";
my $random_device = "/dev/urandom";
my $bytes = 512;
my $random_host = "www.random.org";
my $random_url =
"http://$random_host/cgi-bin/randnum?num=$bytes&min=0&max=255&col=1";
my $ping_host = $random_host;

# set up web access from local sysconfig
my $ua = new LWP::UserAgent;
my ($lower, $url);
if(-f $proxies)
  {
    # We expect $proxies to contain a file of shell variable definitions
    # for proxies for different protocols - in particular a variable
    # HTTP_PROXY for the local web proxy. Otherwise we assume a direct
    # Internet connection
    open(PROXY, "<$proxies") || die("can't open $proxies\n");
    while(<PROXY>)
      {
        if(/(\w+)_PROXY \s* = \s* \"([^\"]*)\"/ix)
          {
            $lower = $1;   $url = $2;
            $lower =~ tr/A-Z/a-z/;
            $ua->proxy([$lower], $url);
            if($url =~ m#\w+://([^/:]+)#)
               { $ping_host = $1; }
          }
      }
    close(PROXY);
  }

# hit random number source for a seed
my ($request, $response, @bytes);
$request = new HTTP::Request("GET", $random_url);
$response = $ua->request($request);
die("no net access\n") unless $response->{_rc} eq "200";

# generate a byte stream from the numbers
@bytes = split /\n/, $response->content();
map { chr($_) } @bytes;

# write the byte stream into the random number generator
open(RANDOM, "| dd of=$random_device bs=$bytes count=1 2>/dev/null") ||
die("can't write to $random_device\n");
print RANDOM (join "", @bytes);
close(RANDOM);

print "done\n";
exit 0;

Tags added: patch Request was from José Parrella <joseparrella@cantv.net> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug submitter from "Laurent Bonnaud" <bonnaud@lis.inpg.fr> to Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>. Request was from Laurent Bonnaud <Laurent.Bonnaud@inpg.fr> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: fixed Request was from Michael Meskes <michael@1> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 1.1-3.2, send any further explanations to Laurent Bonnaud <Laurent.Bonnaud@inpg.fr> Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Message sent on to Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>:
Bug#376670. Full text and rfc822 format available.

Message #21 received at 376670-submitter@bugs.debian.org (full text, mbox):

From: Steve Langasek <vorlon@debian.org>
To: 370031-submitter@bugs.debian.org, 370147-submitter@bugs.debian.org, 370178-submitter@bugs.debian.org, 370193-submitter@bugs.debian.org, 370232-submitter@bugs.debian.org, 370233-submitter@bugs.debian.org, 370244-submitter@bugs.debian.org, 370438-submitter@bugs.debian.org, 370447-submitter@bugs.debian.org, 370451-submitter@bugs.debian.org, 370504-submitter@bugs.debian.org, 370519-submitter@bugs.debian.org, 370757-submitter@bugs.debian.org, 370784-submitter@bugs.debian.org, 371142-submitter@bugs.debian.org, 372193-submitter@bugs.debian.org, 372275-submitter@bugs.debian.org, 372488-submitter@bugs.debian.org, 372558-submitter@bugs.debian.org, 372619-submitter@bugs.debian.org, 372840-submitter@bugs.debian.org, 373464-submitter@bugs.debian.org, 373509-submitter@bugs.debian.org, 373559-submitter@bugs.debian.org, 373693-submitter@bugs.debian.org, 373953-submitter@bugs.debian.org, 374000-submitter@bugs.debian.org, 374045-submitter@bugs.debian.org, 374264-submitter@bugs.debian.org, 374396-submitter@bugs.debian.org, 374487-submitter@bugs.debian.org, 374490-submitter@bugs.debian.org, 374595-submitter@bugs.debian.org, 374730-submitter@bugs.debian.org, 374846-submitter@bugs.debian.org, 374909-submitter@bugs.debian.org, 374935-submitter@bugs.debian.org, 374955-submitter@bugs.debian.org, 375105-submitter@bugs.debian.org, 375561-submitter@bugs.debian.org, 375572-submitter@bugs.debian.org, 375612-submitter@bugs.debian.org, 376197-submitter@bugs.debian.org, 376402-submitter@bugs.debian.org, 376421-submitter@bugs.debian.org, 376422-submitter@bugs.debian.org, 376471-submitter@bugs.debian.org, 376670-submitter@bugs.debian.org, 376673-submitter@bugs.debian.org, 376715-submitter@bugs.debian.org, 376875-submitter@bugs.debian.org, 376946-submitter@bugs.debian.org, 376972-submitter@bugs.debian.org, 377080-submitter@bugs.debian.org, 377089-submitter@bugs.debian.org, 377248-submitter@bugs.debian.org, 377285-submitter@bugs.debian.org, 377445-submitter@bugs.debian.org, 377652-submitter@bugs.debian.org, 377694-submitter@bugs.debian.org, 377813-submitter@bugs.debian.org, 377895-submitter@bugs.debian.org, 377978-submitter@bugs.debian.org, 377991-submitter@bugs.debian.org, 378026-submitter@bugs.debian.org, 378049-submitter@bugs.debian.org, 378066-submitter@bugs.debian.org, 378091-submitter@bugs.debian.org, 378198-submitter@bugs.debian.org, 378253-submitter@bugs.debian.org, 378296-submitter@bugs.debian.org, 378393-submitter@bugs.debian.org, 378397-submitter@bugs.debian.org, 378412-submitter@bugs.debian.org, 378447-submitter@bugs.debian.org, 378498-submitter@bugs.debian.org, 378586-submitter@bugs.debian.org, 379214-submitter@bugs.debian.org, 379242-submitter@bugs.debian.org, 379261-submitter@bugs.debian.org, 379264-submitter@bugs.debian.org, 379275-submitter@bugs.debian.org, 379486-submitter@bugs.debian.org, 379537-submitter@bugs.debian.org, 379566-submitter@bugs.debian.org, 379584-submitter@bugs.debian.org, 379744-submitter@bugs.debian.org, 379813-submitter@bugs.debian.org, 379895-submitter@bugs.debian.org, 368991-submitter@bugs.debian.org, 369450-submitter@bugs.debian.org, 369733-submitter@bugs.debian.org
Subject: bugs fixed in NMU, documenting versions
Date: Wed, 25 Oct 2006 21:05:42 -0700
# Hi folks,
#
# You are receiving this mail because you are the submitter of one or more
# bugs that have been fixed in a non-maintainer upload of a Debian package,
# but not yet acknowledged by the maintainers.  With version tracking in the
# Debian BTS, it is important to know which version of a package fixes each
# bug so that they can be tracked for release status in the BTS, so I'm
# closing these bugs with the relevant version number information now.
#
# It is possible that this will be the only message you receive about this
# bug being fixed, and due to the volume of affected bugs we are
# unfortunately not sending individualized explanations for each bug.  If
# you have questions about the fix for your particular bug or about this
# email, please contact me directly or follow up to the bug report in the
# BTS.

close 370031 1.12-0.1
close 370147 0.3.4.cvs.20050813-2.1
close 370178 3.1.0-5.2
close 370193 1.2.2-4.3
close 370232 1.2-2.1
close 370233 4.2.22-2.1
close 370244 0.7.6-1.1
close 370438 0.3.6-2.1
close 370447 0.1.5-1.1
close 370451 0.3.9-1.1
close 370504 1.99.0-2.1
close 370519 1.0.3-1.2
close 370757 2.2-5.2
close 370784 2.4.0-4.1
close 371142 1.1.3-5.2
close 372193 1:0.7.44.20051021-2.1
close 372275 0.7.3-3.1
close 372488 0.8.0-1
close 372558 0.5.10-1.1
close 372619 1.3-0.1
close 372840 0.9.10-3.2
close 373464 1.5.3-1.1
close 373509 0.99cvs20060405-1.1
close 373559 0.0.43-0.1
close 373693 2.4-11.1
close 373953 1.9.0+20060423-3.1
close 374000 3.1.0-5.3
close 374045 1.3bbn-9.1
close 374264 0.20-1-1.3
close 374396 5.8.8-6.1
close 374487 3.5.0.20030301-1.1
close 374490 1.0.1a-2.1
close 374595 1:0.90.0.1-1
close 374730 0.6-1.1
close 374846 3.2-1.1
close 374909 3.0.9-5.1
close 374935 1.15-6.1
close 374955 1.0.3-1.2
close 375105 9.51-2.1
close 375561 1.5.1-2.1
close 375572 1.1.1-1.1
close 375612 0.3.0+beta4-1.2
close 376197 0.9.0-0.1
close 376402 0.9d-2.2
close 376421 3.0-9.2
close 376422 1.3-4.2
close 376471 1.4.52-1.1
close 376670 1.1-3.2
close 376673 15-0.1
close 376715 0.86.2-6.1
close 376875 1.3-1.1
close 376946 1:2.2-2.1	
close 377080 0.9.0-1.1
close 377089 0.18-0.1
close 377248 382-iso258-1.1
close 377285 2.7.5-2sarge2
close 377445 4.1-18.3
close 377652 3.0-16.1
close 377694 2.8-2.2
close 377813 0.5.0-1.3
close 377895 251-5.1
close 377978 20060704a-2
close 377991 1:1.18-2.3
close 378026 1.81-3.1
close 378049 0.18-2.2
close 378066 0.11.4-2
close 378091 0.4.2-3.0etch1
close 378198 6.4.2-1.1
close 378253 2.5.03.2382-2
close 378296 0.96.9-12.1
close 378393 1.4.4.cvs20060709-2.1
close 378397 1.4.4.cvs20060709-2.2
close 378412 2.34-4.1
close 378447 3.6.13-3.5
close 378498 1.6-8.1
close 378586 0.0.43-0.1
close 379214 4.1.2-1.1
close 379242 0.6.6-6.2
close 379261 1.0.57-2.2
close 379275 0.7.3-1.1
close 379486 1.19-7.2
close 379537 1.02-1.1
close 379566 0.52.2-5.1
close 379584 2.01.10-30.1
close 379744 0.1-1.2
close 379813 1.1.4-3.1
close 379895 1.0.57-2.2
thanks

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/



Information forwarded to debian-bugs-dist@lists.debian.org, Sam Johnston <samj@aos.net.au>:
Bug#376670; Package reseed. Full text and rfc822 format available.

Acknowledgement sent to Lucas Nussbaum <lucas@lucas-nussbaum.net>:
Extra info received and forwarded to list. Copy sent to Sam Johnston <samj@aos.net.au>. Full text and rfc822 format available.

Message #26 received at 376670@bugs.debian.org (full text, mbox):

From: Lucas Nussbaum <lucas@lucas-nussbaum.net>
To: 376670@bugs.debian.org
Cc: control@bugs.debian.org, José Parrella <joseparrella@cantv.net>
Subject: reseed failure when no network reproduced with version 1.1-3.2
Date: Mon, 13 Nov 2006 15:47:38 +0100
found 376670 1.1-3.3
thanks

Hi,

I'm sorry, but I could reproduce the problem described by Laurent with
version 1.1-3.3:

Setting up reseed (1.1-3.3) ...
Re-seeding random number generator from net...no net access
dpkg: error processing reseed (--configure):
 subprocess post-installation script returned error exit status 22

If the reseed execution within postinst fails, it would probably be
better to just output an error message to warn the user, instead of
making the package installation fail.
-- 
| Lucas Nussbaum
| lucas@lucas-nussbaum.net   http://www.lucas-nussbaum.net/ |
| jabber: lucas@nussbaum.fr             GPG: 1024D/023B3F4F |



Bug marked as found in version 1.1-3.3. Request was from Lucas Nussbaum <lucas@lucas-nussbaum.net> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Sam Johnston <samj@aos.net.au>:
Bug#376670; Package reseed. Full text and rfc822 format available.

Acknowledgement sent to joseparrella@cantv.net:
Extra info received and forwarded to list. Copy sent to Sam Johnston <samj@aos.net.au>. Full text and rfc822 format available.

Message #33 received at 376670@bugs.debian.org (full text, mbox):

From: José Parrella <joseparrella@cantv.net>
To: Lucas Nussbaum <lucas@lucas-nussbaum.net>
Cc: 376670@bugs.debian.org
Subject: Re: reseed failure when no network reproduced with version 1.1-3.2
Date: Mon, 13 Nov 2006 12:49:37 -0400
[Message part 1 (text/plain, inline)]
Lucas Nussbaum escribió:
> If the reseed execution within postinst fails, it would probably be
> better to just output an error message to warn the user, instead of
> making the package installation fail.

I agree. In this case, it would be better to use print and make reseed
exit before further proceeding in a manner like:

<snip at line 54 of reseed>
unless ($response->{_rc} eq "200") {
        print("WARNING: There's no net access at the moment, please run
reseed with a proper net connection before using it.\n");
        print("I repeat: I'm not putting any data into the random number
generator $random_device\n");
        exit 0;
}
</snip>

I tend to prefer print() over warn() in this case. However, in this case
it remains a maintainer decision. I'm attaching a diff for reseed, just
in case. Thanks for your attention to details.

Jose

-- 
José M. Parrella -> Debian Sid, k2.6.17.13
Escuela de Ingenieria Electrica
Universidad Central de Venezuela -> ucvlug.info
[patch (text/plain, inline)]
--- reseed	2006-11-13 12:32:33.000000000 -0400
+++ reseed.patch	2006-11-13 12:44:23.000000000 -0400
@@ -51,7 +51,11 @@
 my ($request, $response, @bytes);
 $request = new HTTP::Request("GET", $random_url);
 $response = $ua->request($request);
-die("no net access\n") unless $response->{_rc} eq "200";
+unless ($response->{_rc} eq "200") {
+	print("WARNING: There's no net access at the moment, please run reseed with a proper net connection before using it.\n");
+	print("I repeat: I'm not putting any byte stream into the random number generator $random_device\n");
+	exit 0;
+}	
 
 # generate a byte stream from the numbers
 @bytes = split /\n/, $response->content();

Information forwarded to debian-bugs-dist@lists.debian.org, Sam Johnston <samj@aos.net.au>:
Bug#376670; Package reseed. Full text and rfc822 format available.

Acknowledgement sent to Lucas Nussbaum <lucas@lucas-nussbaum.net>:
Extra info received and forwarded to list. Copy sent to Sam Johnston <samj@aos.net.au>. Full text and rfc822 format available.

Message #38 received at 376670@bugs.debian.org (full text, mbox):

From: Lucas Nussbaum <lucas@lucas-nussbaum.net>
To: 376670@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: reseed failure when no network reproduced with version 1.1-3.2
Date: Mon, 13 Nov 2006 20:33:42 +0100
notfound 376670 1.1-3.3
thanks

After discussion on IRC, it was decided that it is perfectly fine for a
package to fail to configure in an environment where it won't work at
all. This is the case for reseed if no network access is available.

Closing the bug again.
-- 
| Lucas Nussbaum
| lucas@lucas-nussbaum.net   http://www.lucas-nussbaum.net/ |
| jabber: lucas@nussbaum.fr             GPG: 1024D/023B3F4F |



Bug marked as not found in version 1.1-3.3. Request was from Lucas Nussbaum <lucas@lucas-nussbaum.net> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 1.1-3.2, send any further explanations to Laurent Bonnaud <Laurent.Bonnaud@inpg.fr> Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 10:29:50 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 11:25:25 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.