Debian Bug report logs - #691125
ejabberd: package installation creates /root/.erlang.cookie

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Andreas Beckmann <debian@abeckmann.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: ejabberd: package installation creates /root/.erlang.cookie

Date: Sun, 21 Oct 2012 20:56:46 +0200

[Message part 1 (text/plain, inline)]

Package: ejabberd
Version: 2.1.10-3
Severity: serious
User: debian-qa@lists.debian.org
Usertags: piuparts

Hi,

during a test with piuparts I noticed that your package creates files in
/root. From the attached log (scroll to the bottom):

0m46.7s ERROR: FAIL: Package purging left files on system:
  /root/.erlang.cookie	 not owned

Creating stuff in /root is a FHS and policy violation. (And of course
these files should not be deleted by maintainer scripts.)
But it is also an indication that the package operation may depend on
root's .erlang configuration (and package installation might even fail if
that configuration is broken). That would be a case for "configuration
files not in /etc".


Cheers,

Andreas

[ejabberd_2.1.10-3.log.gz (application/x-gzip, attachment)]

Message #10 received at 691125@bugs.debian.org (full text, mbox, reply):

From: Dominik George <nik@naturalnet.de>

To: 691125@bugs.debian.org

Subject: Not reproducible

Date: Mon, 22 Oct 2012 13:37:09 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I can not reproduce this, neither on i686 nor on amd64, but that shouldn't 
matter anyway.

The .erlang.cookie file never appears on my system, not during build, not 
after install and not after purging.

- -- 
Cheers,
Nik

PGP-Fingerprint: 8BC7 ABAB C2F2 4D5E 24FC
                 FC1C DB0E A4BC E210 7412

Please contact me for a face-to-face meeting
if you wish to exchange signatures with me.

Signature Policy: https://www.dominik-george.de/gpg-policy.txt.asc
Public key:       https://www.dominik-george.de/gpg.asc

X.509 certificate fingerprint for key download:
51:D8:36:36:7E:20:3F:E7:AB:EF:B8:83:25:A6:BB:74:48:03:3D:F0

Please do NOT send HTML mail!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQHOBAEBAgA4BQJQhS/TMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n
cGctcG9saWN5LnR4dC5hc2MACgkQ2w6kvOIQdBJjlwv/aQD2SG6Cx9FEjoK5cWwV
8z55IwzQIZ77UnWWR7BJXjB2Df335q2lI/xJX1sUjAnAfHV7NgRLPX5RaVDhJhq6
EULQnGxc4ZdVDnxYbOa8tswErEM+uzOAScwdtzylBstglRYb1P/gBALoXb41etLU
m+MJtNpXmg+qizq+y4TtCjcuiqOhBTDxSqpktpfllIogu6+UG+AjhDdOd5LeAseq
Dg5e3+HrsBMEBRZCNGwBcqi9PZI+ETd8KZh88sq+XmrZDB65K63rttEe5gBjNSNq
fOqEIJYeVvNjjAjuZhIFmBQ8qg5VC0ITlI6qZFO0fXUyeglZli05M37+yARcYuJ6
IY6uL/HYMEQygUtLYIFd287+VKvdd02BSkwJOQtSmpDJREsj2Uqqy5vk0YXDrjEy
YHGtPn+Q/6OkaniJKkWesTDlvqHB2cybOk1quOc7t0ZnFhwWloKepm1aBsOHUmr0
vp1uwWP+pcZwMX2BJEMUvEYrxun/1rbJyiWyGPfaD4ZP
=XsOe
-----END PGP SIGNATURE-----

Message #15 received at 691125@bugs.debian.org (full text, mbox, reply):

From: Michael Stapelberg <stapelberg@debian.org>

To: Dominik George <nik@naturalnet.de>

Cc: 691125@bugs.debian.org, control@bugs.debian.org

Subject: Re: Not reproducible

Date: Sat, 27 Oct 2012 00:07:52 +0200

tags 691125 + patch
thanks

Hello,

On Mon, 22 Oct 2012 13:37:09 +0200 (CEST)
Dominik George <nik@naturalnet.de> wrote:
> I can not reproduce this, neither on i686 nor on amd64, but that
> shouldn't matter anyway.
> 
> The .erlang.cookie file never appears on my system, not during build,
> not after install and not after purging.
I could reproduce the problem using
piuparts /var/cache/apt/archives/ejabberd*deb. To figure out what
piuparts was doing, I ran every command manually and checked
at which step /root/.erlang.cookie gets created:

$ debootstrap --variant=minbase
--keyring=/usr/share/keyrings/debian-archive-keyring.gpg
--include=eatmydata --components=main sid /tmp/manual
http://ftp.de.debian.org/debian
$ chroot /tmp/manual eatmydata mount -t proc proc /proc
$ chroot /tmp/manual eatmydata apt-get update
$ chroot /tmp/manual eatmydata apt-get clean
$ cp tmpoP0mAP/usr/sbin/policy-rc.d manual/usr/sbin/policy-rc.d
$ cp /var/cache/apt/archives/ejabberd_2.1.10-3_amd64.deb /tmp/manual/tmp
$ chroot /tmp/manual eatmydata dpkg -i /tmp/ejabberd_2.1.10-3_amd64.deb
$ chroot /tmp/manual eatmydata apt-get -yf install
$ ls -hltra /tmp/manual/root
total 20K
-rw-r--r--  1 root root  140 Nov 19  2007 .profile
-rw-r--r--  1 root root  570 Jan 31  2010 .bashrc
drwxr-xr-x 22 root root 4.0K Oct 26 17:33 ..
-rw-------  1 root root 1.0K Oct 26 17:38 .rnd
drwx------  2 root root 4.0K Oct 26 17:38 .

Up til now, everything is fine. But when removing the packages,
the /root/.erlang.cookie gets created:

$ chroot /tmp/manual eatmydata apt-get remove ejabberd
$ ls -hltra manual/root
total 24K
-rw-r--r--  1 root root  140 Nov 19  2007 .profile
-rw-r--r--  1 root root  570 Jan 31  2010 .bashrc
-r--------  1 root root   20 Oct 25 20:00 .erlang.cookie
drwxr-xr-x 22 root root 4.0K Oct 26 17:33 ..
-rw-------  1 root root 1.0K Oct 26 17:38 .rnd
drwx------  2 root root 4.0K Oct 26 17:39 .

Upon closer examination, the .erlang.cookie is created as soon as I run
chroot /tmp/manual ejabberdctl status, which is also executed in the
prerm script of ejabberd.

In /etc/init.d/ejabberd, ejabberdctl is always run as $EJABBERDUSER,
not as root.

Patching the prerm file in the following way fixes the issue:

--- i/debian/prerm
+++ w/debian/prerm
@@ -17,7 +17,7 @@ set -e
 
 case "$1" in
     remove|upgrade)
-       if ejabberdctl status >/dev/null ; then
+       if su ejabberd -c "/usr/sbin/ejabberdctl status" >/dev/null ; then
            # Use timestamp to make database restoring easier
            TIME=$(date +%Y-%m-%dT%H:%M:%S)
            BACKUPDIR=$(mktemp -d -p /var/backups/
            ejabberd-$TIME.XXXXXX)


-- 
Best regards,
Michael

Message #24 received at 691125@bugs.debian.org (full text, mbox, reply):

From: Felix Geyer <fgeyer@debian.org>

To: 691125@bugs.debian.org

Subject: Re: Bug#691125: ejabberd: package installation creates /root/.erlang.cookie

Date: Sun, 13 Jan 2013 16:09:59 +0100

ejabberdctl is also called from /etc/logrotate.d/ejabberd as root.

It should be changed to
>         postrotate
>                 su ejabberd -c "/usr/sbin/ejabberdctl reopen-log" > /dev/null
>         endscript

Felix

Message #33 received at 691125-close@bugs.debian.org (full text, mbox, reply):

From: Konstantin Khomoutov <flatworm@users.sourceforge.net>

To: 691125-close@bugs.debian.org

Subject: Bug#691125: fixed in ejabberd 2.1.10-4

Date: Sun, 17 Mar 2013 11:32:57 +0000

Source: ejabberd
Source-Version: 2.1.10-4

We believe that the bug you reported is fixed in the latest version of
ejabberd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 691125@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Konstantin Khomoutov <flatworm@users.sourceforge.net> (supplier of updated ejabberd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 16 Feb 2013 16:59:21 +0000
Source: ejabberd
Binary: ejabberd
Architecture: source amd64
Version: 2.1.10-4
Distribution: unstable
Urgency: low
Maintainer: Konstantin Khomoutov <flatworm@users.sourceforge.net>
Changed-By: Konstantin Khomoutov <flatworm@users.sourceforge.net>
Description: 
 ejabberd   - distributed, fault-tolerant Jabber/XMPP server written in Erlang
Closes: 660186 691125 698309
Changes: 
 ejabberd (2.1.10-4) unstable; urgency=low
 .
   [ Konstantin Khomoutov ]
   * Do not run ejabberdctl as root in prerm and logrotate scripts
     (closes: #691125, thanks to Michael Stapelberg and Felix Geyer).
   * Add upstream patch fixing receiving JPEG vCard photos via LDAP
     (closes: #660186).
   * Add upstream patch fixing parsing HTTPS requests split into
     multiple packets (closes: #698309).
Checksums-Sha1: 
 7d7c459c9f9e68de9843002093201f1ee8e1c44c 1661 ejabberd_2.1.10-4.dsc
 68bd945f6cd823530dc82f7faa0632484c796a56 80237 ejabberd_2.1.10-4.diff.gz
 6a240f038c16bda0f06c35b0692751784a7a5ca1 1826410 ejabberd_2.1.10-4_amd64.deb
Checksums-Sha256: 
 370c2205296eb4d777eb3e3bfa0923ee3eb89d0dedc7c741263dac894dc351a7 1661 ejabberd_2.1.10-4.dsc
 7065067b0c267027204715fb35f47987b8b3ff417acb8bfb45408adc31593a29 80237 ejabberd_2.1.10-4.diff.gz
 6d0a781658aa7a5971a3fc5c652eb54fc3b2e54cbe9898a911aa9ec32178a86c 1826410 ejabberd_2.1.10-4_amd64.deb
Files: 
 0da6ac9780af2ed62643b2c2b83d20d3 1661 net optional ejabberd_2.1.10-4.dsc
 bad9ebf8e753ea68496af9d20d8d57c9 80237 net optional ejabberd_2.1.10-4.diff.gz
 5824a00cee042d7b6ad1bb79de91b5b3 1826410 net optional ejabberd_2.1.10-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJRRagdAAoJEDH85+fdB5RhZq8IAKzSsBI5YaO+eNiUQQ6JKoU6
0C9zpZ4Ae6pP6mssIju3M4rHxCsAVSLKoZPzrKqBhUJCk1CgvbBaLqCSV3rg938B
00pmk7U3SfEyYjV7Gby8giiVBkrGPUy9MxCotiuJxIXTqupa+VeARQOc2zY8jSvM
GLMlz0JqzbxSFzNf6hN4Hgq8OsN3nCbNla/iKBUB9ydXHB3D6jy9K1eVJjmbrA3n
1dej5eLLagja5QJyEDZ1EAJLsUpuxukXctFTYm4XgV5EY0RWquuE6mSrQrZIpFui
wfQAdM1UH2N4ZKJfHNtHwtoSt46OpEVvpMSAyG6QDYMgvDH0LRN/D3YtlfjhOcM=
=A5Wc
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.