Debian Bug report logs -
#858521
diaspora-common: does 'rm -rf /' on purge
Reported by: Andreas Beckmann <anbe@debian.org>
Date: Thu, 23 Mar 2017 01:21:02 UTC
Severity: critical
Found in version diaspora-installer/0.6.3.0+debian3
Fixed in version diaspora-installer/0.6.3.0+debian4
Done: Pirate Praveen <praveen@onenetbeyond.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#858521; Package diaspora-common.
(Thu, 23 Mar 2017 01:21:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Andreas Beckmann <anbe@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>.
(Thu, 23 Mar 2017 01:21:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: diaspora-common
Version: 0.6.3.0+debian3
Severity: critical
Justification: breaks the whole system
User: debian-qa@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package makes havoc in the
chroot.
>From the attached log (scroll to the bottom...):
1m47.3s DEBUG: Starting command: ['chroot', '/tmp/piupartss/tmpOwZDY2', 'dpkg', '--purge', 'diaspora-common']
1m48.1s DUMP:
(Reading database ... 4707 files and directories currently installed.)
Purging configuration files for diaspora-common (0.6.3.0+debian3) ...
/var/lib/dpkg/info/diaspora-common.postrm: 63: /var/lib/dpkg/info/diaspora-common.postrm: rm: not found
dpkg: error processing package diaspora-common (--purge):
subprocess installed post-removal script returned error exit status 127
Errors were encountered while processing:
diaspora-common
1m48.1s DEBUG: Command failed (status=1), but ignoring error: ['chroot', '/tmp/piupartss/tmpOwZDY2', 'dpkg', '--purge', 'diaspora-common']
1m48.1s INFO: Running scripts post_purge
1m48.1s DEBUG: Starting command: ['chroot', '/tmp/piupartss/tmpOwZDY2', 'tmp/scripts/post_purge_exceptions']
1m48.1s DUMP:
chroot: failed to run command 'tmp/scripts/post_purge_exceptions': No such file or directory
1m48.1s ERROR: Command failed (status=127): ['chroot', '/tmp/piupartss/tmpOwZDY2', 'tmp/scripts/post_purge_exceptions']
This very much looks like an 'rm -rf /' in the chroot ... rm is gone, sh is gone, ...
cheers,
Andreas
[diaspora-common_0.6.3.0+debian3.log.gz (application/gzip, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>:
Bug#858521; Package diaspora-common.
(Thu, 23 Mar 2017 07:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Andreas Henriksson <andreas@fatal.se>:
Extra info received and forwarded to list. Copy sent to Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>.
(Thu, 23 Mar 2017 07:57:05 GMT) (full text, mbox, link).
Message #10 received at 858521@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hello!
On Thu, Mar 23, 2017 at 02:17:28AM +0100, Andreas Beckmann wrote:
> Package: diaspora-common
> Version: 0.6.3.0+debian3
> Severity: critical
> Justification: breaks the whole system
> User: debian-qa@lists.debian.org
> Usertags: piuparts
>
> Hi,
>
> during a test with piuparts I noticed your package makes havoc in the
> chroot.
[...]
> This very much looks like an 'rm -rf /' in the chroot ... rm is gone, sh is gone, ...
Looks like it does 'rm -rf /bin' to me.
Here's a completely untested patch which should hopefully prevent
disaster. Testing help welcome.
The package is still very likely RC buggy though. This patch just tries
to avoid the disaster of hosing the system.
(Consider for example the case where you already have a user named
"diaspora", making the install fail and then disaster again strikes
when you try to remove/purge your way out of the failed install removing
the user and all its data. Just one example out of many. Nowhere does it
seem to account for conffiles having been removed by the admin as another
example. These maintainer scripts are just waaaaaay to buggy/unreliable.)
HTH
Regards,
Andreas Henriksson
[diaspora-common-disaster.patch (text/x-diff, attachment)]
Reply sent
to Pirate Praveen <praveen@onenetbeyond.org>:
You have taken responsibility.
(Thu, 23 Mar 2017 14:39:06 GMT) (full text, mbox, link).
Notification sent
to Andreas Beckmann <anbe@debian.org>:
Bug acknowledged by developer.
(Thu, 23 Mar 2017 14:39:06 GMT) (full text, mbox, link).
Message #15 received at 858521-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
fixed -1 diaspora-installer/0.6.3.0+debian4
[signature.asc (application/pgp-signature, attachment)]
Marked as fixed in versions diaspora-installer/0.6.3.0+debian4.
Request was from Pirate Praveen <praveen@onenetbeyond.org>
to control@bugs.debian.org.
(Thu, 23 Mar 2017 14:45:04 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 21 Apr 2017 07:26:07 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Jan 12 15:47:22 2024;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.