Ubuntu
frr package

Merge ~ahasenack/ubuntu/+source/frr:jammy-frr-logging into ubuntu/+source/frr:ubuntu/jammy-devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/frr
  3. jammy-frr-logging
  4. Merge into ubuntu/jammy-devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: b8261bc2e94f74190c136e20965bddad6b46e726
Proposed branch: ~ahasenack/ubuntu/+source/frr:jammy-frr-logging
Merge into: ubuntu/+source/frr:ubuntu/jammy-devel
Diff against target: 72 lines (+33/-2)
3 files modified
debian/changelog (+8/-0)
debian/frr.logrotate (+1/-1)
debian/frr.postinst (+24/-1)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Bryce Harrington (community) Approve
Canonical Server Reporter Pending
Review via email: mp+427172@code.launchpad.net

Description of the change

SRU of the kinetic fix[1]

The linked bug[2] has the SRU template filled out and contains a test case.

1. https://code.launchpad.net/~ahasenack/ubuntu/+source/frr/+git/frr/+merge/424952
2. https://bugs.launchpad.net/bugs/1958162

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

Confirmed this is the same exact changes as landed for kinetic (https://code.launchpad.net/~ahasenack/ubuntu/+source/frr/+git/frr/+merge/424952).

I checked if the egrep->grep -E change might be worth including, but I gather the deprecation warning is new and doesn't appear to affect jammy or earlier.

The SRU text looks very thorough and specific. I especially like the thought you give to Where Problems May Occur. Regarding the concern about breaking users who fixed logging in some bespoke fashion, I'd suggest such a type of user would also both have the skills to re/un-fix, and the awareness that their system is non-standard and thus liable to require further attention during upgrade.

Anyway, all looks great, no suggested changes. +1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: ahasenack, bryce
Uploaders: ahasenack, bryce
MP auto-approved

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, uploaded

Uploading frr_8.1-1ubuntu1.1.dsc
Uploading frr_8.1-1ubuntu1.1.debian.tar.xz
Uploading frr_8.1-1ubuntu1.1_source.buildinfo
Uploading frr_8.1-1ubuntu1.1_source.changes

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 27f82a0..a9817b1 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+frr (8.1-1ubuntu1.1) jammy; urgency=medium
7+
8+ * Fix logging with Ubuntu's unprivileged rsyslog (LP: #1958162):
9+ - d/frr.postinst: change log files ownership
10+ - d/frr.logrotate: change rotated log file ownership
11+
12+ -- Andreas Hasenack <andreas@canonical.com> Tue, 19 Jul 2022 17:36:23 -0300
13+
14 frr (8.1-1ubuntu1) jammy; urgency=medium
15
16 * SECURITY UPDATE: overflow via input packet length
17diff --git a/debian/frr.logrotate b/debian/frr.logrotate
18index a56a908..f49da46 100644
19--- a/debian/frr.logrotate
20+++ b/debian/frr.logrotate
21@@ -4,7 +4,7 @@
22 missingok
23 compress
24 rotate 14
25- create 640 frr frrvty
26+ create 640 syslog adm
27
28 postrotate
29 pid=$(lsof -t -a -c /syslog/ /var/log/frr/* 2>/dev/null)
30diff --git a/debian/frr.postinst b/debian/frr.postinst
31index 505ff8e..382edcb 100644
32--- a/debian/frr.postinst
33+++ b/debian/frr.postinst
34@@ -32,7 +32,6 @@ quaggagid=`id -g quagga 2>/dev/null || echo 0`
35
36 find \
37 /etc/frr \
38- /var/log/frr \
39 \( -uid 0 -o -uid $quaggauid \) -a \
40 \( -gid 0 -o -gid $quaggauid \) | \
41 while read filename; do
42@@ -48,6 +47,30 @@ find \
43 fi
44 done
45
46+# fix logging for Ubuntu, which does not run rsyslog as root (LP: #1958162),
47+# and upgrades from quagga (what the block above used to do also for /var/log)
48+
49+# frr user was created above, this really shouldn't fail
50+frruid=`getent passwd frr | cut -d : -f 3`
51+frrgid=`getent group frr | cut -d : -f 3`
52+
53+find \
54+ /var/log/frr \
55+ \( -uid 0 -o -uid $quaggauid -o -uid $frruid \) -a \
56+ \( -gid 0 -o -gid $quaggauid -o -gid $frrgid \) | \
57+ while read filename; do
58+
59+ # don't chown anything that has ACLs (but don't fail if we don't
60+ # have getfacl)
61+ if { getfacl -c "$filename" 2>/dev/null || true; } \
62+ | egrep -q -v '^((user|group|other)::|$)'; then
63+ :
64+ else
65+ chown syslog:adm "$filename"
66+ chmod o-rwx "$filename"
67+ fi
68+done
69+
70 # fix misconfigured vtysh.conf & frr.conf ownership caused by config save
71 # mishandling in earlier FRR (and Quagga) versions
72 find /etc/frr -maxdepth 1 \( -name vtysh.conf -o -name frr.conf \) \

Subscribers

People subscribed via source and target branches