Ubuntu
tomcat9 package

Merge ~ahasenack/ubuntu/+source/tomcat9:focal-tomcat9-logging-fix into ubuntu/+source/tomcat9:ubuntu/focal-devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/tomcat9
  3. focal-tomcat9-logging-fix
  4. Merge into ubuntu/focal-devel
Proposed by Andreas Hasenack
Status: Merged
Merge reported by: Andreas Hasenack
Merged at revision: 2292a624945e40ee9340151052d2ee0c4e860bcb
Proposed branch: ~ahasenack/ubuntu/+source/tomcat9:focal-tomcat9-logging-fix
Merge into: ubuntu/+source/tomcat9:ubuntu/focal-devel
Diff against target: 58 lines (+19/-3)
4 files modified
debian/changelog (+12/-0)
debian/logrotate.template (+2/-1)
debian/tomcat9.postinst (+4/-1)
debian/tomcat9.tmpfile (+1/-1)
Reviewer Review Type Date Requested Status
Robie Basak ubuntu-sru Approve
Canonical Server Reporter Pending
Review via email: mp+427218@code.launchpad.net

Description of the change

Apply the kinetic[1] fix, with a few changes due to the package being slightly different in focal.

a) The d/rsyslog/tomcat9.conf file is not trying to set an owner, so we don't have to remove that
b) The d/tomcat9.tmpfile was still using 02750 instead of 02770 for /var/log/tomcat9 (this was fun to troubleshoot: "what is setting /var/log/tomcat9 back to 02750 when I set it to 02770 in postinst??)
c) The d/logrotate.template file in focal wasn't using "su" yet, that's a bug fixed later in the debian packaging.

Here git range-diff can be used to compare with jammy, if you want, and if you have the jammy branch as well:

git range-diff pkg/ubuntu/focal-devel..focal-tomcat9-logging-fix pkg/ubuntu/jammy-devel..jammy-tomcat9-logging-fix

The linked bug[2] has the SRU template filled out including test cases.

1. https://code.launchpad.net/~ahasenack/ubuntu/+source/tomcat9/+git/tomcat9/+merge/425340
2. https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1964881

To post a comment you must log in.
Revision history for this message
Robie Basak (racb) wrote :

+1, including for SRU accept

review: Approve (ubuntu-sru)
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Focal uploaded

$ dput ubuntu ../tomcat9_9.0.31-1ubuntu0.3_source.changes
[Uploading tomcat9 using ftp to ubuntu (host: upload.ubuntu.com; directory: /ubuntu)
running check-debs: makes sure the upload contains a binary package
running placeholderbug: Stop if using common placeholder numbers as bug reference.
running suite-mismatch: check the target distribution for common errors
running gpg: check GnuPG signatures before the upload
running gitubuntu: Warn if uploading without git-ubuntu Vcs-* entries.
running badauthor: Stop if uploading with root@ or ubuntu@ email adresses.
running updatemaintainer: Stop if ubuntu changes are without ubuntu maintainer.
running supported-distribution: check whether the target distribution is currently supported (using distro-info)
{'allowed': ['release', 'proposed', 'backports', 'security'], 'known': ['release', 'proposed', 'updates', 'backports', 'security']}
running required-fields: check whether a field is present and non-empty in the changes file
running ppaforppaonly: Stop uploads to the archive with or to ppa without ~ppa suffix.
running nobug: Stop if uploading without any bug reference.
running checksum: verify checksums before uploading
running releasemismatch: Warn about mismatching suffixesg e.g. focal with a XX.YY not being 20.04
Uploading tomcat9_9.0.31-1ubuntu0.3.dsc
Uploading tomcat9_9.0.31-1ubuntu0.3.debian.tar.xz
Uploading tomcat9_9.0.31-1ubuntu0.3_source.buildinfo
Uploading tomcat9_9.0.31-1ubuntu0.3_source.changes

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

This was accepted by the SRU team, marking as merged.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index a31a89c..4345032 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,15 @@
6+tomcat9 (9.0.31-1ubuntu0.3) focal; urgency=medium
7+
8+ * Fix logging for unprivileged rsyslogd (LP: #1964881):
9+ - d/logrotate.template: use syslog:adm for log rotation so that
10+ rsyslog can write to the file
11+ - d/tomcat9.postinst: adjust ownership of catalina.out so that
12+ rsyslogd can write to it. Also change the rotated log files for
13+ consistency.
14+ - d/tomcat9.tmpfile: /var/log/tomcat9 should be 02770 now
15+
16+ -- Andreas Hasenack <andreas@canonical.com> Wed, 20 Jul 2022 15:09:00 -0300
17+
18 tomcat9 (9.0.31-1ubuntu0.2) focal-security; urgency=medium
19
20 * SECURITY UPDATE: TLS Denial of Service
21diff --git a/debian/logrotate.template b/debian/logrotate.template
22index 2a2ef1a..3d76318 100644
23--- a/debian/logrotate.template
24+++ b/debian/logrotate.template
25@@ -5,5 +5,6 @@
26 compress
27 delaycompress
28 missingok
29- create 640 tomcat adm
30+ create 640 syslog adm
31+ su syslog adm
32 }
33diff --git a/debian/tomcat9.postinst b/debian/tomcat9.postinst
34index 395f069..790eb0b 100644
35--- a/debian/tomcat9.postinst
36+++ b/debian/tomcat9.postinst
37@@ -64,7 +64,10 @@ case "$1" in
38
39 # Grant read/write access to tomcat to the log and cache directories
40 chown -Rh $TOMCAT_USER:adm /var/log/tomcat9/
41- chmod 2750 /var/log/tomcat9/
42+ chmod 2770 /var/log/tomcat9/
43+ # catalina.out is written to by rsyslogd, which runs as the "syslog" user in Ubuntu
44+ # also include rotated catalina.out files, usually with an extension of [0-9]+[.gz]
45+ chown syslog:adm /var/log/tomcat9/catalina.out* 2>/dev/null || : # file might not exist yet
46 chown -Rh $TOMCAT_USER:$TOMCAT_GROUP /var/cache/tomcat9/
47 chmod 750 /var/cache/tomcat9/
48 ;;
49diff --git a/debian/tomcat9.tmpfile b/debian/tomcat9.tmpfile
50index 61358b1..3063d0d 100644
51--- a/debian/tomcat9.tmpfile
52+++ b/debian/tomcat9.tmpfile
53@@ -3,4 +3,4 @@
54 # See tmpfiles.d(5) for details
55
56 # Type Path Mode UID GID Age Argument
57-d /var/log/tomcat9 2750 tomcat adm -
58+d /var/log/tomcat9 2770 tomcat adm -

Subscribers

People subscribed via source and target branches