XPost: linux.debian.devel.release
From: andrew@bower.uk
--lucUwaAPvSlQCnHn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: wtmpdb@packages.debian.org, tg@debian.org
Control: affects -1 + src:wtmpdb
User: release.debian.org@packages.debian.org
Usertags: pu
+-------------------------+-------------------------------------------+
| Package | Reason |
+-------------------------+-------------------------------------------+
| wtmpdb [1] | Move wtmp.db to /var/log; use logrotate |
| | to rotate and prune boot & login records |
+-------------------------+-------------------------------------------+
[ Reason ]
wtmpdb is a new package in trixie.
The log rotation capability shipped by upstream and initially packaged in
Debian did not prune logs (#1094965) and had only the negative utility of
atomising already compact[1] log files every month. It proved difficult to
devise a scheme in which one could have confidence as being robust enough
for
trixie, therefore rotation was disabled entirely, as the least harmful of
the
known options.
Since the trixie release, collaborators on the BTS have helped to design a
solution in which we can have confidence, based around the trusted logrotate
daemon and with a patch to upstream for handling empty files, which has now
been accepted and released upstream.
This version also moves the wtmp.db database into the proper log location
(#1117719) and incidentally fixes an issue a user found with incorrect
permissions under the previous (since disabled) log rotation scheme
(#1076308).
I propose to release a version into trixie that uses the new upstream with
logrotate, having been encouraged by Thorsten Glasser to do
so.
It would be a good idea to get these changes into a point release before the
default log rotation is triggered on New Year's Day 2026, so that users see
consistent behaviour over the lifetime of this OS version.
[ Impact ]
- #1093965 (important)
Potentially unbounded log growth, violating 10.8. (But unlikely to be
huge -
grows much more slowly[1] than wtmp which was rarely rotated in bookworm
due to default 'minsize 1M' config.)
- #1117719 (important)
Logs in a surprising location, volating 10.8 and 9.11 (FHS compliance) -
see
user complaint about the location of personally-identifying information in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094965#114
But this is arguable as to impact and compliance - databases like this, e.
g.
dhcpd leases, can be found in the state directory.
- #1076308 (important)
If a user enabled the original (since disabled by default) rotation scheme
they would get new and rotated logs created with the wrong ownership and
mode.
This only affected users who changed the default umask or the database's
mode
or ownership.
[ Tests ]
Manual tests conducted:
- Forced log rotation
- Purge to remove logs
- Install from nothing with old wtmp data to be converted
- Upgrade from 0.73.0-3 with data in old location
- Upgrade from 0.73.0-3 with data in new location but no symlink
- Upgrade from 0.73.0-3 with data in both locations [ideal end state
not achieved - as intended: avoid loss of data]
- Upgrade with symlink already in place by prior manual intervention
- Leftover conffile removed
- Custom ownership and permissions retained on rotation
- tmpfiles creation of missing link post-installation
[ Risks ]
The code change is small but there is the possibility of some unanticipated
upgrade path not working optimally, particularly for users who installed
versions from testing/unstable before the trixie release, but caveat emptor
for
non-stable users.
The possible failure modes do not seem serious: there is no reason to expect
that there would be loss of data.
The use of a symlink in addition to patching the source code is to increase
the
resilience of the solution.
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
> * New upstream version.
> - handle reading and writing empty files benignly
> - drop patch applied upstream.
The upstream changelog is as follows:
=== begin upstream changes ===
> Version 0.75.0
> * Use empty memory table instead of failing to read empty file
This change is necessary for the log rotation to work smoothly, because
logrotate can create an empty file with the right permissions and it will be
handled well by wtmpdb. Without this, an atomic copy of a skeleton database
file with the correct permissions would have been fragile to achieve in
scripts (the problems with this were discussed on #1094965).
> * libwtmpdb: enhance/unify error messages
Cosmetic change but helpful to users - an appropriate addition for trixie.
> Version 0.74.0
> * Fix varlink interface name (rebootmgr vs wtmpdb)
String change for component not built in Debian package.
> * import: match login by tty if non-zero pid does not match
This replaces a patch carried in the existing Debian package.
=== end upstream changes ===
I think it is clearer to take the upstream version with the two unnecessary
changes than to carry the two patches in debian that it obviates.
> * Move database to /var/log from /var/lib/wtmpdb, per policies 10.8
> and 9.11 (FHS). (Closes: #1117719)
Patch the library to use /var/log as the default location for the wtmp.db
database.
This is done WITHOUT changing the header file so that libwtmp-dev can be
used
to build binaries faithfully for use outside Debian, to avoid concerns over
ABI
breakage.
A symlink is installed from the old to new log locations by postinst
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
