[DRE-maint] Bug#999618: redmine.postinst runs bundle install as root user, this kills running it as any other user
Alban Browaeys
prahal at yahoo.com
Sat Nov 13 18:38:55 GMT 2021
Package: redmine
Version: 4.0.7-1
Severity: normal
At the redmine.postinst beginning there is:
if ! bundle --local --quiet; then
which currently equals to:
if ! bundle install --local --quiet; then
This after changing directory to /usr/share/redmine.
apt runs this command as root, thus when I run "bundle install" from
/usr/share/redmine as any other user than root with a redmine plugin (redmine_git_hosting
and its dependencies additionnals and redmine_bootstrap_kit which calls to git versions of gems)
I get the following error:
"
$ bundle install
Your Gemfile lists the gem rubocop (>= 0) more than once.
You should probably keep only one of them.
Remove any duplicate entries and specify the gem only once.
While it's not a problem now, it could cause errors if you change the version of one of them later.
Your Gemfile lists the gem brakeman (>= 0) more than once.
You should probably keep only one of them.
Remove any duplicate entries and specify the gem only once.
While it's not a problem now, it could cause errors if you change the version of one of them later.
Following files may not be writable, so sudo is needed:
/usr/local/bin
/var/lib/gems/2.7.0
/var/lib/gems/2.7.0/bin
/var/lib/gems/2.7.0/build_info
/var/lib/gems/2.7.0/bundler
/var/lib/gems/2.7.0/cache
/var/lib/gems/2.7.0/doc
/var/lib/gems/2.7.0/extensions
/var/lib/gems/2.7.0/gems
/var/lib/gems/2.7.0/plugins
/var/lib/gems/2.7.0/specifications
Fetching https://github.com/jbox-web/gitolite-rugged.git
error: cannot open .git/FETCH_HEAD: Permission denied
Retrying `git fetch --force --quiet --tags /opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454` at /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 due to error (2/4): Bundler::Source::Git::GitCommandError Git error: command `git fetch --force --quiet --tags /opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454` in directory /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 has failed.
If this error persists you could try removing the cache directory '/var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06'
Retrying `git fetch --force --quiet --tags /opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454` at /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 due to error (3/4): Bundler::Source::Git::GitCommandError Git error: command `git fetch --force --quiet --tags /opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454` in directory /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 has failed.
If this error persists you could try removing the cache directory '/var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06'
Retrying `git fetch --force --quiet --tags /opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454` at /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 due to error (4/4): Bundler::Source::Git::GitCommandError Git error: command `git fetch --force --quiet --tags /opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454` in directory /var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 has failed.
If this error persists you could try removing the cache directory '/var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06'
Git error: command `git fetch --force --quiet --tags /opt/redmine/.bundle/cache/git/gitolite-rugged-f96eae3bf467935eea22ec876625e07825442454` in directory
/var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06 has failed.
If this error persists you could try removing the cache directory '/var/lib/gems/2.7.0/bundler/gems/gitolite-rugged-551741d1df06'
"
indeed /var/lib/gems/2.7.0/bundler/gems/ gems are owned by root as they where copied to bundler system folder by redmine.postinst "bundle install --local" call.
May you call "bundle install --local" with sudo as www-data as the "bundle exec rake" or as any other user as wishlist bug report
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606982 does.
Best regards
Alban
-- System Information:
Debian Release: 11.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (90, 'unstable'), (1, 'experimental')
Architecture: armhf (armv7l)
Kernel: Linux 5.10.0-9-armmp (SMP w/4 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages redmine depends on:
ii dbconfig-common 2.0.19
ii debconf [debconf-2.0] 1.5.77
ii libjs-chart.js 2.9.4+dfsg+~cs2.10.1-3
ii libjs-jquery 3.5.1+dfsg+~3.5.5-7
ii libjs-jquery-ui 1.12.1+dfsg-8
ii libjs-raphael 2.3.0-3
ii libruby2.7 [ruby-csv] 2.7.4-1
ii redmine-pgsql 4.0.7-1
ii ruby 1:2.7+2
ii ruby-actionpack-action-caching 1.2.1-1
ii ruby-actionpack-xml-parser 2.0.1-4
ii ruby-bundler 2.2.5-2
ii ruby-coderay 1.1.3-4
ii ruby-csv 3.1.9-1
ii ruby-i18n 1.8.8-1
ii ruby-jquery-rails 4.3.5-2
ii ruby-mail 2.7.1+dfsg1-1.1
ii ruby-mime-types 3.3.1-1
ii ruby-mimemagic 0.3.5+dfsg-1
ii ruby-mini-mime 1.0.2-1
ii ruby-net-ldap 0.16.1-1
ii ruby-nokogiri 1.11.1+dfsg-2
ii ruby-rack 2.1.4-3
ii ruby-rack-test 0.7.0-1.1
ii ruby-rails 2:6.0.3.7+dfsg-2
ii ruby-rails-dom-testing 2.0.3-3
ii ruby-rails-observers 0.1.5-1.1
ii ruby-rbpdf 1.20.1-1
ii ruby-redcarpet 3.5.1-1
ii ruby-request-store 1.5.0-2
ii ruby-rmagick 2.16.0-7
ii ruby-roadie 4.0.0-1
ii ruby-roadie-rails 2.1.1-2
ii ruby-rouge 3.21.0-1
Versions of packages redmine recommends:
pn passenger <none>
Versions of packages redmine suggests:
ii brz [bzr] 3.1.0-8
ii bzr 2.7.0+bzr6622+brz
pn cvs <none>
pn darcs <none>
ii git 1:2.30.2-1
pn mercurial <none>
pn ruby-fcgi <none>
ii subversion 1.14.1-3
-- Configuration Files:
/etc/default/redmine changed:
REDMINE_INSTANCES_OWNERSHIP=redmine:www-data
REDMINE_INSTANCES_FOLLOW_FHS=yes
REDMINE_INSTANCES_ROOT=/var/lib/redmine
-- debconf information:
* redmine/instances/default/database-type: pgsql
redmine/instances/default/internal/skip-preseed: true
* redmine/instances/default/remote/host: localhost
redmine/instances/default/pgsql/admin-user: debian-sys-maint
redmine/instances/default/dbconfig-upgrade: true
redmine/instances/default/db/basepath:
redmine/missing-redmine-package:
redmine/default-language: en
redmine/instances/default/missing-db-package-error: abort
redmine/instances/default/mysql/method: Unix socket
redmine/instances/default/db/app-user: redmine_default at localhost
redmine/instances/default/dbconfig-remove:
redmine/instances/default/remote/port: 3306
redmine/instances/default/pgsql/changeconf: false
redmine/instances/default/internal/reconfiguring: false
redmine/instances/default/remove-error: abort
redmine/instances/default/pgsql/authmethod-admin: ident
redmine/instances/default/upgrade-backup: true
redmine/instances/default/pgsql/method: TCP/IP
redmine/notify-migration:
redmine/instances/default/pgsql/authmethod-user: password
redmine/instances/default/default-language: en
redmine/instances/default/db/dbname: redmine_default
redmine/old-instances:
redmine/current-instances: default
* redmine/instances/default/mysql/admin-user: debian-sys-maint
redmine/instances/default/pgsql/manualconf:
redmine/instances/default/passwords-do-not-match:
* redmine/instances/default/dbconfig-install: true
redmine/instances/default/upgrade-error: abort
redmine/instances/default/dbconfig-reinstall: false
redmine/instances/default/pgsql/no-empty-passwords:
redmine/instances/default/install-error: abort
redmine/instances/default/purge: false
redmine/instances/default/remote/newhost: localhost
More information about the Pkg-ruby-extras-maintainers
mailing list