View Issue Details

IDProjectCategoryView StatusLast Update
0000537bareos-core[All Projects] installer / packagespublic2015-11-30 18:45
Reporteravantsysadm@avant.caAssigned Tojoergs 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinuxOSCentOSOS Version6
Product Version15.2.1 
Fixed in Version 
Summary0000537: 15.2-rc1 RPM uses too-new "su" in logrotate file
DescriptionThe version of logrotate that ships with CentOS6 / RHEL6 does not support the "su" keyword in /etc/logrotate.d/bareos-dir.
Steps To ReproduceInstall 15.2-rc1 on RHEL/CentOS/etc older than v7.x.
TagsNo tags attached.
bareos-master: impactyes
bareos-master: actionwill care
bareos-19.2: impact
bareos-19.2: action
bareos-18.2: impact
bareos-18.2: action
bareos-17.2: impact
bareos-17.2: action
bareos-16.2: impact
bareos-16.2: action
bareos-15.2: impactyes
bareos-15.2: actionwill care
bareos-14.2: impact
bareos-14.2: action
bareos-13.2: impact
bareos-13.2: actionnone
bareos-12.4: impact
bareos-12.4: actionnone

Relationships

related to 0000417 closed bareos logrotate errors 
child of 0000474 closed Release bareos-14.2.6 

Activities

stephand

stephand

2015-10-16 16:37

developer   ~0001877

As we have added the su option to fix 0000417, the pitfall was that I've checked that it works on SLES11 which has logrotate-3.7.x packages.

Now looked at SLES* logrotate source rpms, they backport the su option in their packages. As of https://fedorahosted.org/logrotate/browser/tags/r3-9-1/CHANGES the upstream project added it with the 3.8.0 version.

Seeing that, the logrotate version is a useless criterion.

Looking at how other projects handle this, found out that the spacewalk project has the su line in git commented out like this:
#LOGROTATE-3.8# su root apache
(see https://github.com/spacewalkproject/spacewalk/blob/0e5a18207c74cc83b2dd65bd1242a4b082549774/backend/logrotate/spacewalk-backend-app)

and in the spec-file they are using this:
%if 0%{?fedora} || 0%{?rhel} > 6
sed -i 's/#LOGROTATE-3.8#//' $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/spacewalk-backend-*
%endif
(see https://github.com/spacewalkproject/spacewalk/blob/master/backend/spacewalk-backend.spec)

From all the dists that 15.2 packages are built for, only the following do not have the su option in logrotate:
- CentOS_5
- CentOS_6
- RHEL_5
- RHEL_6
- xUbuntu_12.04
avantsysadm@avant.ca

avantsysadm@avant.ca

2015-10-16 17:49

reporter   ~0001878

Commenting it out seems to be an acceptable solution.
stephand

stephand

2015-10-16 18:03

developer   ~0001879

Last edited: 2015-10-16 18:11

View 2 revisions

Yes, although I'd rather consider it a workaround to comment out or remove the su line from the /etc/logrotate.d/bareos-dir file. As it's marked as config file in the RPMs, it won't be overwritten by package updates.

However, when the su line is present, but logrotate does not support it, then logrotate outputs an error, but as it's then ignored, the rotations works anyway:

# /usr/sbin/logrotate -d /etc/logrotate.conf
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file bareos-dir
reading config info for /var/log/bareos/bareos*.log
error: bareos-dir:14 unknown option 'su' -- ignoring line
error: bareos-dir:14 unexpected text
...
rotating pattern: /var/log/bareos/bareos*.log monthly (6 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/bareos/bareos.log
  log needs rotating
rotating log /var/log/bareos/bareos.log, log->rotateCount is 6
dateext suffix '-20151016'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
fscreate context set to system_u:object_r:var_log_t:s0
renaming /var/log/bareos/bareos.log to /var/log/bareos/bareos.log-20151016
creating new /var/log/bareos/bareos.log mode = 0640 uid = 497 gid = 498
removing old log /var/log/bareos/bareos.log-20150227

With 0000417 the situaiton was worse, because on logrotate version which have the su option, it did not rotate at all without the proper su line.

But as this generates cron error mail every time, the best workaround for the time beeing is commenting out or remove the su.

stephand

stephand

2015-10-16 18:46

developer   ~0001880

As we also need a fix for deb packaging, may be build time check is the best choice, checking if logrotate support the su option with something like this:

touch /tmp/dummy.log
echo -e "/tmp/dummy.log {\n su root root\n}" > /tmp/logrotate-check-su
if logrotate -d /tmp/logrotate-check-su 2>&1 | grep -q "unknown option 'su'"; then
        echo "logrotate does not support su option"
else
        echo "logrotate supports su option"
fi
rm -f /tmp/dummy.log /tmp/logrotate-check-su
avantsysadm@avant.ca

avantsysadm@avant.ca

2015-10-19 16:21

reporter   ~0001884

...other than the fact that the filenames should be generated with mktemp(1) and not predictable, this should work.
mvwieringen

mvwieringen

2015-10-23 18:45

developer   ~0001889

Fix committed to bareos bareos-15.2 branch with changesetid 5711.
mvwieringen

mvwieringen

2015-11-17 12:01

developer   ~0001974

Fix committed to bareos bareos-14.2 branch with changesetid 5806.

Related Changesets

bareos: bareos-15.2 223144cf

2015-10-19 17:13:04

joergs


Committer: mvwieringen

Ported: N/A

Details Diff
logrotate: use "su" keyword only if available

Newer version of logrotate (>= 3.7 or 3.8, depending on the distribution)
the "su" directive is required.
Unfortunally, older version do not know about this keyword.
With this patch configure detects, if "su" is a valid keyword in a
logrotate configuration file.

Fixes 0000537: usage of too-new "su" in logrotate file
Affected Issues
0000537
mod - autoconf/configure.in Diff File
mod - scripts/logrotate.in Diff File

bareos: bareos-14.2 94d253e6

2015-10-19 17:13:04

joergs


Committer: mvwieringen

Ported: N/A

Details Diff
logrotate: use "su" keyword only if available

Newer version of logrotate (>= 3.7 or 3.8, depending on the distribution)
the "su" directive is required.
Unfortunally, older version do not know about this keyword.
With this patch configure detects, if "su" is a valid keyword in a
logrotate configuration file.

Fixes 0000537: usage of too-new "su" in logrotate file
Affected Issues
0000537
mod - autoconf/configure.in Diff File
mod - scripts/logrotate.in Diff File

Issue History

Date Modified Username Field Change
2015-10-13 17:39 avantsysadm@avant.ca New Issue
2015-10-16 11:56 stephand Relationship added related to 0000417
2015-10-16 15:43 stephand Assigned To => stephand
2015-10-16 15:43 stephand Status new => assigned
2015-10-16 16:37 stephand Note Added: 0001877
2015-10-16 17:49 avantsysadm@avant.ca Note Added: 0001878
2015-10-16 18:03 stephand Note Added: 0001879
2015-10-16 18:11 stephand Note Edited: 0001879 View Revisions
2015-10-16 18:46 stephand Note Added: 0001880
2015-10-16 18:46 stephand Assigned To stephand => joergs
2015-10-19 15:19 joergs bareos-master: impact => yes
2015-10-19 15:19 joergs bareos-master: action => will care
2015-10-19 15:19 joergs bareos-15.2: impact => yes
2015-10-19 15:19 joergs bareos-15.2: action => will care
2015-10-19 15:19 joergs bareos-13.2: action => none
2015-10-19 15:19 joergs bareos-12.4: action => none
2015-10-19 15:19 joergs Severity major => minor
2015-10-19 15:19 joergs Product Version => 15.2.1
2015-10-19 16:21 avantsysadm@avant.ca Note Added: 0001884
2015-10-23 18:45 mvwieringen Changeset attached => bareos bareos-15.2 223144cf
2015-10-23 18:45 mvwieringen Note Added: 0001889
2015-10-23 18:45 mvwieringen Status assigned => resolved
2015-10-23 18:45 mvwieringen Resolution open => fixed
2015-11-17 12:01 mvwieringen Changeset attached => bareos bareos-14.2 94d253e6
2015-11-17 12:01 mvwieringen Note Added: 0001974
2015-11-30 18:45 joergs Relationship added child of 0000474