The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:

Bug #17866

Puppet RPM's break themselves

Added by Ryan Uber over 3 years ago. Updated about 3 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Matthaus Owens% Done:

0%

Category:package
Target version:3.1.0
Affected Puppet version: Branch:https://github.com/puppetlabs/puppet/pull/1385
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com


Description

Puppet breaks its own RPM verify by changing pre-installed permissions on /var/log/puppet from 755 to 750. Issue only appears in puppet >= 3.0 RPM’s.

Steps to reproduce:

1) Install puppet from Puppet Labs RPM: rpm -ivh http://yum.puppetlabs.com/el/6/products/x86_64/puppet-3.0.1-1.el6.noarch.rpm

2) Verify the install (works fine this time): rpm -V puppet

3) Run something that writes a log: puppet apply —noop -e ‘include my_module’

4) Verify RPM again: rpm -V puppet .M……. /var/log/puppet

puppet-spec-logdir-perms-0750.patch Magnifier (981 Bytes) Ryan Uber, 12/01/2012 12:34 pm

defattr-overrides-inline-addr.patch Magnifier (1.62 KB) Ryan Uber, 01/09/2013 07:00 pm

History

#1 Updated by eric sorenson over 3 years ago

  • Status changed from Unreviewed to Investigating
  • Assignee set to Matthaus Owens

RPM Packaging Issue? haus?

#2 Updated by Ryan Uber over 3 years ago

Might not necessarily be a packaging issue, but moreover with the logic around changing permissions on the log directory. See related: http://projects.puppetlabs.com/issues/17876

#3 Updated by Ryan Uber over 3 years ago

Turns out that this is a regression from RedHat bugzilla #495096, as noted in the .spec file comment near the logdir install.

Find attached a patch that sets permissions on /var/log/puppet to 0750.

#4 Updated by Matthaus Owens over 3 years ago

Ah, yea it’s an inconsistency between the install permissions (which are correct at 750) and the %files perms, which have a def of 755 in the spec.

Ryan, can you sign the CLA https://projects.puppetlabs.com/contributor_licenses/sign so that I can merge your fix?

#5 Updated by Matthaus Owens over 3 years ago

  • Status changed from Investigating to In Topic Branch Pending Review

#6 Updated by Ryan Uber over 3 years ago

Thanks Matthaus, signed it.

#7 Updated by Matthaus Owens over 3 years ago

  • Status changed from In Topic Branch Pending Review to Merged - Pending Release
  • Target version set to 3.1.0

#8 Updated by Matthaus Owens over 3 years ago

  • Status changed from Merged - Pending Release to Closed

Released in Puppet 3.1.0-rc1

#9 Updated by Ryan Uber over 3 years ago

  • Status changed from Closed to Re-opened
  • Affected Puppet version changed from 3.0.0 to 3.1.0-rc1
  • Branch changed from https://github.com/puppetlabs/puppet/pull/1308 to https://github.com/puppetlabs/puppet/pull/1385

Unfortunately, if built on RHEL6, this issue persists due to a bug in the newer version (4.8) of rpmbuild. The issue is described in more detail in RH #681540, but what it boils down to is a fix from another rpmbuild bug is causing the %defattr tag to override the in-line %attr tags (should be the other way around).

If you build puppet on EL5 (rpmbuild v4.4), you will not see this issue. If you build puppet on EL6 (rpmbuild v4.8), this bug surfaces.

To work around it I’ve added a new pull request at: https://github.com/puppetlabs/puppet/pull/1385

The work-around simply uses multiple %defattr statements rather than in-line %attr statements for the /var/{lib,run,log}/puppet directories. This should be forward-compatible so we shouldn’t need to revisit this once RHEL gets a newer version (4.9+) of rpmbuild, where the issue should be resolved.

#11 Updated by Ryan Uber over 3 years ago

Another related RH Bugzilla: 730473 This one indicates that the fix should be available in RHEL 6.4+.

#12 Updated by Anonymous over 3 years ago

  • Status changed from Re-opened to Merged - Pending Release

Merged into master as ea8901e.

This should be released in 3.1.0.

Thanks again for the contribution!

-Jeff

#13 Updated by Matthaus Owens about 3 years ago

  • Status changed from Merged - Pending Release to Closed
  • Affected Puppet version deleted (3.1.0-rc1)

Released in Puppet 3.1.0

Also available in: Atom PDF