[ubuntu/trusty-proposed] pollen 3.10-0ubuntu1 (Accepted)

Dustin Kirkland kirkland at ubuntu.com
Thu Jan 16 17:41:14 UTC 2014


pollen (3.10-0ubuntu1) trusty; urgency=low

  * debian/pollinate.cron.d, debian/pollinate.postinst, pollinate:
    - have each client choose a random time of day to reseed,
      at first run, rather than at package installation time
    - this requires a very clever hack(!)
    - install a "template" at /etc/cron.d/pollinate, with __MINUTE__
      and __HOUR__ symbols that should be replaced by the client,
      at first run
    - cron requires that /etc/cron.d/pollinate be owned by root
    - ideally we'd run the pollinate script as a non-root user (ie, daemon),
      by specifying the daemon user in upstart and in the cronjob
    - but daemon can't write to /etc/cron.d/pollinate, if it's owned by root
    - so here's the hack...
      + the upstart job installed by the package has "setuid root"
      + on its first run (which will be either at package install time, or
        at boot), it will run as root and: a) update the cronjob to a random
        time, and b) update the upstart job to run as daemon
      + woot
      + this works because both are conffiles
  * debian/pollen.postinst, debian/pollinate.postinst,
    debian/pollinate.postrm, pollinate:
    - use /var/cache/pollinate, rather than /var/lib/pollinate
    - this should make it more obvious that this data can be cleared out,
      and should be cleared out, on re-bundles or snapshots and reimages
  * debian/control, Makefile:
    - switch from golang-go to gcc-go, so that we can get this source
      package into Ubuntu main
  * pollinate, pollinate.1:
    - separate the pool and the server variables
  * debian/control:
    - no need to depend on bsdutils, it's essential
    - pollen depends on adduser
  * usr.bin.pollen:
    - update apparmor profile to allow reading of /usr/bin/pollen
      - oddly, this was introduced when switching compilers
  * debian/copyright:
    - lintian/dep5 cleanup

Date: Thu, 16 Jan 2014 08:01:31 -0600
Changed-By: Dustin Kirkland <kirkland at ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/pollen/3.10-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 16 Jan 2014 08:01:31 -0600
Source: pollen
Binary: pollen pollinate
Architecture: source
Version: 3.10-0ubuntu1
Distribution: trusty
Urgency: low
Maintainer: Dustin Kirkland <kirkland at ubuntu.com>
Changed-By: Dustin Kirkland <kirkland at ubuntu.com>
Description: 
 pollen     - Entropy-as-a-Service web server
 pollinate  - Entropy-as-a-Service client
Changes: 
 pollen (3.10-0ubuntu1) trusty; urgency=low
 .
   * debian/pollinate.cron.d, debian/pollinate.postinst, pollinate:
     - have each client choose a random time of day to reseed,
       at first run, rather than at package installation time
     - this requires a very clever hack(!)
     - install a "template" at /etc/cron.d/pollinate, with __MINUTE__
       and __HOUR__ symbols that should be replaced by the client,
       at first run
     - cron requires that /etc/cron.d/pollinate be owned by root
     - ideally we'd run the pollinate script as a non-root user (ie, daemon),
       by specifying the daemon user in upstart and in the cronjob
     - but daemon can't write to /etc/cron.d/pollinate, if it's owned by root
     - so here's the hack...
       + the upstart job installed by the package has "setuid root"
       + on its first run (which will be either at package install time, or
         at boot), it will run as root and: a) update the cronjob to a random
         time, and b) update the upstart job to run as daemon
       + woot
       + this works because both are conffiles
   * debian/pollen.postinst, debian/pollinate.postinst,
     debian/pollinate.postrm, pollinate:
     - use /var/cache/pollinate, rather than /var/lib/pollinate
     - this should make it more obvious that this data can be cleared out,
       and should be cleared out, on re-bundles or snapshots and reimages
   * debian/control, Makefile:
     - switch from golang-go to gcc-go, so that we can get this source
       package into Ubuntu main
   * pollinate, pollinate.1:
     - separate the pool and the server variables
   * debian/control:
     - no need to depend on bsdutils, it's essential
     - pollen depends on adduser
   * usr.bin.pollen:
     - update apparmor profile to allow reading of /usr/bin/pollen
       - oddly, this was introduced when switching compilers
   * debian/copyright:
     - lintian/dep5 cleanup
Checksums-Sha1: 
 e520f594cd7aff5c3b852a8fc15357a4842fe66b 1837 pollen_3.10-0ubuntu1.dsc
 e742a6c84a4de022082a0aa9f7510a2753f7041e 126457 pollen_3.10.orig.tar.gz
 19f1f8dd71a5a7e5232059ed8dfd30f2e1030c9e 10639 pollen_3.10-0ubuntu1.debian.tar.gz
Checksums-Sha256: 
 c3e09997fff91022577d42edf185fd3fb03b973b144795e7f2461ced221a74d7 1837 pollen_3.10-0ubuntu1.dsc
 c435e76a2964f422352d107f09a85e1f2c2c2b60ab8a6ffe932fbad29c9b4b80 126457 pollen_3.10.orig.tar.gz
 c4684aed8425963e09cd8a623aee79f6e6157af55cb93b3a091a5745ab4f9046 10639 pollen_3.10-0ubuntu1.debian.tar.gz
Files: 
 e59ee6b282b144a46af2006c1d2d7ea7 1837 admin optional pollen_3.10-0ubuntu1.dsc
 47ec25673ab8a407a705f999af95db1d 126457 admin optional pollen_3.10.orig.tar.gz
 8b382f79ad934ffcdbd173c8080eabc6 10639 admin optional pollen_3.10-0ubuntu1.debian.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJS2Bk5AAoJEJXmQ3PxUpRpFeUQAJ6wdnQybjhDls3uUgvmVAdX
+aqQGJFTnHTVahG2WMPQlSPmPfmbmPFga/r+gtFxuvuis4EBrwSTUkGsz9ZE/NdP
yJU97qBWeHB2WP48EgkqM3AmPRJUJ64QA4eqzaw3T1Hl/N0MnjKpHJR2VEvoI/HT
uznlMSbLCI4uN8eYr899iiUzMwueUcyXsZ24xlzXokTfpLYZWohwoJcN2qpHJltA
RgwOgeJMxD8H3RJo5uWsg7RZhvjqrdJNb3/ZFib0sDQzEtcK6TvPUXSWzYJR/vd2
T8sKuiiHPdF504ln86FiN8KtCYdhCPzNDXmRnF+dQUSG8QYBvbCCWw1VlazGQr57
bkgBLXgo9Qnn4qRWsBLsdEV1E/vJ6EVwxGu+Lbf9V4vxsQZmL72CMHFh5nOXbXOn
MFukM1pLvFY25O6ieGF27TwEqFPRKaAyOTf+Cx7wcQnDr0zBPnf3K+X8mgH45EZD
fVAELSE2QXN7AxpSGLUSq1ZkUsaFRdHrhqn0ZyEui9tk3Q+Xds31uIvPi1/wJtcv
spT+RCAgrYlOgSgKWom6L0NykPGpw/R80sYC6+meY2HSgegw10acnPQ3wUBmf2hh
wuNWEheUAKeIPlcx8TTnzS+rzF5Vcte3Itjr8L4F+EjOA9vn0uWDZxP3c65Z9Siz
iXKd1ZHkaaPgmrF9b6sN
=/Hz2
-----END PGP SIGNATURE-----


More information about the Trusty-changes mailing list