[ubuntu/trusty-proposed] pollen 3.10-0ubuntu1 (Accepted)
Dustin Kirkland
kirkland at ubuntu.com
Thu Jan 16 17:41:14 UTC 2014
pollen (3.10-0ubuntu1) trusty; urgency=low
* debian/pollinate.cron.d, debian/pollinate.postinst, pollinate:
- have each client choose a random time of day to reseed,
at first run, rather than at package installation time
- this requires a very clever hack(!)
- install a "template" at /etc/cron.d/pollinate, with __MINUTE__
and __HOUR__ symbols that should be replaced by the client,
at first run
- cron requires that /etc/cron.d/pollinate be owned by root
- ideally we'd run the pollinate script as a non-root user (ie, daemon),
by specifying the daemon user in upstart and in the cronjob
- but daemon can't write to /etc/cron.d/pollinate, if it's owned by root
- so here's the hack...
+ the upstart job installed by the package has "setuid root"
+ on its first run (which will be either at package install time, or
at boot), it will run as root and: a) update the cronjob to a random
time, and b) update the upstart job to run as daemon
+ woot
+ this works because both are conffiles
* debian/pollen.postinst, debian/pollinate.postinst,
debian/pollinate.postrm, pollinate:
- use /var/cache/pollinate, rather than /var/lib/pollinate
- this should make it more obvious that this data can be cleared out,
and should be cleared out, on re-bundles or snapshots and reimages
* debian/control, Makefile:
- switch from golang-go to gcc-go, so that we can get this source
package into Ubuntu main
* pollinate, pollinate.1:
- separate the pool and the server variables
* debian/control:
- no need to depend on bsdutils, it's essential
- pollen depends on adduser
* usr.bin.pollen:
- update apparmor profile to allow reading of /usr/bin/pollen
- oddly, this was introduced when switching compilers
* debian/copyright:
- lintian/dep5 cleanup
Date: Thu, 16 Jan 2014 08:01:31 -0600
Changed-By: Dustin Kirkland <kirkland at ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/pollen/3.10-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 16 Jan 2014 08:01:31 -0600
Source: pollen
Binary: pollen pollinate
Architecture: source
Version: 3.10-0ubuntu1
Distribution: trusty
Urgency: low
Maintainer: Dustin Kirkland <kirkland at ubuntu.com>
Changed-By: Dustin Kirkland <kirkland at ubuntu.com>
Description:
pollen - Entropy-as-a-Service web server
pollinate - Entropy-as-a-Service client
Changes:
pollen (3.10-0ubuntu1) trusty; urgency=low
.
* debian/pollinate.cron.d, debian/pollinate.postinst, pollinate:
- have each client choose a random time of day to reseed,
at first run, rather than at package installation time
- this requires a very clever hack(!)
- install a "template" at /etc/cron.d/pollinate, with __MINUTE__
and __HOUR__ symbols that should be replaced by the client,
at first run
- cron requires that /etc/cron.d/pollinate be owned by root
- ideally we'd run the pollinate script as a non-root user (ie, daemon),
by specifying the daemon user in upstart and in the cronjob
- but daemon can't write to /etc/cron.d/pollinate, if it's owned by root
- so here's the hack...
+ the upstart job installed by the package has "setuid root"
+ on its first run (which will be either at package install time, or
at boot), it will run as root and: a) update the cronjob to a random
time, and b) update the upstart job to run as daemon
+ woot
+ this works because both are conffiles
* debian/pollen.postinst, debian/pollinate.postinst,
debian/pollinate.postrm, pollinate:
- use /var/cache/pollinate, rather than /var/lib/pollinate
- this should make it more obvious that this data can be cleared out,
and should be cleared out, on re-bundles or snapshots and reimages
* debian/control, Makefile:
- switch from golang-go to gcc-go, so that we can get this source
package into Ubuntu main
* pollinate, pollinate.1:
- separate the pool and the server variables
* debian/control:
- no need to depend on bsdutils, it's essential
- pollen depends on adduser
* usr.bin.pollen:
- update apparmor profile to allow reading of /usr/bin/pollen
- oddly, this was introduced when switching compilers
* debian/copyright:
- lintian/dep5 cleanup
Checksums-Sha1:
e520f594cd7aff5c3b852a8fc15357a4842fe66b 1837 pollen_3.10-0ubuntu1.dsc
e742a6c84a4de022082a0aa9f7510a2753f7041e 126457 pollen_3.10.orig.tar.gz
19f1f8dd71a5a7e5232059ed8dfd30f2e1030c9e 10639 pollen_3.10-0ubuntu1.debian.tar.gz
Checksums-Sha256:
c3e09997fff91022577d42edf185fd3fb03b973b144795e7f2461ced221a74d7 1837 pollen_3.10-0ubuntu1.dsc
c435e76a2964f422352d107f09a85e1f2c2c2b60ab8a6ffe932fbad29c9b4b80 126457 pollen_3.10.orig.tar.gz
c4684aed8425963e09cd8a623aee79f6e6157af55cb93b3a091a5745ab4f9046 10639 pollen_3.10-0ubuntu1.debian.tar.gz
Files:
e59ee6b282b144a46af2006c1d2d7ea7 1837 admin optional pollen_3.10-0ubuntu1.dsc
47ec25673ab8a407a705f999af95db1d 126457 admin optional pollen_3.10.orig.tar.gz
8b382f79ad934ffcdbd173c8080eabc6 10639 admin optional pollen_3.10-0ubuntu1.debian.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBCgAGBQJS2Bk5AAoJEJXmQ3PxUpRpFeUQAJ6wdnQybjhDls3uUgvmVAdX
+aqQGJFTnHTVahG2WMPQlSPmPfmbmPFga/r+gtFxuvuis4EBrwSTUkGsz9ZE/NdP
yJU97qBWeHB2WP48EgkqM3AmPRJUJ64QA4eqzaw3T1Hl/N0MnjKpHJR2VEvoI/HT
uznlMSbLCI4uN8eYr899iiUzMwueUcyXsZ24xlzXokTfpLYZWohwoJcN2qpHJltA
RgwOgeJMxD8H3RJo5uWsg7RZhvjqrdJNb3/ZFib0sDQzEtcK6TvPUXSWzYJR/vd2
T8sKuiiHPdF504ln86FiN8KtCYdhCPzNDXmRnF+dQUSG8QYBvbCCWw1VlazGQr57
bkgBLXgo9Qnn4qRWsBLsdEV1E/vJ6EVwxGu+Lbf9V4vxsQZmL72CMHFh5nOXbXOn
MFukM1pLvFY25O6ieGF27TwEqFPRKaAyOTf+Cx7wcQnDr0zBPnf3K+X8mgH45EZD
fVAELSE2QXN7AxpSGLUSq1ZkUsaFRdHrhqn0ZyEui9tk3Q+Xds31uIvPi1/wJtcv
spT+RCAgrYlOgSgKWom6L0NykPGpw/R80sYC6+meY2HSgegw10acnPQ3wUBmf2hh
wuNWEheUAKeIPlcx8TTnzS+rzF5Vcte3Itjr8L4F+EjOA9vn0uWDZxP3c65Z9Siz
iXKd1ZHkaaPgmrF9b6sN
=/Hz2
-----END PGP SIGNATURE-----
More information about the Trusty-changes
mailing list