-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xrdp socketdir packaging cleanup #3066
Comments
Thanks for bringing our attention to it @rowlap I think @bsmojver and @metalefty will be interested in this discussion. Here are some thoughts:-
The last point above suggests to me that this particular issue is best handled by a note in a README file. I'm not a user or a packager though, so thoughts are appreciated. Whatever we decide, the information provided with the xrdp release may need to be updated, before the official v0.10 lands. |
Thanks @matt335672; I'm sure there are aspects to handling upgrades which I've overlooked. It's hard to say what level of compatibility the packager should support in terms of going between version X and Y. I hope we can agree at least that when xrdp is completely uninstalled, It's getting into the weeds (and beyond my knowledge) if we consider |
We're in agreement regarding complete uninstallation. From what I remember of scriptlets in RPM, removing the directory for a complete uninstall is easy, as the scriptlet is passed a parameter which lets it determine how many versions of the package are left when the transaction completes. The other bit is more tricky. Again this is from memory, so could be wrong. I don't think the scriptlets have knowledge of the other package version for upgrade or downgrades, so you'd need to set the permissions correctly in a |
Also, focussing on an EPEL-only solution is probably not a great idea - other distros may need to consider this too. |
I can put something into the RPM spec in Fedora/EPEL, but 0.10 was not released there yet. That because it's beta (I did some copr builds only), so if an upstream solution is on the horizon, that is definitely better. |
@bsmojver can this be addressed by having socketdir owned by the package, rather than created on-demand by xrdp? If so, can the package specify different permissions for 0.9 vs 0.10 to handle the announced changes? Not sure an RPM scriptlet is the right approach here, as the package filenames / filemodes can handle ownership (I think). |
v0.10 is imminent. I think the simplest solution in this case (which will be in the NEWS.md for the new release) is to use When we get the next major release of xrdp out, we could remove the setting entirely and go for the default. That might inconvenience people upgrading two major versions but that's probably ignoreable. |
Crossing messages! That's a good idea @rowlap. The code in v0.10 enforces permissions but I don't think v0.9.x is quite so paranoid. |
We should probably do it with: https://docs.fedoraproject.org/en-US/packaging-guidelines/Tmpfiles.d/ |
@bsmojver tmpfiles.d looks like the right choice for managing directories under This is extra work, but is there scope for two versions of I think this would be needed for transactional downgrade, otherwise we won't manage the permission change correctly. An easy workaround is non-transactional downgrade (i.e. complete removal and reinstallation), so long as no |
The builds are in testing, give them a try and see what gives. As it stands, new version whacks the directory on uninstall. |
I'm using xrdp from the Fedora package, but in xrdp 0.10 there's a problem where the socketdir,
/run/xrdp
, is created at runtime and not known to the RPM package.When switching between different versions of xrdp, this causes a problem where the change in permission scheme from
1777/drwxrwxrwt
to0755/drwxr-xr-x
causes problems on downgrade, as socketdir is no longer world-writable.Possible solutions include "owning"
/run/xrdp
directly from the RPM, including permission mode, or declaring a%ghost
file entry for it. A workaround is to manually remove/run/xrdp
after package uninstallation, which causes the next xrdp package to create it afresh with appropriate permissions.This may be a "not our bug", if packaging and upgrade / downgrade concerns are out of scope for xrdp itself, but I thought it worth raising if the developers had any insight or opinions on the best way to handle downgrades.
I took the liberty of raising a Fedora bug for this, but I'm less familiar with other distros and packaging policies.
The text was updated successfully, but these errors were encountered: