On Tue, Feb 25, 2020 at 09:09:24AM -0800, Steve Langasek wrote:
> Thanks, it's easy enough to back out later (as long as someone actually
> raises a flag when things break!), so I'm ok with that.
bacula's various postinsts (at least bacula-sd.postinst) fail with
fs.protected_regular=2. This breaks at package install time, which is
perhaps marginally worse than runtime. The fix is trivial though, and
I'll be landing it soon.
A rerun of the bacula autopkgtests following the fs.protected_regular
change would have detected this case.
I'm not sure we have enough data yet to make a final decision on
fs.protected_regular=2 for Focal, but this is another data point.
I'm not sure if it would be useful or not to rerun autopkgtests for the
entire archive. There would certainly be a large amount of noise. It
might be the case that maintainer scripts are more prone to this kind of
thing because of their heavy use of shell and commonly mktemp. A survey
of package maintainer scripts that use both mktemp and chown might be
another analysis method. But of course they might source files from
elsewhere, which would be non-trivial to follow.
Here are details of the bacula case:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953030
https://code.launchpad.net/~racb/ubuntu/+source/bacula/+git/bacula/+merge/380163
