Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25046

mariadb_repo_setup default 022 umask assumption is a problem on hardened 027 systems

    XMLWordPrintable

    Details

      Description

      A failure was seen in

      mariadb_repo_setup
      

      repository installation script on ubuntu.

      The failure is related to the script not finding the MariaDB public key mariadb-keyring-2019.gpg

      W: http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/mariadb-keyring-2019.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
      

      Apparently the default umask 0022 assumption by the script creates a problem on hardened systems with umask 0027.

      ls -l /etc/apt/trusted.gpg.d/mariadb-keyring-2019.gpg  -rw-r----- 1 root root 43345 Mar  3 16:44 mariadb-keyring-2019.gpg
      

        Attachments

          Activity

            People

            Assignee:
            dbart Daniel Bartholomew
            Reporter:
            claudio.nanni Claudio Nanni (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration