[#MDEV-25046] mariadb_repo_setup default 022 umask assumption is a problem on hardened 027 systems

[MDEV-25046] mariadb_repo_setup default 022 umask assumption is a problem on hardened 027 systems Created: 2021-03-03 Updated: 2021-03-29 Resolved: 2021-03-29
Status:	Closed
Project:	MariaDB Server
Component/s:	Scripts & Clients
Affects Version/s:	10.5
Fix Version/s:	N/A

Type:

Bug

Priority:

Major

Reporter:

Claudio Nanni

Assignee:

Daniel Bartholomew

Resolution:

Fixed

Votes:

Labels:

None

Description

A failure was seen in

mariadb_repo_setup

repository installation script on ubuntu.

The failure is related to the script not finding the MariaDB public key mariadb-keyring-2019.gpg

W: http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/mariadb-keyring-2019.gpg are ignored as the file is not readable by user '_apt' executing apt-key.

Apparently the default umask 0022 assumption by the script creates a problem on hardened systems with umask 0027.

ls -l /etc/apt/trusted.gpg.d/mariadb-keyring-2019.gpg  -rw-r----- 1 root root 43345 Mar  3 16:44 mariadb-keyring-2019.gpg

Comments

Comment by Daniel Bartholomew [ 2021-03-29 ]

Uploaded updated version of the script with a line to chmod the keyring to the correct permissions.

Comment by Daniel Bartholomew [ 2021-03-29 ]

sha256sum of the updated version is:

7a24f5580421fd353dc22c5439001bdaec86c54ed911c80e5482f62921125ac8  ./mariadb_repo_setup

Comment by Daniel Bartholomew [ 2021-03-29 ]

I believe this is now fixed. If not, please reopen with details to reproduce. Thanks.

Generated at Thu Feb 08 09:34:43 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-25046] mariadb_repo_setup default 022 umask assumption is a problem on hardened 027 systems Created: 2021-03-03 Updated: 2021-03-29 Resolved: 2021-03-29