Dear наб,

Thank you for reporting this problem. There is technically no problem with running LedgerSMB under root. Nor is there technically any reason to prohibit running the tests under root. However, running LedgerSMB (or any other server process) under root *is* a security risk.

As such, it's strongly recommended *not* to run LedgerSMB as root and *not* to run the test suite under root.

This is the error you're seeing.


I kindly disagree the package fails to build from source: it fails to run its tests under root, but if you run the tests under *any* other user, the tests will succeed. The failure to run under root also is not a technical one, but a deliberate choice or policy if you will.


Regards,

Erik.

On Thu, Sep 26, 2024 at 5:45 PM наб <nabijaczleweli@nabijaczleweli.xyz> wrote:
Source: ledgersmb
Version: 1.6.33+ds-2.2
Severity: serious
Tags: ftbfs
Justification: fails to build from source

Dear Maintainer,

During a ratt run for src:ossp-uuid I got
2024/09/26 17:23:23 Building package 71 of 123: ledgersmb
2024/09/26 17:26:55 building ledgersmb failed: exit status 2

Full log attached, but the interesting bit is
  make[1]: Leaving directory '/<<PKGBUILDDIR>>'
     dh_auto_test
          make -j24 test
  make[1]: Entering directory '/<<PKGBUILDDIR>>'
  make[1]: git: No such file or directory
  /bin/sh: 1: lsb_release: not found
  prove t/

  #   Failed test 'use LedgerSMB::PSGI;'
  #   at t/01-load.t line 231.
  #     Tried to use 'LedgerSMB::PSGI'.
  #     Error:  Running a Web Service as root is a security problem.
  # If you are starting LedgerSMB as a system service,
  # please make sure that you drop privileges as per README.md
  # and the example files in conf/.
  # The method of passing a --user argument to starman cannot
  # be used as starman drops privileges too late, starting us as root. at /<<PKGBUILDDIR>>/lib/LedgerSMB/PSGI.pm line 42.
  # Compilation failed in require at t/01-load.t line 231.
  # BEGIN failed--compilation aborted at t/01-load.t line 231.
  # Looks like you failed 1 test of 209.
  t/01-load.t .....................
  Dubious, test returned 1 (wstat 256, 0x100)
  Failed 1/209 subtests
          (less 5 skipped subtests: 203 okay)
  Name "Config::IniFiles::ledgersmb.conf" used only once: possible typo at /usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm line 60.
  t/02-number-handling.t .......... ok

Per my reading of the policy, each d/rules target may be run as root?

Best,

-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-12-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
_______________________________________________
devel mailing list -- devel@lists.ledgersmb.org
To unsubscribe send an email to devel-leave@lists.ledgersmb.org


--
Bye,

Erik.

http://efficito.com -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.