Philipp Kern <pk...@debian.org> writes:

> On 12/20/2016 09:26 PM, Geert Stappers wrote:
>> On Mon, Dec 19, 2016 at 10:00:57PM +0100, Geert Stappers wrote:
>>> This ticket is to discuss a "shebang" for preseed files,
>>> to have an interpreter directive.
>> Goal is having a "header" which make it possible
>> to check that actual a preseed file is being downloaded.
>> 
>> https://www.debian.org/releases/stable/example-preseed.txt shows clearly
>> that a preseed file can start with a comment.
>> 
>> What are the opinions about a two step approach like
>> 
>> Step 1:
>> -------
>> Document all "stretch" preseed files begining with '#!preseedV1'
>> 
>> 
>> Step 2:
>> -------
>> In "stretch+1", a.k.a. "buster", implement code that checks '#!preseedV1'
>> and informs user when not found.
>
> How would this change the outcome of the bug you encountered? If I
> understand you correctly it told you that the file was corrupt. Your
> proposal would just re-enforce that notion, at the expense of everyone
> needing to change their files? :)

This seems only to be an issue when using PXE booting, and is likely to
be particularly problematic when one does not have full control of the
DHCP server, or where it cannot be persuaded to offer different files to
different DHCP clients.

The problem is then that a non-preseed file may be offered in a way that
tricks d-i into trying to load it, at which point it will throw an
error.

So, how about this:

  We have a debconf value to select the severity of the error when
  failing to recognise the format of a preseed file.

  Normally, that should default to "error", as is now the case.

  For DHCP preseeding, the default should be changed to something less
  severe ("warn" or "ignore").

  We could then have something as a header, as you suggest, which could
  be used to decide to set the severity back to "error" if it is seen in
  a DHCP preseed file.

That way, all non-DHCP preseeding could continue just as it is now.

If one wants corrupt preseed files to throw an error, even when DHCP-ed,
then adding the header will achieve that (except when the header is
corrupted).

If one gets given the wrong sort of file via DHCP then it'll get
ignored or throw a warning.

We could at some point add another value for the severity setting, of
"magicrequired" that would implement the behaviour that Geert seems to
be advocating:
  throwing an error if file is seen that lacks magic.

(that could perhaps become the default for DHCP preseeding, but
 otherwise I doubt it's useful enough to render all existing preseed
 files broken.)

Cheers, Phil.

P.S. I don't think that using #! as part of the magic string is a great
idea -- it will make people incorrectly assume that there is an
interpreter being invoked somewhere.

P.P.S.  If we're considering putting magic comments into preseed files,
I would suggest that we also have a comment at the end, so that we can
check for the case of a truncated preseed file.  I suspect that such
errors never really happen though, so are probably not worth checking
for, in which case the only change needed is to make this not be an
error when the preseed URL arrived via DHCP.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/    http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY

Attachment: signature.asc
Description: PGP signature

Reply via email to