Your message dated Sun, 11 Nov 2007 21:25:46 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#442933: harden-servers: conflicts with portmap which is
recommended by many GNOME packages
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: harden-servers
Version: 0.1.31
Severity: wishlist
Hi!
I installed the harden-servers package on a workstation/desktop box
in order to make sure I do not install excessively insecure daemons
by mistake.
But unfortunately many GNOME packages (galeon, libgnomevfs2-0,
gnome-control-center, gnome-mount, yelp, ...) seem to recommend fam,
either directly or indirectly. On its turn, fam depends on portmap,
which harden-servers conflicts with.
The net result of all this is: I cannot install galeon or contacts
(or other GNOME packages), unless I do so with the --without-recommends
option of aptitude. See below for an example.
Why GNOME packages recommend services (fam) that depend on insecure
daemons (portmap)?
Cannot I have a secure box with some full-feature GNOME packages
installed?
Now the question is: what should I do?
Purge harden-servers and forget about it for any workstation/desktop
box (that is to say: only install it on machines that *only* run
servers)?
If this is the case, please clarify it in the package description...
What follows is a transcript of my attempt at installing galeon:
$ aptitude -s install galeon
Reading package lists...
Building dependency tree...
Reading state information...
Reading extended state information...
Initializing package states...
Reading task descriptions...
Building tag database...
The following packages are BROKEN:
harden-servers
The following NEW packages will be automatically installed:
alacarte avahi-daemon binfmt-support capplets-data cdrdao cli-common
cups-pdf cupsys cupsys-client cupsys-common dbus dbus-x11 deskbar-applet
desktop-base desktop-file-utils docbook-xml dvd+rw-tools esound-clients
esound-common evolution-data-server evolution-data-server-common fam
foomatic-db foomatic-db-engine foomatic-filters galeon-common gconf2
gconf2-common genisoimage gksu gnome-about gnome-applets
gnome-applets-data gnome-control-center gnome-desktop-data
gnome-doc-utils gnome-icon-theme gnome-keyring gnome-media
gnome-media-common gnome-menus gnome-mime-data gnome-mount
gnome-netstatus-applet gnome-panel gnome-panel-data gnome-session
gnome-system-monitor gnome-user-guide gnome-utils gs-esp
gstreamer0.10-alsa gstreamer0.10-plugins-base gstreamer0.10-plugins-good
gstreamer0.10-x hal hal-info imagemagick iso-codes libaa1 libao2 libapm1
libart-2.0-2 libart2.0-cil libasound2 libaudiofile0 libavahi-client3
libavahi-common-data libavahi-common3 libavahi-compat-libdnssd1
libavahi-core5 libavahi-glib1 libavc1394-0 libbeagle0 libbonobo2-0
libbonobo2-common libbonoboui2-0 libbonoboui2-common libcaca0
libcamel1.2-10 libcdio6 libcdparanoia0 libcpufreq0 libcucul0
libcupsimage2 libdaemon0 libdbus-1-3 libdbus-glib-1-2 libdv4
libebook1.2-9 libecal1.2-7 libedata-book1.2-2 libedata-cal1.2-6
libedataserver1.2-9 libedataserverui1.2-8 libeel2-2.18 libeel2-data
libegroupwise1.2-13 libenchant1c2a libesd0 libexif12 libfam0 libflac8
libgail-common libgail18 libgconf2-4 libgconf2.0-cil libgksu2-0
libglade2.0-cil libglib2.0-cil libgmime-2.0-2 libgmime2.2-cil
libgnome-desktop-2 libgnome-keyring0 libgnome-media0 libgnome-menu2
libgnome-vfs2.0-cil libgnome-window-settings1 libgnome2-0
libgnome2-common libgnome2.0-cil libgnomecanvas2-0 libgnomecanvas2-common
libgnomecups1.0-1 libgnomekbd-common libgnomekbd1 libgnomekbdui1
libgnomeprint2.2-0 libgnomeprint2.2-data libgnomeprintui2.2-0
libgnomeprintui2.2-common libgnomeui-0 libgnomeui-common libgnomevfs2-0
libgnomevfs2-common libgnomevfs2-extra libgstreamer-plugins-base0.10-0
libgstreamer0.10-0 libgtk2.0-cil libgtkhtml2.0-cil libgtkhtml3.8-15
libgtksourceview-common libgtksourceview1.0-0 libgtop2-7 libgtop2-common
libgucharmap6 libhal-storage1 libhal1 libhunspell-1.1-0 libidl0
libiec61883-0 libjasper1 liblcms1 libmagick9 libmetacity0
libmono-cairo1.0-cil libmono-corlib1.0-cil libmono-corlib2.0-cil
libmono-data-tds2.0-cil libmono-security2.0-cil libmono-sharpzip2.84-cil
libmono-system-data2.0-cil libmono-system-web2.0-cil
libmono-system1.0-cil libmono-system2.0-cil libmono0 libmono2.0-cil
libmozjs0d libnautilus-burn4 libnautilus-extension1
libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libnotify1 libnspr4-0d
libnss-mdns libnss3-0d libogg0 liboil0.3 liborbit2 libpanel-applet2-0
libpci2 libpoppler1 libraw1394-8 librsvg2.0-cil libscrollkeeper0 libsexy2
libshout3 libslab0 libslp1 libsmbclient libsmbios1 libsoup2.2-8 libspeex1
libstartup-notification0 libsysfs2 libtag1c2a libtheora0
libtotem-plparser1 libtrackerclient0 libvisual-0.4-0
libvisual-0.4-plugins libvorbis0a libvorbisenc2 libvorbisfile3
libwavpack1 libwnck-common libwnck18 libxklavier11 libxml2-utils libxres1
libxslt1.1 libxul-common libxul0d menu-xdg metacity metacity-common
mono-common mono-gac mono-jit mono-runtime nautilus nautilus-cd-burner
nautilus-data notification-daemon openssl oss-compat pciutils
poppler-utils portmap powermgmt-base python-beagle python-cairo
python-dbus python-fpconst python-glade2 python-gmenu python-gnome2
python-gnome2-desktop python-gobject python-gtk2 python-gtk2-doc
python-libxml2 python-numeric python-pyorbit python-soappy python-support
samba-common scrollkeeper sgml-data shared-mime-info smbclient ssl-cert
sudo tomboy wodim xsltproc yelp
The following NEW packages will be installed:
alacarte avahi-daemon binfmt-support capplets-data cdrdao cli-common
cups-pdf cupsys cupsys-client cupsys-common dbus dbus-x11 deskbar-applet
desktop-base desktop-file-utils docbook-xml dvd+rw-tools esound-clients
esound-common evolution-data-server evolution-data-server-common fam
foomatic-db foomatic-db-engine foomatic-filters galeon galeon-common
gconf2 gconf2-common genisoimage gksu gnome-about gnome-applets
gnome-applets-data gnome-control-center gnome-desktop-data
gnome-doc-utils gnome-icon-theme gnome-keyring gnome-media
gnome-media-common gnome-menus gnome-mime-data gnome-mount
gnome-netstatus-applet gnome-panel gnome-panel-data gnome-session
gnome-system-monitor gnome-user-guide gnome-utils gs-esp
gstreamer0.10-alsa gstreamer0.10-plugins-base gstreamer0.10-plugins-good
gstreamer0.10-x hal hal-info imagemagick iso-codes libaa1 libao2 libapm1
libart-2.0-2 libart2.0-cil libasound2 libaudiofile0 libavahi-client3
libavahi-common-data libavahi-common3 libavahi-compat-libdnssd1
libavahi-core5 libavahi-glib1 libavc1394-0 libbeagle0 libbonobo2-0
libbonobo2-common libbonoboui2-0 libbonoboui2-common libcaca0
libcamel1.2-10 libcdio6 libcdparanoia0 libcpufreq0 libcucul0
libcupsimage2 libdaemon0 libdbus-1-3 libdbus-glib-1-2 libdv4
libebook1.2-9 libecal1.2-7 libedata-book1.2-2 libedata-cal1.2-6
libedataserver1.2-9 libedataserverui1.2-8 libeel2-2.18 libeel2-data
libegroupwise1.2-13 libenchant1c2a libesd0 libexif12 libfam0 libflac8
libgail-common libgail18 libgconf2-4 libgconf2.0-cil libgksu2-0
libglade2.0-cil libglib2.0-cil libgmime-2.0-2 libgmime2.2-cil
libgnome-desktop-2 libgnome-keyring0 libgnome-media0 libgnome-menu2
libgnome-vfs2.0-cil libgnome-window-settings1 libgnome2-0
libgnome2-common libgnome2.0-cil libgnomecanvas2-0 libgnomecanvas2-common
libgnomecups1.0-1 libgnomekbd-common libgnomekbd1 libgnomekbdui1
libgnomeprint2.2-0 libgnomeprint2.2-data libgnomeprintui2.2-0
libgnomeprintui2.2-common libgnomeui-0 libgnomeui-common libgnomevfs2-0
libgnomevfs2-common libgnomevfs2-extra libgstreamer-plugins-base0.10-0
libgstreamer0.10-0 libgtk2.0-cil libgtkhtml2.0-cil libgtkhtml3.8-15
libgtksourceview-common libgtksourceview1.0-0 libgtop2-7 libgtop2-common
libgucharmap6 libhal-storage1 libhal1 libhunspell-1.1-0 libidl0
libiec61883-0 libjasper1 liblcms1 libmagick9 libmetacity0
libmono-cairo1.0-cil libmono-corlib1.0-cil libmono-corlib2.0-cil
libmono-data-tds2.0-cil libmono-security2.0-cil libmono-sharpzip2.84-cil
libmono-system-data2.0-cil libmono-system-web2.0-cil
libmono-system1.0-cil libmono-system2.0-cil libmono0 libmono2.0-cil
libmozjs0d libnautilus-burn4 libnautilus-extension1
libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libnotify1 libnspr4-0d
libnss-mdns libnss3-0d libogg0 liboil0.3 liborbit2 libpanel-applet2-0
libpci2 libpoppler1 libraw1394-8 librsvg2.0-cil libscrollkeeper0 libsexy2
libshout3 libslab0 libslp1 libsmbclient libsmbios1 libsoup2.2-8 libspeex1
libstartup-notification0 libsysfs2 libtag1c2a libtheora0
libtotem-plparser1 libtrackerclient0 libvisual-0.4-0
libvisual-0.4-plugins libvorbis0a libvorbisenc2 libvorbisfile3
libwavpack1 libwnck-common libwnck18 libxklavier11 libxml2-utils libxres1
libxslt1.1 libxul-common libxul0d menu-xdg metacity metacity-common
mono-common mono-gac mono-jit mono-runtime nautilus nautilus-cd-burner
nautilus-data notification-daemon openssl oss-compat pciutils
poppler-utils portmap powermgmt-base python-beagle python-cairo
python-dbus python-fpconst python-glade2 python-gmenu python-gnome2
python-gnome2-desktop python-gobject python-gtk2 python-gtk2-doc
python-libxml2 python-numeric python-pyorbit python-soappy python-support
samba-common scrollkeeper sgml-data shared-mime-info smbclient ssl-cert
sudo tomboy wodim xsltproc yelp
0 packages upgraded, 258 newly installed, 0 to remove and 0 not upgraded.
Need to get 139MB of archives. After unpacking 484MB will be used.
The following packages have unmet dependencies:
harden-servers: Conflicts: portmap but 6.0-4 is to be installed.
Resolving dependencies...
The following actions will resolve these dependencies:
Remove the following packages:
harden-servers
Score is 121
Accept this solution? [Y/n/q/?] q
Abandoning all efforts to resolve these dependencies.
Abort.
$ aptitude -s install --without-recommends galeon
Reading package lists...
Building dependency tree...
Reading state information...
Reading extended state information...
Initializing package states...
Reading task descriptions...
Building tag database...
The following NEW packages will be automatically installed:
dbus dbus-x11 esound-common galeon-common gconf2 gconf2-common
gnome-keyring gnome-mime-data libart-2.0-2 libaudiofile0 libavahi-client3
libavahi-common-data libavahi-common3 libavahi-glib1 libbonobo2-0
libbonobo2-common libbonoboui2-0 libbonoboui2-common libdbus-1-3
libdbus-glib-1-2 libesd0 libfam0 libgconf2-4 libgnome-desktop-2
libgnome-keyring0 libgnome2-0 libgnome2-common libgnomecanvas2-0
libgnomecanvas2-common libgnomeui-0 libgnomeui-common libgnomevfs2-0
libgnomevfs2-common libhal-storage1 libhal1 libidl0 libmozjs0d
libnspr4-0d libnss3-0d liborbit2 libstartup-notification0 libxul-common
libxul0d shared-mime-info
The following NEW packages will be installed:
dbus dbus-x11 esound-common galeon galeon-common gconf2 gconf2-common
gnome-keyring gnome-mime-data libart-2.0-2 libaudiofile0 libavahi-client3
libavahi-common-data libavahi-common3 libavahi-glib1 libbonobo2-0
libbonobo2-common libbonoboui2-0 libbonoboui2-common libdbus-1-3
libdbus-glib-1-2 libesd0 libfam0 libgconf2-4 libgnome-desktop-2
libgnome-keyring0 libgnome2-0 libgnome2-common libgnomecanvas2-0
libgnomecanvas2-common libgnomeui-0 libgnomeui-common libgnomevfs2-0
libgnomevfs2-common libhal-storage1 libhal1 libidl0 libmozjs0d
libnspr4-0d libnss3-0d liborbit2 libstartup-notification0 libxul-common
libxul0d shared-mime-info
The following packages are RECOMMENDED but will NOT be installed:
esound-clients fam gnome-control-center gnome-icon-theme gnome-mount
iso-codes libgnomevfs2-extra scrollkeeper yelp
0 packages upgraded, 45 newly installed, 0 to remove and 0 not upgraded.
Need to get 23.5MB of archives. After unpacking 82.9MB will be used.
Do you want to continue? [Y/n/?] Y
Would download/install/remove packages.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.21-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages harden-servers depends on:
ii debconf [debconf-2.0] 1.5.14 Debian configuration management sy
harden-servers recommends no packages.
-- debconf information:
harden-servers/vncserver:
harden-servers/inetd:
harden-servers/plaintext:
--- End Message ---
--- Begin Message ---
Thanks a lot. I'll close it now.
Best regards,
// Ola
On Sat, Nov 03, 2007 at 06:41:07PM +0100, Francesco Poli wrote:
> On Thu, 20 Sep 2007 21:24:19 +0200 Ola Lundqvist wrote:
>
> [...]
> > On Wed, Sep 19, 2007 at 11:31:04PM +0200, Francesco Poli wrote:
> > > On Wed, 19 Sep 2007 22:02:19 +0200 Ola Lundqvist wrote:
> > >
> > > [...]
> > > > > I'll try the --without-recommends way and see how it works.
> > > >
> > > > I hope it works well. When you find out I'm interested in knowing.
> > >
> > > Sure, let's keep the bug open, if it's OK for you, so that I
> > > (hopefully) don't forget to report back after some time of use.
>
> Galeon works fine without its recommends: I've been using it for quite
> some time now (even though I don't use this machine too often, yet...).
>
> For anyone interested out there, I installed it the following way:
>
> # aptitude install --without-recommends galeon
> # aptitude install gnome-icon-theme yelp
> # aptitude markauto gnome-icon-theme yelp
>
>
> I think this bug may be safely closed now.
> Thanks for the assistance, Ola!
>
>
>
> --
> http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html
> Need to read a Debian testing installation walk-through?
> ..................................................... Francesco Poli .
> GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
--
--------------------- Ola Lundqvist ---------------------------
/ [EMAIL PROTECTED] Annebergsslingan 37 \
| [EMAIL PROTECTED] 654 65 KARLSTAD |
| http://opalsys.net/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--- End Message ---
