Bug#549295: marked as done (ferm: init script LSB header disagrees with postinst)

Mon, 15 Feb 2010 02:54:53 -0800 

Your message dated Mon, 15 Feb 2010 10:48:27 +0000
with message-id <[email protected]>
and subject line Bug#549295: fixed in ferm 2.0.7-1
has caused the Debian Bug report #549295,
regarding ferm: init script LSB header disagrees with postinst
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
549295: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549295
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ferm
Version: 2.0.6-1
Severity: normal
Tags: patch

Hi,

the LSB header in ferm's init script that ferm should be started in runlevels 
2,3 and 5:

        # Default-Start:     2 3 5

On the other hand, ferm's postinst script only adds it to runlevel S:

        update-rc.d ferm start 41 S . start 36 0 6 .

This is inconsistent, and may generate warnings with dependency based boot
on ferm upgrades.
In addition to thaa,t the late start in the init script is IMHO dangerous,
as it lets a (possibly short) time window open where ferm is not started yet,
while applications may already be up and running.
Hence I consider the postinst variant more secure and this more correct.

In addition, is it really necessary to stop ferm (= flush the firewall rules)
explicetly on shutdown/reboots ?

Please find the attached patch to solve both issues.
(Please note: the patch  does not deal with existing rc*d/ links on upgrades)

Thanks for ferm (in Debian & upstream)
Peter


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ferm depends on:
ii  debconf                       1.5.27     Debian configuration management sy
ii  iptables                      1.4.4-2    administration tools for packet fi
ii  lsb-base                      3.2-23     Linux Standard Base 3.2 init scrip
ii  perl                          5.10.0-25  Larry Wall's Practical Extraction 

Versions of packages ferm recommends:
ii  libnet-dns-perl               0.65-1     Perform DNS queries from a Perl sc

ferm suggests no packages.

-- debconf information:
* ferm/enable: true

--- debian/ferm.init
+++ debian/ferm.init
@@ -9,8 +9,8 @@
 # Provides:          ferm
 # Required-Start:    $network
 # Required-Stop:     $network
-# Default-Start:     2 3 5 
-# Default-Stop:             0 6 
+# Default-Start:     S
+# Default-Stop:           
 # Description: Starts ferm firewall configuration 
 # short-description: ferm firewall configuration
 ### END INIT INFO
--- debian/ferm.rules
+++ debian/ferm.rules
@@ -19,7 +19,7 @@
        dh_installdirs -i
        dh_installdocs
        dh_installchangelogs -i
-       dh_installinit -i --no-restart-on-upgrade -- start 41 S . start 36 0 6 .
+       dh_installinit -i --no-restart-on-upgrade -- start 41 S .
        dh_installdebconf
        dh_install -i
        dh_link -i

--- End Message ---
--- Begin Message --- 
Source: ferm
Source-Version: 2.0.7-1

We believe that the bug you reported is fixed in the latest version of
ferm, which is due to be installed in the Debian FTP archive:

ferm_2.0.7-1.diff.gz
  to main/f/ferm/ferm_2.0.7-1.diff.gz
ferm_2.0.7-1.dsc
  to main/f/ferm/ferm_2.0.7-1.dsc
ferm_2.0.7-1_all.deb
  to main/f/ferm/ferm_2.0.7-1_all.deb
ferm_2.0.7.orig.tar.gz
  to main/f/ferm/ferm_2.0.7.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexander Wirt <[email protected]> (supplier of updated ferm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 15 Feb 2010 10:36:59 +0100
Source: ferm
Binary: ferm
Architecture: source all
Version: 2.0.7-1
Distribution: unstable
Urgency: low
Maintainer: Alexander Wirt <[email protected]>
Changed-By: Alexander Wirt <[email protected]>
Description: 
 ferm       - maintain and setup complicated firewall rules
Closes: 543185 544535 548579 549295 553423 554516 563779
Changes: 
 ferm (2.0.7-1) unstable; urgency=low
 .
   * New upstream version
     - Fix post & flush hooks
       (Closes: #548579, #563779)
     - Fix negiotation for owner module
       (Closes: #553423)
     - Fix "intrapositioned negation is deprecated"
       (Closes: #544535)
   * Remove Max as maintainer. Thanks for your previous work Max!
   * Add russian debconf translation (Closes: #543185). Thanks Yuri Kozlov!
   * Add japanese debconf translation (Closes: #554516). Thanks Hideki Yamane!
   * Bump standards version (No changes)
   * Update initlevels (Closes: #549295)
Checksums-Sha1: 
 aa1b62c304e4cbc7fc697f2b60967eda70f86dbf 1293 ferm_2.0.7-1.dsc
 83e82acacffd7af8a6892a0998389c29129facb2 110733 ferm_2.0.7.orig.tar.gz
 5a9c980918c613cf764f3e78f088c0695743fe60 12651 ferm_2.0.7-1.diff.gz
 9658f5eff93cc821f93635d2d7506e742b788ca3 103404 ferm_2.0.7-1_all.deb
Checksums-Sha256: 
 80b3f4462101eca79d3c1d8f091a0ef6c679d74d4e26491d2b0689c39e4c484f 1293 
ferm_2.0.7-1.dsc
 29b7a16c4bd56b30c1772335c00f493df8cc2fc20708aba5183038c88bb9d738 110733 
ferm_2.0.7.orig.tar.gz
 10392e36894fad10d3864f219995635c8bda184421a27de8ecf8bcba291fd967 12651 
ferm_2.0.7-1.diff.gz
 c7b98ac12d7f7b059ff31a6b055842ca1ae5d4a68083f9c29de77171891b1455 103404 
ferm_2.0.7-1_all.deb
Files: 
 cfe44cdbc71a263b10c64c1b26d97fda 1293 net optional ferm_2.0.7-1.dsc
 3446f96a19c579cc628ac66dc7cd81ba 110733 net optional ferm_2.0.7.orig.tar.gz
 cca009d991c4be284422dacbddce1322 12651 net optional ferm_2.0.7-1.diff.gz
 bfe8a6961099258363fa447205814ffa 103404 net optional ferm_2.0.7-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJLeSTHAAoJEOuL0JI5t9GXxX4H/02N1UZVGGjM2ioXnt34075T
q50GRlJ5BL/0R996kdNjk1XRw4Fnl+GqtC5eO0ckXhWUa8curdUdcsrIKOoCks84
LtkBFZ+ha3PWOKZTk6vrJNWsa5bE4yk4SfUIEdPKA7EXEYNkPjADf4H+Ieyz8qY1
zI1eMN4/Vi09PiMk1tOhfKBsW1LHoRLDq4o6V0EVfa68NMjXbe/H/7jj8eauFHMx
s8uL9djPCLQkr38lS8liLv7/aCQCZlT13wL80TJigge1lBCdJAVisyEf9Hl5Pxww
+9If4X7eJXEma/0YtKgm8WUs7FPQKte6NV8ynDg7I8pbAb2yzrs86hE/M7ZKYOg=
=3u2y
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to