Package: mini-httpd
Version: 1.30-7
Severity: normal
Dear Maintainer,
unfortunately, the current version mini-httpd 1.30-7 in unstable does
NOT fix the Bug#1057842.
The postinst script
<https://salsa.debian.org/debian/mini-httpd/-/blob/master/debian/mini-httpd.postinst?ref_type=heads>
still creates an unwanted default page. It is no longer named
index.mini-httpd.html, but instead index.html. This makes things worse
with the new version of the 0003-fix-change-index-document-root patch
<https://salsa.debian.org/debian/mini-httpd/-/blob/master/debian/patches/0003-fix-change-index-document-root?ref_type=heads>.
index.mini-httpd.html would have lower priority than any other default
page, but index.html has highest priority.
Here is how I tested:
Installed Debian stable (12.4) via netinstall ISO in a VirtualBox VM.
Installed stable version of mini-httpd: apt-get install mini-httpd
Changed cgipat to **.cgi in /etc/mini-httpd.conf and restarted mini-httpd
Tested basic function of mini-httpd: wget -q -O /dev/stdout
http://localhost/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html; " />
<title>Welcome page</title>
</head>
<body>
It works!
</body>
</html>
This is the default page of the mini-httpd package.
Created an executable /var/www/html/index.cgi:
#!/bin/bash
echo -en "Content-Type: text/plain\r\n\r\n"
echo "*** HELLO FROM CGI ***"
Testing that index.cgi works: wget -q -O /dev/stdout
http://localhost/index.cgi
*** HELLO FROM CGI ***
Switched to index.cgi as default page: rm
/var/www/html/index.mini-httpd.html
Testing index.cgi as default page: wget -q -O /dev/stdout http://localhost/
*** HELLO FROM CGI ***
Changed to sid by editing /etc/apt/sources.list as documented in
<https://wiki.debian.org/DebianUnstable>, this will update mini-http to
the unstable version.
echo deb http://deb.debian.org/debian/ unstable main > /etc/apt/sources.list
echo deb-src http://deb.debian.org/debian/ unstable main >>
/etc/apt/sources.list
apt update
apt full-upgrade
reboot
Testing default page again: wget -q -O /dev/stdout http://localhost/
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Welcome page</title>
</head>
<body>
It works!
</body>
</html>
Unfortunately, that is the package default page again, not my index.cgi.
Looking at the html directory: ls -alF /var/www/html/
total 16
drwxr-xr-x 2 root root 4096 Jan 28 12:19 ./
drwxr-xr-x 3 root root 4096 Jan 28 11:41 ../
-rwxr-xr-x 1 root root 86 Jan 28 11:55 index.cgi*
-rw-r--r-- 1 root root 312 Jan 28 12:19 index.html
Look at the time of index.html: It was created AFTER my index.cgi, by
the postinst script. The postinst script had found a readable
/usr/share/doc/mini-httpd/examples/index.html but no readable
/var/www/html/index.html, and so it copied the former to the latter and
broke my (simulated) webpage again.
Checking for and copying to /var/www/html/index.mini-httpd.html would
have prevented that.
As before, the real problem is that the postinst script re-creates an
index file in the document directory during the update of the package.
It is ok to do so during installation of the package, but not during the
update.
Looking at the apache2 package may help:
<https://salsa.debian.org/apache-team/apache2/-/blob/master/debian/apache2.postinst?ref_type=heads>
It has a function to detect a fresh installation:
is_fresh_install()
{
if [ -z "$2" ] ; then
return 0
fi
return 1
}
And that function is called before copying default pages to the web
server directory. The function for copying files is even smart enough to
test for existing default pages in the webserver and preventy copying if
any default page exists, even for a fresh install of the apache2 package.
install_default_files()
{
if is_fresh_install $@ ; then
local do_copy=true
local dir ext
for dir in /var/www /var/www/html ; do
for ext in html cgi pl php xhtml htm ; do
if [ -e $dir/index.$ext ] ; then
do_copy=false
break 2
fi
done
if [ -h $dir/index.html ] ; then
do_copy=false
break
fi
done
if $do_copy ; then
cp /usr/share/apache2/default-site/index.html
/var/www/html/index.html
fi
else
# ... omitted, just an unrelated bugfix ...
fi
}
The install_default_files() function is called with all arguments passed
to the postinst script:
case "$1" in
configure)
enable_default_mpm $@
install_default_files $@
enable_default_modules $@
enable_default_conf $@
install_default_site $@
execute_deferred_actions
;;
# ... omitted ...
esac
I did not research how apt calls the postinst script, but to me, it is
clear what needs to be checked in the postinst script. Just follow the
code in the apache2 package:
#!/bin/sh
set -e
if [ "$1" = configure ] ; then
if [ -z "$2" ] ; then # fresh install, not updating
# avoid clobbering existing default page
local do_copy = true
# note: file name list must match index_names[] in compiled
mini_httpd.c, order is not important
for file in index.html index.htm index.xhtml index.xht
Default.htm index.cgi index.php index.mini-httpd.html ; do
if [ -e "/var/www/html/$file" ] ; then
do_copy = false
break
fi
done
if $do_copy ; then
# copy default page, if available
if [ -r /usr/share/doc/mini-httpd/examples/index.html ]; then
mkdir -p /var/www/html
cp /usr/share/doc/mini-httpd/examples/index.html
/var/www/html/index.html
fi
fi
fi
fi
#DEBHELPER#
Best regards
Alexander Foken
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.13-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mini-httpd depends on:
ii init-system-helpers 1.66
ii libc6 2.37-14
ii libcrypt1 1:4.4.36-4
ii libssl3 3.1.4-2
Versions of packages mini-httpd recommends:
ii apache2-utils 2.4.58-1+b1
mini-httpd suggests no packages.
-- Configuration Files:
/etc/mini-httpd.conf changed:
host=localhost
port=80
user=nobody
nochroot # no
data_dir=/var/www/html
cgipat=**.cgi
logfile=/var/log/mini_httpd.log
pidfile=/var/run/mini_httpd.pid
charset=iso-8859-1
-- no debconf information
